| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: rvzr-a.akamaihd.net und get-new-java.com entferenenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.11.2013, 20:50
| #1 |
 |  rvzr-a.akamaihd.net und get-new-java.com entferenen Hallo liebes Trojaner-Board, ich habe mir offensichtlich irgendwas eingefangen, dass immer wieder Seiten mit den Adressen rvzr-a.akamaihd.net und get-new-java.com aufmacht und auch ansonsten mit Werbung nervt und mich auf Webseiten umleitet, die AVAST dann als schädlich einstuft. Ein kompletter AVAST-Festplattenscan hat nix gefunden. Bitte helft mir, dass wieder loszuwerden. Vielen Dank schonmal im vorraus. FRST und Malwarebytes Anti-Malware habe ich schon mal laufen lassen: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by ADMIN (administrator) on ACE on 12-11-2013 20:09:02
Running from C:\Users\*******\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(PortableApps.com) E:\Portable\KeePassPortable\KeePassPortable.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Dominik Reichl) E:\Portable\KeePassPortable\App\keepass\keepass.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Messaging) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Farbar) C:\Users\*******\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe [223264 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775072 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [979344 2010-04-10] (The Eraser Project)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-10-29] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-10-29] (Iminent)
HKU\Admin\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager \ConnMgrLauncher.exe Silent
HKU\Admin\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager \ConnMgrLauncher.exe Silent
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager \ConnMgrLauncher.exe Silent
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\****\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager \ConnMgrLauncher.exe Silent
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: Plus-HD-3.8 - {11111111-1111-1111-1111-110311901130} - C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho64.dll (Plus HD)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Plus-HD-3.8 - {11111111-1111-1111-1111-110311901130} - C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho.dll (Plus HD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: WinSecurity - {f42e9111-a9a5-4482-ad2e-1ef9da85b0bf} - C:\Program Files (x86)\WinSecurity\winsecurity.dll (WinSecurity)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.109.121.1 62.109.121.2
FireFox:
========
FF ProfilePath: C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\Extensions\staged
FF Extension: webbooster - C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\Extensions\webbooster@iminent.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{ee8cd9f6-dae3-4889-816b-99fe80dae284}] - C:\Program Files (x86)\WinSecurity\winsecurity.xpi
FF Extension: No Name - C:\Program Files (x86)\WinSecurity\winsecurity.xpi
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [3082640 2012-09-19] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [352256 2008-06-06] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [409600 2008-07-14] ()
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-04-23] (Acer Incorporated)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2886464 2013-10-29] (Iminent)
==================== Drivers (Whitelisted) ====================
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [23208 2011-05-19] (Emsi Software GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [14720 2010-05-05] (Emsi Software GmbH)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [245248 2010-01-26] (Huawei Technologies Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\FRST
2013-11-12 20:05 - 2013-11-12 20:04 - 01957590 _____ (Farbar) C:\Users\*******\Desktop\FRST64(1).exe
2013-11-10 11:12 - 2013-11-10 11:12 - 00000000 ____D C:\Users\ADMIN.Ace\AppData\Roaming\Windows Net Data
2013-11-10 11:08 - 2013-11-12 19:54 - 00001830 _____ C:\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job
2013-11-10 11:08 - 2013-11-12 19:54 - 00001296 _____ C:\Windows\Tasks\Plus-HD-3.8-updater.job
2013-11-10 11:08 - 2013-11-12 19:54 - 00001198 _____ C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job
2013-11-10 11:08 - 2013-11-12 19:54 - 00001098 _____ C:\Windows\Tasks\Plus-HD-3.8-enabler.job
2013-11-10 11:08 - 2013-11-10 11:08 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-3.8-updater
2013-11-10 11:08 - 2013-11-10 11:08 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-3.8-codedownloader
2013-11-10 11:08 - 2013-11-10 11:08 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-3.8-enabler
2013-11-10 11:08 - 2013-11-10 11:08 - 00000000 ____D C:\Program Files (x86)\Plus-HD-3.8
2013-11-10 10:50 - 2013-11-10 10:50 - 00000635 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-10 10:50 - 2013-11-10 10:50 - 00000000 ____D C:\Users\*******\AppData\Roaming\Iminent
2013-11-10 10:50 - 2013-11-10 10:50 - 00000000 ____D C:\ProgramData\Iminent
2013-11-10 10:50 - 2013-11-10 10:50 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 ____D C:\Program Files (x86)\WinSecurity
2013-11-10 10:43 - 2013-11-10 10:43 - 00000009 _____ C:\END
2013-11-10 10:22 - 2013-11-10 10:22 - 00000000 ____D C:\Users\*******\AppData\Roaming\Mobile Atlas Creator
2013-11-02 16:11 - 2013-11-10 10:43 - 00000000 ____D C:\Users\*******\AppData\Local\DownloadGuide
2013-11-01 22:11 - 2013-11-01 22:11 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-30 22:24 - 2013-10-30 22:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\FRST
2013-11-12 20:04 - 2013-11-12 20:05 - 01957590 _____ (Farbar) C:\Users\*******\Desktop\FRST64(1).exe
2013-11-12 20:04 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 20:04 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 20:02 - 2011-01-24 21:26 - 01673346 _____ C:\Windows\WindowsUpdate.log
2013-11-12 20:01 - 2012-09-21 08:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 19:59 - 2010-07-22 22:34 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-11-12 19:59 - 2010-07-22 22:34 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-11-12 19:59 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-12 19:56 - 2010-10-16 12:59 - 00000000 ____D C:\Users\ADMIN.Ace
2013-11-12 19:54 - 2013-11-10 11:08 - 00001830 _____ C:\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job
2013-11-12 19:54 - 2013-11-10 11:08 - 00001296 _____ C:\Windows\Tasks\Plus-HD-3.8-updater.job
2013-11-12 19:54 - 2013-11-10 11:08 - 00001198 _____ C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job
2013-11-12 19:54 - 2013-11-10 11:08 - 00001098 _____ C:\Windows\Tasks\Plus-HD-3.8-enabler.job
2013-11-12 19:54 - 2012-09-21 08:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 19:53 - 2013-01-06 00:37 - 00014542 _____ C:\Windows\PFRO.log
2013-11-12 19:53 - 2012-12-29 15:23 - 00015101 _____ C:\Windows\setupact.log
2013-11-12 19:53 - 2012-09-16 20:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-12 19:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 19:50 - 2012-09-23 17:09 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-12 19:46 - 2012-09-16 19:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 11:12 - 2013-11-10 11:12 - 00000000 ____D C:\Users\ADMIN.Ace\AppData\Roaming\Windows Net Data
2013-11-10 11:08 - 2013-11-10 11:08 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-3.8-updater
2013-11-10 11:08 - 2013-11-10 11:08 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-3.8-codedownloader
2013-11-10 11:08 - 2013-11-10 11:08 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-3.8-enabler
2013-11-10 11:08 - 2013-11-10 11:08 - 00000000 ____D C:\Program Files (x86)\Plus-HD-3.8
2013-11-10 10:50 - 2013-11-10 10:50 - 00000635 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-10 10:50 - 2013-11-10 10:50 - 00000000 ____D C:\Users\*******\AppData\Roaming\Iminent
2013-11-10 10:50 - 2013-11-10 10:50 - 00000000 ____D C:\ProgramData\Iminent
2013-11-10 10:50 - 2013-11-10 10:50 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 ____D C:\Program Files (x86)\WinSecurity
2013-11-10 10:43 - 2013-11-10 10:43 - 00000009 _____ C:\END
2013-11-10 10:43 - 2013-11-02 16:11 - 00000000 ____D C:\Users\*******\AppData\Local\DownloadGuide
2013-11-10 10:22 - 2013-11-10 10:22 - 00000000 ____D C:\Users\*******\AppData\Roaming\Mobile Atlas Creator
2013-11-02 16:51 - 2010-10-16 19:24 - 00000000 ____D C:\Users\****\AppData\Roaming\Macromedia
2013-11-01 22:11 - 2013-11-01 22:11 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-01 22:11 - 2013-03-09 13:20 - 00000000 ____D C:\Users\ADMIN.Ace\AppData\Roaming\DVDVideoSoft
2013-10-30 22:24 - 2013-10-30 22:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 21:08 - 2012-12-31 12:58 - 00000000 ____D C:\Users\*******\AppData\Roaming\vlc
2013-10-18 14:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-15 19:56 - 2011-04-17 12:54 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-15 19:56 - 2010-10-15 20:34 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 11:16 - 2012-08-23 18:21 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-03 19:49
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by ADMIN at 2013-11-12 20:09:41
Running from C:\Users\*******\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acer 3G Connection Manager (x32 Version: 2.00.3002)
Acer Arcade Deluxe (x32 Version: 4.0.7615)
Acer Arcade Movie (x32 Version: 9.0.6423)
Acer Backup Manager (x32 Version: 2.0.0.60)
Acer Crystal Eye Webcam (x32 Version: 5.2.11.2)
Acer eRecovery Management (x32 Version: 4.05.3011)
Acer GameZone Console (x32 Version: 6.1.0.2)
Acer PowerSmart Manager (x32 Version: 5.02.3003)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0119.2010)
Acer Updater (x32 Version: 1.02.3001)
Acer VCM (x32 Version: 4.05.3002)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001)
Amazon MP3-Downloader 1.0.9 (x32)
Amazonia (x32)
AMD APP SDK Runtime (Version: 2.4.595.1)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.23)
ATI Catalyst Install Manager (Version: 3.0.820.0)
Audiograbber 1.83 SE (x32 Version: 1.83 SE)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
AVerMedia A850 USB DVBT 1.0.64.18 (x32 Version: 1.0.64.18)
AVerTV (x32 Version: 6.0.12)
Backup Manager Basic (x32 Version: 2.0.0.60)
Bonjour (Version: 3.0.0.10)
Cake Mania (x32)
Canon MP Navigator EX 3.0 (x32)
Canon MP550 series Benutzerregistrierung (x32)
Canon MP550 series MP Drivers
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities My Printer (x32)
Canon Utilities Solution Menu (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.0613.2238.38801)
Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561)
Catalyst Control Center InstallProxy (x32 Version: 2011.0613.2238.38801)
Catalyst Control Center Localization All (x32 Version: 2011.0613.2238.38801)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0613.2238.38801)
CCC Help Chinese Standard (x32 Version: 2011.0613.2237.38801)
CCC Help Chinese Traditional (x32 Version: 2011.0613.2237.38801)
CCC Help Czech (x32 Version: 2011.0613.2237.38801)
CCC Help Danish (x32 Version: 2011.0613.2237.38801)
CCC Help Dutch (x32 Version: 2011.0613.2237.38801)
CCC Help English (x32 Version: 2011.0613.2237.38801)
CCC Help Finnish (x32 Version: 2011.0613.2237.38801)
CCC Help French (x32 Version: 2011.0613.2237.38801)
CCC Help German (x32 Version: 2011.0613.2237.38801)
CCC Help Greek (x32 Version: 2011.0613.2237.38801)
CCC Help Hungarian (x32 Version: 2011.0613.2237.38801)
CCC Help Italian (x32 Version: 2011.0613.2237.38801)
CCC Help Japanese (x32 Version: 2011.0613.2237.38801)
CCC Help Korean (x32 Version: 2011.0613.2237.38801)
CCC Help Norwegian (x32 Version: 2011.0613.2237.38801)
CCC Help Polish (x32 Version: 2011.0613.2237.38801)
CCC Help Portuguese (x32 Version: 2011.0613.2237.38801)
CCC Help Russian (x32 Version: 2011.0613.2237.38801)
CCC Help Spanish (x32 Version: 2011.0613.2237.38801)
CCC Help Swedish (x32 Version: 2011.0613.2237.38801)
CCC Help Thai (x32 Version: 2011.0613.2237.38801)
CCC Help Turkish (x32 Version: 2011.0613.2237.38801)
ccc-utility64 (Version: 2011.0613.2238.38801)
CCleaner (Version: 3.22)
CDBurnerXP (Version: 4.3.8.2474)
CDBurnerXP (x32 Version: 4.5.0.3661)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009)
Chicken Invaders 2 (x32)
Dairy Dash (x32)
Dream Day First Home (x32)
eBay Worldwide (x32 Version: 2.1.0901)
Emsisoft Anti-Malware (x32 Version: 6.6)
Eraser 6.0.7.1893 (Version: 6.7.1893)
ESET Online Scanner v3 (x32)
eSobi v2 (x32 Version: 2.0.4.000274)
FairStars CD Ripper 1.50 (x32)
Farm Frenzy 2 (x32)
Free YouTube to MP3 Converter version 3.12.16.1030 (x32 Version: 3.12.16.1030)
Freecom Network Storage Assistant 1.66 (x32)
FreeOCR v4.2 (x32)
Galapago (x32)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Granny In Paradise (x32)
Heroes of Hellas (x32)
Hydrogen (x32)
Identity Card (x32 Version: 1.00.3003)
Iminent (x32 Version: 6.44.21.0)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002)
iTunes (Version: 11.1.0.126)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Launch Manager (x32 Version: 4.0.7)
MediaShow Espresso (x32 Version: 5.5.1403_23691)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
Mozilla Thunderbird (3.1.6) (x32 Version: 3.1.6 (de))
Mp3tag v2.46a (x32 Version: v2.46a)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version: 3.1.210.0)
MyWinLocker Suite (x32 Version: 3.1.210.0)
Norton Online Backup (x32 Version: 1.2.0.36)
NTI Backup Now 5 (x32 Version: 5.1.2.628)
NTI Backup Now Standard (x32 Version: 5.1.2.628)
NTI Media Maker 8 (x32 Version: 8.0.12.6630)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Optical Drive Power Management (x32 Version: 1.01.3007)
PDFCreator (x32 Version: 1.2.0)
Plus-HD-3.8 (x32 Version: 1.29.153.2)
Power Tab Editor 1.7 (x32 Version: 1.7.0)
PSPad editor (x32)
PX Profile Update (x32 Version: 1.00.1.)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6096)
Rome - Total War (x32 Version: 1.5)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
Sibelius Scorch (Firefox, Opera, Netscape only) (x32 Version: 6.2.0)
SimpleOCR 3.1 (x32)
Spin & Win (x32)
Synaptics Pointing Device Driver (Version: 14.0.6.0)
TrueCrypt (x32 Version: 7.0a)
UltraEdit (x32 Version: 17.10.1008)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VC 9.0 Runtime (x32 Version: 1.0.0)
VIS (x32)
VLC media player 2.0.4 (Version: 2.0.4)
Welcome Center (x32 Version: 1.01.3002)
WIDCOMM Bluetooth Software (Version: 6.3.0.4300)
Winamp (x32 Version: 5.622 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinSecurity (x32)
==================== Restore Points =========================
13-10-2013 17:00:37 Windows-Sicherung
15-10-2013 19:05:02 Windows Update
22-10-2013 16:50:27 Windows-Sicherung
25-10-2013 12:23:34 Windows Update
28-10-2013 20:23:27 Windows-Sicherung
29-10-2013 20:36:09 Windows Update
03-11-2013 18:00:34 Windows-Sicherung
05-11-2013 06:56:30 Windows Update
08-11-2013 15:01:54 Windows Update
10-11-2013 18:00:35 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-09-01 10:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {5A75B953-305D-4FC9-A9EA-C6F01B12213D} - System32\Tasks\Plus-HD-3.8-enabler => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-enabler.exe [2013-11-10] (Plus HD)
Task: {5FED9F23-473D-4B82-8A33-66E8E397A2BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {7F42897A-DBEE-4478-B31E-CB27C4A24B4E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEBFC5A1-20D6-4E32-A321-CEFAD77B6C4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17] (Google Inc.)
Task: {C4042995-122D-4EB5-917E-ABC9C02EF3BC} - System32\Tasks\Plus-HD-3.8-updater => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-updater.exe [2013-11-10] (Plus HD)
Task: {D9960E50-26E4-4262-B288-8C2BC5634643} - System32\Tasks\Plus-HD-3.8-firefoxinstaller => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-firefoxinstaller.exe [2013-11-10] (Plus HD)
Task: {DEA89DA7-6517-4020-B706-AAEF72A0160C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17] (Google Inc.)
Task: {E705A20D-D574-4ED2-8A79-DBC1ACEC3A86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: {F3872ED0-9073-42F7-9D13-6BE93CA71089} - System32\Tasks\Plus-HD-3.8-codedownloader => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-codedownloader.exe [2013-11-10] (Plus HD)
Task: {FF963247-773F-46D2-8573-5CF0D2F6F69C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-3.8-enabler.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-3.8-updater.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-updater.exe
==================== Loaded Modules (whitelisted) =============
2011-06-13 22:36 - 2011-06-13 22:36 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-11-12 19:58 - 2013-11-12 08:36 - 02233344 _____ () C:\Program Files\AVAST Software\Avast\defs\13111200\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-05-06 13:48 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-10-30 22:24 - 2013-10-30 22:24 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-12 19:55 - 2013-11-12 19:55 - 00008704 _____ () C:\Users\******\AppData\Local\Temp\nsv697D.tmp\newadvsplash.dll
2013-08-25 21:51 - 2013-08-25 21:51 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2010-05-06 13:05 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-10-16 14:06 - 2010-11-14 16:57 - 00848048 _____ () C:\Program Files (x86)\Mozilla Thunderbird\js3250.dll
2010-10-16 14:06 - 2010-11-14 16:57 - 00161968 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2010-10-16 14:06 - 2010-11-14 16:57 - 00021680 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-10-11 13:46 - 2013-10-11 13:46 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/12/2013 07:55:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3003.0, Zeitstempel: 0x4bd10412
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.2.3003.0, Zeitstempel: 0x4bd10412
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000163d5
ID des fehlerhaften Prozesses: 0xb44
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
Error: (11/09/2013 02:58:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (11/09/2013 02:57:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/09/2013 02:20:50 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (11/07/2013 07:12:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (11/07/2013 07:11:30 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2013 06:28:21 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (11/06/2013 09:19:46 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 11 100.1.168.192.in-addr.arpa. PTR Ace.local.
Error: (11/06/2013 09:19:44 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.100:5353 13 100.1.168.192.in-addr.arpa. PTR Shiva.local.
Error: (11/05/2013 08:21:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198
System errors:
=============
Error: (11/12/2013 07:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (11/10/2013 10:50:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/05/2013 07:45:12 AM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{EF837FD0-1A65-4B8C-8C4C-667202EE7D06} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (11/01/2013 04:38:09 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/01/2013 04:22:35 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/01/2013 03:42:07 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/01/2013 03:30:35 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/01/2013 03:19:05 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/01/2013 02:53:02 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/01/2013 02:30:49 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Microsoft Office Sessions:
=========================
Error: (11/12/2013 07:55:21 PM) (Source: Application Error)(User: )
Description: ePowerTray.exe5.2.3003.04bd10412ePowerTray.exe5.2.3003.04bd10412c000000500000000000163d5b4401cedfd8bbaff7b5C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exeC:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exefa5411b2-4bcb-11e3-97c0-001e101f21c1
Error: (11/09/2013 02:58:17 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (11/09/2013 02:57:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/09/2013 02:20:50 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (11/07/2013 07:12:59 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (11/07/2013 07:11:30 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/07/2013 06:28:21 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (11/06/2013 09:19:46 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 11 100.1.168.192.in-addr.arpa. PTR Ace.local.
Error: (11/06/2013 09:19:44 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.100:5353 13 100.1.168.192.in-addr.arpa. PTR Shiva.local.
Error: (11/05/2013 08:21:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198
CodeIntegrity Errors:
===================================
Date: 2013-09-01 11:12:58.818
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-01 11:12:58.537
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-09 16:42:12.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:42:12.678
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:42:12.458
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:42:12.245
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:39:15.520
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:39:04.897
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:39:04.737
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:39:04.527
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 3766.69 MB
Available physical RAM: 1554.86 MB
Total Pagefile: 7531.55 MB
Available Pagefile: 4588.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:292.1 GB) (Free:227.24 GB) NTFS
Drive e: (Daten) (Fixed) (Total:290.97 GB) (Free:56.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 2C0EAF26)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=292 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=291 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.12.13 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 ADMIN :: ACE [limitiert] 12.11.2013 20:21:08 MBAM-log-2013-11-12 (20-39-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 289569 Laufzeit: 5 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 3 C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (PUP.Optional.Iminent) -> 2724 -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.exe (PUP.Optional.Iminent.A) -> 4940 -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (PUP.Optional.Iminent.A) -> 5028 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 3 C:\Program Files (x86)\Iminent\f_in_box.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.WinCore.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\System.Data.SQLite.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 75 HKLM\SYSTEM\CurrentControlSet\Services\SProtection (PUP.Optional.Iminent) -> Keine Aktion durchgeführt. HKCR\CLSID\{f42e9111-a9a5-4482-ad2e-1ef9da85b0bf} (PUP.Optional.WinSecurity.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{F905535E-9C87-4a3f-8A3E-4E3B54C461C5} (PUP.Optional.WinSecurity.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F42E9111-A9A5-4482-AD2E-1EF9DA85B0BF} (PUP.Optional.WinSecurity.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{11111111-1111-1111-1111-110311901130} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{44444444-4444-4444-4444-440344904430} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550355905530} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0039030.BHO.1 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311901130} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311901130} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\IminentWebBooster.ScriptExtender.1 (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\IminentWebBooster.ScriptExtender (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\IminentWebBooster.BrowserHelperObject.1 (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\IminentWebBooster.BrowserHelperObject (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0039030.BHO (PUP.Optional.CrossRider) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0039030.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0039030.Sandbox.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Business.Tinyfying.DownloadArgs (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Business.Tinyfying.LinkToPromoteArgs (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Business.Tinyfying.RawDataArgs (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Business.Tinyfying.TinyUrlArgs (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Business.Tinyfying.ViralLinkArgs (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.ClientCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.ContractBase (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GameOverCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetCreditCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableResult (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.InstallationContextResult (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.LoginCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.LogoutCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.MyAccountCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.PlayContentCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.PostContentCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.SetVariableCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.TestContentCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.WarmUpCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.WelcomeCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.ServerCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.ServerResult (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.LightContent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.LightUri (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.MediatorServiceProxy (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\AppID\Iminent.WebBooster.InternetExplorer.DLL (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\IMINENT (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Plus-HD-3.8 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\UMBRELLA (PUP.Optional.Umbrella.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\IMINENT (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-3.8 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IminentMessenger (PUP.Optional.Iminent.A) -> Daten: C:\Program Files (x86)\Iminent\Iminent.Messengers.exe -> Keine Aktion durchgeführt. HKCU\Software\Iminent|SearchEngineOptin (PUP.Optional.Iminent.A) -> Daten: 0 -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Umbrella|MUpdBlock (PUP.Optional.Umbrella.A) -> Daten: { "MASSUPDATE" : { "CHROME_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "FIREFOX_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 } } } -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\SProtection|ImagePath (PUP.Optional.Iminent.A) -> Daten: C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -> Keine Aktion durchgeführt. HKLM\Software\Iminent|RefererId (PUP.Optional.Iminent.A) -> Daten: 774 -> Keine Aktion durchgeführt. HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Iminent (PUP.Optional.Iminent.A) -> Daten: C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 22 C:\Program Files (x86)\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\de (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\en (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\es (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\fr (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\inst (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\inst\Bootstrapper (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\it (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\ro (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\tr (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Local\DownloadGuide (PUP.Optional.DownloadGuide.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Local\DownloadGuide\Offers (PUP.Optional.DownloadGuide.A) -> Keine Aktion durchgeführt. C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\ADMIN.Ace\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\ADMIN.Ace\AppData\Local\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 124 C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (PUP.Optional.Iminent) -> Keine Aktion durchgeführt. C:\Program Files (x86)\WinSecurity\winsecurity.dll (PUP.Optional.WinSecurity.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\ADMIN.Ace\AppData\Local\Temp\OCS\ocs_v7a.exe (PUP.Optional.DownloadSponsor.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Local\DownloadGuide\Offers\IminentSetup.exe (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe (PUP.Optional.AdLyrics) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Local\DownloadGuide\Offers\WinSecurity.exe (PUP.Optional.WinSecurity.A) -> Keine Aktion durchgeführt. C:\Windows\Installer\90198956.msi (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-3.8-enabler.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-3.8-updater.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\SearchTheWeb.xml (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\f_in_box.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.AxImp.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Business.Connect.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Business.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Business.tlb (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Entity.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.exe (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.exe.config (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.InstallLog (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.InstallState (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Mediator.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Mediator.tlb (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Messengers.exe.config (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Services.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.WinCore.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Windows.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Iminent.Workflow.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\Microsoft.Expression.Interactions.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\StartWeb.xml (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\System.Data.SQLite.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\System.Data.SQLite.xml (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\System.Windows.Interactivity.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\System.Windows.Interactivity.xml (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\USearch.xml (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\WPFLocalizeExtension.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\WPFLocalizeExtension.xml (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\de\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\de\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\de\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\de\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\de\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\de\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\de\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\en\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\en\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\en\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\en\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\en\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\en\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\en\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\es\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\es\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\es\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\es\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\es\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\es\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\es\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\fr\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\fr\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\fr\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\fr\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\fr\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\fr\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\fr\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\inst\main.ico (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\inst\msacm32.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\inst\SearchTheWeb.ico (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\inst\Universely.ico (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\it\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\it\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\it\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\it\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\it\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\it\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\it\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\ro\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\ro\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\ro\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\tr\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\tr\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\tr\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\tr\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Iminent\tr\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\SearchTheWeb.lnk (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Blog.lnk (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\FAQ.lnk (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Help.lnk (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Iminent.lnk (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Local\DownloadGuide\amazon.ico (PUP.Optional.DownloadGuide.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Local\DownloadGuide\osm-tk-cz.exe (PUP.Optional.DownloadGuide.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Local\DownloadGuide\Offers\vis-pro.exe (PUP.Optional.DownloadGuide.A) -> Keine Aktion durchgeführt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1031.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\********\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\39030.xpi (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\background.html (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Installer.log (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bg.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho64.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil64.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-codedownloader.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-enabler.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-helper.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-updater.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8.ico (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\Uninstall.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-3.8\utils.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. (Ende) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.001 - Report created 01/09/2013 at 11:42:26
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ADMIN - ACE
# Running from : C:\Users\*******\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found C:\Program Files (x86)\Ask.com
Folder Found C:\ProgramData\Ask
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\OCS
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Babylon
Key Found : [x64] HKCU\Software\OCS
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fairstars-cd-ripper_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fairstars-cd-ripper_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hydrogen_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hydrogen_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_netmeter_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_netmeter_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (de)
*************************
AdwCleaner[R0].txt - [4598 octets] - [01/09/2013 11:42:26]
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [4658 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.012 - Bericht erstellt am 12/11/2013 um 20:46:49
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ADMIN - ACE
# Gestartet von : C:\Users\*******\Desktop\adwcleaner(2).exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : SProtection
***** [ Dateien / Ordner ] *****
Datei Gefunden : \END
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-3.8-codedownloader
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-3.8-enabler
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-3.8-firefoxinstaller
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-3.8-updater
Datei Gefunden : C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job
Datei Gefunden : C:\Windows\Tasks\Plus-HD-3.8-enabler.job
Datei Gefunden : C:\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job
Datei Gefunden : C:\Windows\Tasks\Plus-HD-3.8-updater.job
Ordner Gefunden C:\Program Files (x86)\Common Files\Umbrella
Ordner Gefunden C:\Program Files (x86)\Iminent
Ordner Gefunden C:\Program Files (x86)\Plus-HD-3.8
Ordner Gefunden C:\Program Files (x86)\WinSecurity
Ordner Gefunden C:\ProgramData\Iminent
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Plus-HD-3.8
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : [x64] HKCU\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311901130}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322902230}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F42E9111-A9A5-4482-AD2E-1EF9DA85B0BF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0039030.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0039030.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0039030.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0039030.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\3DA786FCDC08E1345AF052DDF8C9693C
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\3DA786FCDC08E1345AF052DDF8C9693C
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355905530}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344904430}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F905535E-9C87-4A3F-8A3E-4E3B54C461C5}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765f7a84-216d-479c-888f-7ea3b1956e80}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765f7a84-216d-479c-888f-7ea3b1956e80}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a52849d-c74e-427e-b9b3-cf666bc8fa68}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a52849d-c74e-427e-b9b3-cf666bc8fa68}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7ccb5cf-d73e-41d9-96ea-9b2b736855b9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7ccb5cf-d73e-41d9-96ea-9b2b736855b9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b7a39e3f-642a-49fe-8637-2bbee2b0f0c1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b7a39e3f-642a-49fe-8637-2bbee2b0f0c1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc6fdc20-f9b4-409f-bd87-3901094c686d}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc6fdc20-f9b4-409f-bd87-3901094c686d}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311901130}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F42E9111-A9A5-4482-AD2E-1EF9DA85B0BF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311901130}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF687AD3-80CD-431E-A50F-25DD8F9C96C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-3.8
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSecurity
Schlüssel Gefunden : HKLM\Software\Plus-HD-3.8
Schlüssel Gefunden : HKLM\Software\Umbrella
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311901130}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322902230}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355905530}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765f7a84-216d-479c-888f-7ea3b1956e80}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765f7a84-216d-479c-888f-7ea3b1956e80}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a52849d-c74e-427e-b9b3-cf666bc8fa68}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a52849d-c74e-427e-b9b3-cf666bc8fa68}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7ccb5cf-d73e-41d9-96ea-9b2b736855b9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7ccb5cf-d73e-41d9-96ea-9b2b736855b9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b7a39e3f-642a-49fe-8637-2bbee2b0f0c1}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b7a39e3f-642a-49fe-8637-2bbee2b0f0c1}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc6fdc20-f9b4-409f-bd87-3901094c686d}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc6fdc20-f9b4-409f-bd87-3901094c686d}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311901130}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v25.0 (de)
*************************
AdwCleaner[R0].txt - [30794 octets] - [01/09/2013 10:42:26]
AdwCleaner[S0].txt - [4726 octets] - [01/09/2013 10:43:13]
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [30915 octets] ##########
Mit AdwCleaner und Malwarebytes hab ich ausschliesslich Suchläufe durchgeführt und nichts gelöscht oder bereinigt! Geändert von Pechvogel44 (12.11.2013 um 20:42 Uhr) |
|
12.11.2013, 20:55
| #2 |
| /// TB-Ausbilder   | rvzr-a.akamaihd.net und get-new-java.com entferenen Servus,
__________________ok, wir beginnen so: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste mit deiner nächsten Antwort
|
|
14.11.2013, 08:08
| #3 |
| | rvzr-a.akamaihd.net und get-new-java.com entferenen Hier schon mal die Logdatei von AdwCleaner,
__________________die Logdatei von JRT, die Logdatei von MBAM, die Logdatei von Zoek folgen. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.012 - Bericht erstellt am 13/11/2013 um 21:09:02
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ADMIN - ACE
# Gestartet von : C:\Users\xxxxxxx\Desktop\adwcleaner(2).exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : SProtection
***** [ Dateien / Ordner ] *****
Datei Gefunden : \END
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-3.8-codedownloader
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-3.8-enabler
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-3.8-firefoxinstaller
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-3.8-updater
Datei Gefunden : C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job
Datei Gefunden : C:\Windows\Tasks\Plus-HD-3.8-enabler.job
Datei Gefunden : C:\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job
Datei Gefunden : C:\Windows\Tasks\Plus-HD-3.8-updater.job
Ordner Gefunden C:\Program Files (x86)\Common Files\Umbrella
Ordner Gefunden C:\Program Files (x86)\Iminent
Ordner Gefunden C:\Program Files (x86)\Plus-HD-3.8
Ordner Gefunden C:\Program Files (x86)\WinSecurity
Ordner Gefunden C:\ProgramData\Iminent
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Plus-HD-3.8
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : [x64] HKCU\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311901130}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322902230}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F42E9111-A9A5-4482-AD2E-1EF9DA85B0BF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0039030.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0039030.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0039030.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0039030.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\3DA786FCDC08E1345AF052DDF8C9693C
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\3DA786FCDC08E1345AF052DDF8C9693C
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355905530}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344904430}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F905535E-9C87-4A3F-8A3E-4E3B54C461C5}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765f7a84-216d-479c-888f-7ea3b1956e80}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765f7a84-216d-479c-888f-7ea3b1956e80}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a52849d-c74e-427e-b9b3-cf666bc8fa68}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a52849d-c74e-427e-b9b3-cf666bc8fa68}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7ccb5cf-d73e-41d9-96ea-9b2b736855b9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7ccb5cf-d73e-41d9-96ea-9b2b736855b9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b7a39e3f-642a-49fe-8637-2bbee2b0f0c1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b7a39e3f-642a-49fe-8637-2bbee2b0f0c1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc6fdc20-f9b4-409f-bd87-3901094c686d}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc6fdc20-f9b4-409f-bd87-3901094c686d}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311901130}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F42E9111-A9A5-4482-AD2E-1EF9DA85B0BF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311901130}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF687AD3-80CD-431E-A50F-25DD8F9C96C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-3.8
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSecurity
Schlüssel Gefunden : HKLM\Software\Plus-HD-3.8
Schlüssel Gefunden : HKLM\Software\Umbrella
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311901130}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322902230}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355905530}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765f7a84-216d-479c-888f-7ea3b1956e80}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765f7a84-216d-479c-888f-7ea3b1956e80}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a52849d-c74e-427e-b9b3-cf666bc8fa68}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a52849d-c74e-427e-b9b3-cf666bc8fa68}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7ccb5cf-d73e-41d9-96ea-9b2b736855b9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7ccb5cf-d73e-41d9-96ea-9b2b736855b9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b7a39e3f-642a-49fe-8637-2bbee2b0f0c1}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b7a39e3f-642a-49fe-8637-2bbee2b0f0c1}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc6fdc20-f9b4-409f-bd87-3901094c686d}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc6fdc20-f9b4-409f-bd87-3901094c686d}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311901130}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0 (de)
*************************
AdwCleaner[R0].txt - [31250 octets] - [01/09/2013 10:42:26]
AdwCleaner[R1].txt - [26087 octets] - [13/11/2013 21:09:02]
AdwCleaner[S0].txt - [4726 octets] - [01/09/2013 10:43:13]
########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [26208 octets] ##########
die Logdatei von MBAM, die Logdatei von Zoek folgen. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by ADMIN on 13.11.2013 at 21:58:59,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\firefox\profiles\wvfcx3wu.default\extensions\staged
Successfully deleted the following from C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\firefox\profiles\wvfcx3wu.default\prefs.js
user_pref("iminent.searchindex", "1");
user_pref("iminent.newtabredirect", "false");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.11.2013 at 22:12:17,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.14.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 ADMIN :: ACE [Administrator] 14.11.2013 07:57:05 mbam-log-2013-11-14 (07-57-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 289548 Laufzeit: 5 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\Users\xxxxxxx\AppData\Local\DownloadGuide (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Local\DownloadGuide\Offers (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\ADMIN.Ace\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\ADMIN.Ace\AppData\Local\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 11 C:\Users\ADMIN.Ace\AppData\Local\Temp\OCS\ocs_v7a.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Local\DownloadGuide\Offers\IminentSetup.exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe (PUP.Optional.AdLyrics) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Local\DownloadGuide\Offers\WinSecurity.exe (PUP.Optional.WinSecurity.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\90198956.msi (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Local\DownloadGuide\amazon.ico (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Local\DownloadGuide\osm-tk-cz.exe (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Local\DownloadGuide\Offers\vis-pro.exe (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxxxxx\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von Pechvogel44 (13.11.2013 um 21:48 Uhr) |
|
14.11.2013, 17:16
| #4 | |
| /// TB-Ausbilder | rvzr-a.akamaihd.net und get-new-java.com entferenen Servus, Zitat:
 Sobald ich die Logdatei von Zoek habe, kann es weiter gehen.  |
|
14.11.2013, 22:59
| #5 | |
| | rvzr-a.akamaihd.net und get-new-java.com entferenenZitat:
Code:
ATTFilter Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by ADMIN on 14.11.2013 at 21:25:44,51.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\xxxxxxx\Desktop\zoek\zoek.exe [Script inserted]
==== System Restore Info ======================
14.11.2013 21:28:37 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ee8cd9f6-dae3-4889-816b-99fe80dae284} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r6n9rara.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "YouTube");
user_pref("browser.search.selectedEngine", "YouTube");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r6n9rara.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\3udiwpab.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\3udiwpab.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xke09otc.default-1359736880158\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xke09otc.default-1359736880158\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default
user.js not found
---- Lines {FFB96CC1-7EB3-449D-B827-DB661701C6BB} modified from prefs.js ----
user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,wtxpcom@disabled.com:4.3,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.
---- FireFox user.js and prefs.js backups ----
prefs__1959_.backup
prefs__2142_.backup
ProfilePath: C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx
user.js not found
---- FireFox user.js and prefs.js backups ----
user__1959_.backup
prefs__1959_.backup
prefs__2142_.backup
ProfilePath: C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r6n9rara.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1959_.backup
prefs__2142_.backup
ProfilePath: C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\3udiwpab.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__2142_.backup
ProfilePath: C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xke09otc.default-1359736880158
user.js not found
---- Lines iminent removed from prefs.js ----
user_pref("iminent.LayoutId", "1");
user_pref("iminent.registerToolbarEvent102", "1384371875784");
user_pref("iminent.ShowThankyouPixel", "0");
user_pref("iminent.version", "7.43.4.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.43.4.1\",\"InstallEventCTime\":1384460550942,\"InstallEvent\":\"True\"}");
---- Lines iminent modified from prefs.js ----
user_pref("extensions.enabledAddons", "info%40youtube-mp3.org:1.0.4,youtubeit_aechiara%40gmail.com:0.6.2,%7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So
---- Lines crossrider removed from prefs.js ----
user_pref("extensions.crossrider.bic", "142417c6f02f496f36acb70b071bf5b6");
---- FireFox user.js and prefs.js backups ----
prefs__1959_.backup
prefs__2142_.backup
==== Deleting Files \ Folders ======================
C:\ProgramData\Malwarebytes' Anti-Malware (portable) deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\ADMIN.Ace\AppData\Roaming\Windows Net Data deleted
C:\Users\xxxxx\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar deleted
C:\Users\xxxxxxx\AppData\Roaming\Iminent deleted
C:\Users\xxxxxxx\AppData\Roaming\DVDVideoSoftIEHelpers deleted
C:\Users\xxxxx\AppData\LocalLow\pdfforge deleted
C:\Users\xxxxx\AppData\LocalLow\Search Settings deleted
C:\Users\xxxxx\AppData\LocalLow\AskToolbar deleted
C:\Users\xxxxxxx\AppData\LocalLow\pdfforge deleted
C:\Users\xxxxxxx\AppData\LocalLow\Search Settings deleted
C:\Users\xxxxxxx\AppData\LocalLow\AskToolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\pdfforge deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\wininit.ini deleted
C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions\staged deleted
C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r6n9rara.default\jetpack deleted
C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xke09otc.default-1359736880158\jetpack deleted
C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xke09otc.default-1359736880158\extensions\webbooster@iminent.com.xpi deleted
"C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\extensions\webbooster@iminent.com.xpi" deleted
"C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r6n9rara.default\extensions\webbooster@iminent.com.xpi" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [06.09.2013 20:21]
==== Firefox Extensions ======================
ProfilePath: C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx
- Undetermined - C:\Program Files (x86)\McAfee\SiteAdvisor
- Undetermined - C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
- Adobe DLM powered by getPlusR - %ProfilePath%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
ProfilePath: C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r6n9rara.default
- BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
ProfilePath: C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\3udiwpab.default
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
ProfilePath: C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xke09otc.default-1359736880158
- Plus-HD-3.8 - %ProfilePath%\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- YouTube mp3 - %ProfilePath%\extensions\info@youtube-mp3.org.xpi
- YouTubeIT - %ProfilePath%\extensions\youtubeit_aechiara@gmail.com.xpi
- BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleted Firefox Extensions ======================
C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xke09otc.default-1359736880158\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com deleted
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ADMIN.Ace\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ADMIN.Ace\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\xxxxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\xxxxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\ADMIN.Ace\AppData\Local\Mozilla\Firefox\Profiles\wvfcx3wu.default\Cache emptied successfully
C:\Users\xxxxx\AppData\Local\Mozilla\Firefox\Profiles\r6n9rara.default\Cache emptied successfully
C:\Users\xxxxxxx\AppData\Local\Mozilla\Firefox\Profiles\xke09otc.default-1359736880158\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
|
|
15.11.2013, 19:37
| #6 |
| /// TB-Ausbilder | rvzr-a.akamaihd.net und get-new-java.com entferenen Servus, Wir spüren die letzten Reste auf, damit wir sie später entfernen können: Schritt 1 Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden wieder zwei Logdateien erzeugt. Poste mir diese. Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Gibt es noch Probleme mit Malware? Wenn ja, welche? Wie läuft der Rechner derzeit? Bitte poste mit deiner nächsten Antwort
|
|
15.11.2013, 21:21
| #7 |
| | rvzr-a.akamaihd.net und get-new-java.com entferenen Hier schon mal FRST: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by ADMIN at 2013-11-15 21:16:31
Running from C:\Users\xxxxxxx\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acer 3G Connection Manager (x32 Version: 2.00.3002)
Acer Arcade Deluxe (x32 Version: 4.0.7615)
Acer Arcade Movie (x32 Version: 9.0.6423)
Acer Backup Manager (x32 Version: 2.0.0.60)
Acer Crystal Eye Webcam (x32 Version: 5.2.11.2)
Acer eRecovery Management (x32 Version: 4.05.3011)
Acer GameZone Console (x32 Version: 6.1.0.2)
Acer PowerSmart Manager (x32 Version: 5.02.3003)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0119.2010)
Acer Updater (x32 Version: 1.02.3001)
Acer VCM (x32 Version: 4.05.3002)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001)
Amazon MP3-Downloader 1.0.9 (x32)
Amazonia (x32)
AMD APP SDK Runtime (Version: 2.4.595.1)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.23)
ATI Catalyst Install Manager (Version: 3.0.820.0)
Audiograbber 1.83 SE (x32 Version: 1.83 SE)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
AVerMedia A850 USB DVBT 1.0.64.18 (x32 Version: 1.0.64.18)
AVerTV (x32 Version: 6.0.12)
Backup Manager Basic (x32 Version: 2.0.0.60)
Bonjour (Version: 3.0.0.10)
Cake Mania (x32)
Canon MP Navigator EX 3.0 (x32)
Canon MP550 series Benutzerregistrierung (x32)
Canon MP550 series MP Drivers
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities My Printer (x32)
Canon Utilities Solution Menu (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.0613.2238.38801)
Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561)
Catalyst Control Center InstallProxy (x32 Version: 2011.0613.2238.38801)
Catalyst Control Center Localization All (x32 Version: 2011.0613.2238.38801)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0613.2238.38801)
CCC Help Chinese Standard (x32 Version: 2011.0613.2237.38801)
CCC Help Chinese Traditional (x32 Version: 2011.0613.2237.38801)
CCC Help Czech (x32 Version: 2011.0613.2237.38801)
CCC Help Danish (x32 Version: 2011.0613.2237.38801)
CCC Help Dutch (x32 Version: 2011.0613.2237.38801)
CCC Help English (x32 Version: 2011.0613.2237.38801)
CCC Help Finnish (x32 Version: 2011.0613.2237.38801)
CCC Help French (x32 Version: 2011.0613.2237.38801)
CCC Help German (x32 Version: 2011.0613.2237.38801)
CCC Help Greek (x32 Version: 2011.0613.2237.38801)
CCC Help Hungarian (x32 Version: 2011.0613.2237.38801)
CCC Help Italian (x32 Version: 2011.0613.2237.38801)
CCC Help Japanese (x32 Version: 2011.0613.2237.38801)
CCC Help Korean (x32 Version: 2011.0613.2237.38801)
CCC Help Norwegian (x32 Version: 2011.0613.2237.38801)
CCC Help Polish (x32 Version: 2011.0613.2237.38801)
CCC Help Portuguese (x32 Version: 2011.0613.2237.38801)
CCC Help Russian (x32 Version: 2011.0613.2237.38801)
CCC Help Spanish (x32 Version: 2011.0613.2237.38801)
CCC Help Swedish (x32 Version: 2011.0613.2237.38801)
CCC Help Thai (x32 Version: 2011.0613.2237.38801)
CCC Help Turkish (x32 Version: 2011.0613.2237.38801)
ccc-utility64 (Version: 2011.0613.2238.38801)
CCleaner (Version: 3.22)
CDBurnerXP (Version: 4.3.8.2474)
CDBurnerXP (x32 Version: 4.5.0.3661)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009)
Chicken Invaders 2 (x32)
Dairy Dash (x32)
Dream Day First Home (x32)
eBay Worldwide (x32 Version: 2.1.0901)
Emsisoft Anti-Malware (x32 Version: 6.6)
Eraser 6.0.7.1893 (Version: 6.7.1893)
ESET Online Scanner v3 (x32)
eSobi v2 (x32 Version: 2.0.4.000274)
FairStars CD Ripper 1.50 (x32)
Farm Frenzy 2 (x32)
Free YouTube to MP3 Converter version 3.12.16.1030 (x32 Version: 3.12.16.1030)
Freecom Network Storage Assistant 1.66 (x32)
FreeOCR v4.2 (x32)
Galapago (x32)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Granny In Paradise (x32)
Heroes of Hellas (x32)
Hydrogen (x32)
Identity Card (x32 Version: 1.00.3003)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002)
iTunes (Version: 11.1.0.126)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Launch Manager (x32 Version: 4.0.7)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MediaShow Espresso (x32 Version: 5.5.1403_23691)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
Mozilla Thunderbird (3.1.6) (x32 Version: 3.1.6 (de))
Mp3tag v2.46a (x32 Version: v2.46a)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version: 3.1.210.0)
MyWinLocker Suite (x32 Version: 3.1.210.0)
Norton Online Backup (x32 Version: 1.2.0.36)
NTI Backup Now 5 (x32 Version: 5.1.2.628)
NTI Backup Now Standard (x32 Version: 5.1.2.628)
NTI Media Maker 8 (x32 Version: 8.0.12.6630)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Optical Drive Power Management (x32 Version: 1.01.3007)
PDFCreator (x32 Version: 1.2.0)
Power Tab Editor 1.7 (x32 Version: 1.7.0)
PSPad editor (x32)
PX Profile Update (x32 Version: 1.00.1.)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6096)
Rome - Total War (x32 Version: 1.5)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
Sibelius Scorch (Firefox, Opera, Netscape only) (x32 Version: 6.2.0)
SimpleOCR 3.1 (x32)
Spin & Win (x32)
Synaptics Pointing Device Driver (Version: 14.0.6.0)
TrueCrypt (x32 Version: 7.0a)
UltraEdit (x32 Version: 17.10.1008)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VC 9.0 Runtime (x32 Version: 1.0.0)
VIS (x32)
VLC media player 2.0.4 (Version: 2.0.4)
Welcome Center (x32 Version: 1.01.3002)
WIDCOMM Bluetooth Software (Version: 6.3.0.4300)
Winamp (x32 Version: 5.622 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
==================== Restore Points =========================
22-10-2013 16:50:27 Windows-Sicherung
25-10-2013 12:23:34 Windows Update
28-10-2013 20:23:27 Windows-Sicherung
29-10-2013 20:36:09 Windows Update
03-11-2013 18:00:34 Windows-Sicherung
05-11-2013 06:56:30 Windows Update
08-11-2013 15:01:54 Windows Update
10-11-2013 18:00:35 Windows-Sicherung
12-11-2013 20:00:12 Windows Update
14-11-2013 07:13:03 Windows Update
14-11-2013 20:28:09 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-09-01 10:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {5A75B953-305D-4FC9-A9EA-C6F01B12213D} - \Plus-HD-3.8-enabler No Task File
Task: {5FED9F23-473D-4B82-8A33-66E8E397A2BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {7F42897A-DBEE-4478-B31E-CB27C4A24B4E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEBFC5A1-20D6-4E32-A321-CEFAD77B6C4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17] (Google Inc.)
Task: {C4042995-122D-4EB5-917E-ABC9C02EF3BC} - \Plus-HD-3.8-updater No Task File
Task: {D9960E50-26E4-4262-B288-8C2BC5634643} - \Plus-HD-3.8-firefoxinstaller No Task File
Task: {DEA89DA7-6517-4020-B706-AAEF72A0160C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17] (Google Inc.)
Task: {E705A20D-D574-4ED2-8A79-DBC1ACEC3A86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: {F3872ED0-9073-42F7-9D13-6BE93CA71089} - \Plus-HD-3.8-codedownloader No Task File
Task: {FF963247-773F-46D2-8573-5CF0D2F6F69C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-06-13 22:36 - 2011-06-13 22:36 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-11-15 21:09 - 2013-11-15 19:52 - 02237440 _____ () C:\Program Files\AVAST Software\Avast\defs\13111501\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-05-06 13:48 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2010-10-16 14:06 - 2010-11-14 16:57 - 00848048 _____ () C:\Program Files (x86)\Mozilla Thunderbird\js3250.dll
2010-10-16 14:06 - 2010-11-14 16:57 - 00161968 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2010-10-16 14:06 - 2010-11-14 16:57 - 00021680 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-08-25 21:51 - 2013-08-25 21:51 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2010-05-06 13:05 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-10-30 22:24 - 2013-10-30 22:24 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/14/2013 10:51:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3003.0, Zeitstempel: 0x4bd10412
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.2.3003.0, Zeitstempel: 0x4bd10412
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000163d5
ID des fehlerhaften Prozesses: 0x15b4
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
Error: (11/14/2013 10:02:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (11/14/2013 10:02:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/14/2013 09:24:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: consent.exe, Version: 6.1.7601.18103, Zeitstempel: 0x512d820f
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007ff7cd603a4
ID des fehlerhaften Prozesses: 0x42c
Startzeit der fehlerhaften Anwendung: 0xconsent.exe0
Pfad der fehlerhaften Anwendung: consent.exe1
Pfad des fehlerhaften Moduls: consent.exe2
Berichtskennung: consent.exe3
Error: (11/14/2013 09:24:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: consent.exe, Version: 6.1.7601.18103, Zeitstempel: 0x512d820f
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007ff7cd603a4
ID des fehlerhaften Prozesses: 0xfa0
Startzeit der fehlerhaften Anwendung: 0xconsent.exe0
Pfad der fehlerhaften Anwendung: consent.exe1
Pfad des fehlerhaften Moduls: consent.exe2
Berichtskennung: consent.exe3
Error: (11/14/2013 09:24:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: consent.exe, Version: 6.1.7601.18103, Zeitstempel: 0x512d820f
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007ff7cd603a4
ID des fehlerhaften Prozesses: 0x1890
Startzeit der fehlerhaften Anwendung: 0xconsent.exe0
Pfad der fehlerhaften Anwendung: consent.exe1
Pfad des fehlerhaften Moduls: consent.exe2
Berichtskennung: consent.exe3
Error: (11/14/2013 08:45:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3003.0, Zeitstempel: 0x4bd10412
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.2.3003.0, Zeitstempel: 0x4bd10412
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000163d5
ID des fehlerhaften Prozesses: 0x16dc
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
Error: (11/13/2013 10:29:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3003.0, Zeitstempel: 0x4bd10412
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.2.3003.0, Zeitstempel: 0x4bd10412
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000163d5
ID des fehlerhaften Prozesses: 0x17ec
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
Error: (11/13/2013 10:25:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: taskbarcpl.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9da
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000000c12f
ID des fehlerhaften Prozesses: 0x1bb0
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (11/13/2013 10:25:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: taskbarcpl.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9da
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000c12f
ID des fehlerhaften Prozesses: 0x1bb0
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
System errors:
=============
Error: (11/14/2013 10:48:41 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/14/2013 09:42:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/14/2013 09:42:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/14/2013 09:42:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/14/2013 09:42:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/14/2013 09:42:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/14/2013 08:12:52 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/13/2013 10:26:03 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (11/14/2013 10:51:22 PM) (Source: Application Error)(User: )
Description: ePowerTray.exe5.2.3003.04bd10412ePowerTray.exe5.2.3003.04bd10412c000000500000000000163d515b401cee183a3e07308C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exeC:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exee6652ad7-4d76-11e3-931d-001e101f8924
Error: (11/14/2013 10:02:52 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (11/14/2013 10:02:15 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/14/2013 09:24:08 PM) (Source: Application Error)(User: )
Description: consent.exe6.1.7601.18103512d820funknown0.0.0.000000000c0000005000007ff7cd603a442c01cee17778d5a0e3C:\Windows\system32\consent.exeunknownb68b634e-4d6a-11e3-ada3-001e101f2b52
Error: (11/14/2013 09:24:05 PM) (Source: Application Error)(User: )
Description: consent.exe6.1.7601.18103512d820funknown0.0.0.000000000c0000005000007ff7cd603a4fa001cee17776d7586aC:\Windows\system32\consent.exeunknownb48bbb40-4d6a-11e3-ada3-001e101f2b52
Error: (11/14/2013 09:24:00 PM) (Source: Application Error)(User: )
Description: consent.exe6.1.7601.18103512d820funknown0.0.0.000000000c0000005000007ff7cd603a4189001cee17772ebb7a8C:\Windows\system32\consent.exeunknownb1d98975-4d6a-11e3-ada3-001e101f2b52
Error: (11/14/2013 08:45:39 PM) (Source: Application Error)(User: )
Description: ePowerTray.exe5.2.3003.04bd10412ePowerTray.exe5.2.3003.04bd10412c000000500000000000163d516dc01cee17217174465C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exeC:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe560eae8b-4d65-11e3-ada3-001e101f2b52
Error: (11/13/2013 10:29:02 PM) (Source: Application Error)(User: )
Description: ePowerTray.exe5.2.3003.04bd10412ePowerTray.exe5.2.3003.04bd10412c000000500000000000163d517ec01cee0b75d87468cC:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exeC:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe9d297f56-4caa-11e3-a80f-001e101f57d0
Error: (11/13/2013 10:25:38 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4taskbarcpl.dll6.1.7601.175144ce7c9dac000041d000000000000c12f1bb001cee0b6e469ae00C:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll23bb8c70-4caa-11e3-ae24-001e101fe5e1
Error: (11/13/2013 10:25:37 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4taskbarcpl.dll6.1.7601.175144ce7c9dac0000005000000000000c12f1bb001cee0b6e469ae00C:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll22fabcfa-4caa-11e3-ae24-001e101fe5e1
CodeIntegrity Errors:
===================================
Date: 2013-09-01 11:12:58.818
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-01 11:12:58.537
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-09 16:42:12.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:42:12.678
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:42:12.458
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:42:12.245
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:39:15.520
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:39:04.897
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:39:04.737
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-09 16:39:04.527
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 3766.69 MB
Available physical RAM: 2179.96 MB
Total Pagefile: 7531.55 MB
Available Pagefile: 5305.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:292.1 GB) (Free:226.71 GB) NTFS
Drive e: (Daten) (Fixed) (Total:290.97 GB) (Free:56.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 2C0EAF26)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=292 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=291 GB) - (Type=OF Extended)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by ADMIN (administrator) on ACE on 15-11-2013 21:16:08
Running from C:\Users\xxxxxxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Mozilla Messaging) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\xxxxxxx\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe [223264 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775072 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [979344 2010-04-10] (The Eraser Project)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\runonceex: [Flags] - 8
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\Admin\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager \ConnMgrLauncher.exe Silent
HKU\Admin\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager \ConnMgrLauncher.exe Silent
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager \ConnMgrLauncher.exe Silent
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\xxxx\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager \ConnMgrLauncher.exe Silent
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.109.121.2 62.109.121.1
FireFox:
========
FF ProfilePath: C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [3082640 2012-09-19] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [352256 2008-06-06] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [409600 2008-07-14] ()
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-04-23] (Acer Incorporated)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
==================== Drivers (Whitelisted) ====================
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [23208 2011-05-19] (Emsi Software GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [14720 2010-05-05] (Emsi Software GmbH)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [245248 2010-01-26] (Huawei Technologies Co., Ltd.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-15 21:14 - 2013-11-12 20:04 - 01957590 _____ (Farbar) C:\Users\xxxxxxx\Desktop\FRST64(1).exe
2013-11-14 21:48 - 2013-11-14 21:25 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-11-14 21:41 - 2013-11-14 21:48 - 00000079 _____ C:\folders.log
2013-11-14 21:41 - 2013-11-14 21:48 - 00000000 ____D C:\zoek
2013-11-14 21:28 - 2013-11-14 21:48 - 00017445 _____ C:\zoek-results.log
2013-11-14 21:24 - 2013-11-14 21:46 - 00000000 ____D C:\zoek_backup
2013-11-14 08:12 - 2013-11-14 08:12 - 00000000 ____D C:\Users\xxxxxxx\Desktop\zoek
2013-11-14 08:11 - 2013-11-14 08:09 - 04038808 _____ C:\Users\xxxxxxx\Desktop\zoek.zip
2013-11-13 22:12 - 2013-11-13 22:12 - 00000989 _____ C:\Users\ADMIN.Ace\Desktop\JRT.txt
2013-11-13 21:58 - 2013-11-13 21:57 - 01034531 _____ (Thisisu) C:\Users\xxxxxxx\Desktop\JRT(1).exe
2013-11-12 21:32 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 21:32 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 21:32 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 21:32 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 21:32 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 21:32 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 21:32 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 21:32 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 21:32 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 21:32 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 21:32 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 21:32 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 21:32 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 21:32 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 21:32 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 21:32 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 21:32 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 21:32 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 21:32 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 21:32 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 21:32 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 21:00 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 21:00 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 21:00 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 21:00 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 21:00 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 21:00 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 20:59 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 20:59 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 20:59 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 20:59 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 20:59 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 20:59 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 20:59 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 20:59 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 20:59 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 20:59 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 20:59 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 20:59 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 20:59 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 20:59 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 20:59 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 20:59 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 20:59 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 20:59 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 20:59 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 20:59 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 20:59 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 20:59 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 20:59 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 20:59 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 20:21 - 2013-11-12 20:20 - 01085542 _____ C:\Users\xxxxxxx\Desktop\adwcleaner(2).exe
2013-11-12 20:10 - 2013-11-12 20:10 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-12 20:10 - 2013-11-12 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 20:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-12 20:09 - 2013-11-15 21:15 - 00026713 _____ C:\Users\xxxxxxx\Desktop\Addition.txt
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\FRST
2013-11-10 10:50 - 2013-11-10 10:50 - 00000635 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-10 10:22 - 2013-11-10 10:22 - 00000000 ____D C:\Users\xxxxxxx\AppData\Roaming\Mobile Atlas Creator
2013-11-01 22:11 - 2013-11-01 22:11 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-30 22:24 - 2013-10-30 22:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-11-15 21:15 - 2013-11-12 20:09 - 00026713 _____ C:\Users\xxxxxxx\Desktop\Addition.txt
2013-11-15 21:09 - 2012-09-23 17:09 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-15 21:09 - 2012-09-21 08:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 21:09 - 2012-09-21 08:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-15 21:09 - 2012-09-16 19:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 21:09 - 2011-01-24 21:26 - 01426068 _____ C:\Windows\WindowsUpdate.log
2013-11-14 22:58 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 22:58 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 22:49 - 2013-01-06 00:37 - 00019792 _____ C:\Windows\PFRO.log
2013-11-14 22:49 - 2012-12-29 15:23 - 00015381 _____ C:\Windows\setupact.log
2013-11-14 22:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 22:48 - 2012-08-23 18:21 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-11-14 22:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 21:48 - 2013-11-14 21:41 - 00000079 _____ C:\folders.log
2013-11-14 21:48 - 2013-11-14 21:41 - 00000000 ____D C:\zoek
2013-11-14 21:48 - 2013-11-14 21:28 - 00017445 _____ C:\zoek-results.log
2013-11-14 21:46 - 2013-11-14 21:24 - 00000000 ____D C:\zoek_backup
2013-11-14 21:43 - 2011-11-11 22:50 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\CheckPoint
2013-11-14 21:25 - 2013-11-14 21:48 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-11-14 08:12 - 2013-11-14 08:12 - 00000000 ____D C:\Users\xxxxxxx\Desktop\zoek
2013-11-14 08:09 - 2013-11-14 08:11 - 04038808 _____ C:\Users\xxxxxxx\Desktop\zoek.zip
2013-11-13 22:33 - 2010-07-22 22:34 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-11-13 22:33 - 2010-07-22 22:34 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-11-13 22:33 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 22:12 - 2013-11-13 22:12 - 00000989 _____ C:\Users\ADMIN.Ace\Desktop\JRT.txt
2013-11-13 21:57 - 2013-11-13 21:58 - 01034531 _____ (Thisisu) C:\Users\xxxxxxx\Desktop\JRT(1).exe
2013-11-13 21:27 - 2013-09-01 10:41 - 00000000 ____D C:\AdwCleaner
2013-11-13 21:00 - 2010-10-16 12:59 - 00000000 ____D C:\Users\ADMIN.Ace
2013-11-12 21:32 - 2013-08-25 16:26 - 00000000 ____D C:\Windows\system32\MRT
2013-11-12 21:28 - 2010-10-17 13:16 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 20:20 - 2013-11-12 20:21 - 01085542 _____ C:\Users\xxxxxxx\Desktop\adwcleaner(2).exe
2013-11-12 20:10 - 2013-11-12 20:10 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-12 20:10 - 2013-11-12 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\FRST
2013-11-12 20:04 - 2013-11-15 21:14 - 01957590 _____ (Farbar) C:\Users\xxxxxxx\Desktop\FRST64(1).exe
2013-11-12 19:53 - 2012-09-16 20:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-10 10:50 - 2013-11-10 10:50 - 00000635 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-10 10:22 - 2013-11-10 10:22 - 00000000 ____D C:\Users\xxxxxxx\AppData\Roaming\Mobile Atlas Creator
2013-11-02 16:51 - 2010-10-16 19:24 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Macromedia
2013-11-01 22:11 - 2013-11-01 22:11 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-01 22:11 - 2013-03-09 13:20 - 00000000 ____D C:\Users\ADMIN.Ace\AppData\Roaming\DVDVideoSoft
2013-10-30 22:24 - 2013-10-30 22:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 21:08 - 2012-12-31 12:58 - 00000000 ____D C:\Users\xxxxxxx\AppData\Roaming\vlc
Some content of TEMP:
====================
C:\Users\xxxxxxx\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-14 22:00
==================== End Of Log ============================
SystemLook folgt... |
|
15.11.2013, 21:35
| #8 |
| | rvzr-a.akamaihd.net und get-new-java.com entferenenCode:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 21:23 on 15/11/2013 by ADMIN
Administrator - Elevation successful
========== filefind ==========
Searching for "*Plus-HD*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bg.exe.vir --a---- 756072 bytes [10:08 10/11/2013] [10:08 10/11/2013] 655A46DB3CE2CA51FFFD89505185A43C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho.dll.vir --a---- 643944 bytes [10:08 10/11/2013] [10:08 10/11/2013] 50B7196E75B52F8F8D6CEC54CB7600EF
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho64.dll.vir --a---- 967528 bytes [10:08 10/11/2013] [10:08 10/11/2013] D62EB0403E333FB55241C448CFB5025C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil.dll.vir --a---- 418664 bytes [10:08 10/11/2013] [10:08 10/11/2013] 518D6C656610D48B64467F0A42A7D741
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil.exe.vir --a---- 348008 bytes [10:08 10/11/2013] [10:08 10/11/2013] 6957A5530C40BFABE07700573A3688E4
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil64.dll.vir --a---- 509800 bytes [10:08 10/11/2013] [10:08 10/11/2013] 9730CD7E397AEC511DB37360329C1990
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil64.exe.vir --a---- 455016 bytes [10:08 10/11/2013] [10:08 10/11/2013] D589443FB8D782EEA138FC1263C973DE
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-codedownloader.exe.vir --a---- 499048 bytes [10:08 10/11/2013] [10:08 10/11/2013] 6C7A83943EB7C396E05697B5F56FDBBB
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-enabler.exe.vir --a---- 360296 bytes [10:08 10/11/2013] [10:08 10/11/2013] C3FF3E5C597B142E9F7DDDBA26C93DBE
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-firefoxinstaller.exe.vir --a---- 736616 bytes [10:08 10/11/2013] [10:08 10/11/2013] 5C53659A09A7694668DEB300238585BD
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-helper.exe.vir --a---- 323432 bytes [10:08 10/11/2013] [10:08 10/11/2013] 87E824CC7AA51DFB55C7D01B5D55CF8A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-updater.exe.vir --a---- 371560 bytes [10:08 10/11/2013] [10:08 10/11/2013] 627F8078BDCE778F295503FECC68C293
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8.ico.vir --a---- 9662 bytes [08:27 25/10/2013] [08:27 25/10/2013] 739B67DAC0C716F3DA123622BACAB424
C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\Plus-HD-3.8-codedownloader.vir --a---- 4228 bytes [10:08 10/11/2013] [10:08 10/11/2013] 8B84DCBFB1DDD016A0926268A7402C4D
C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\Plus-HD-3.8-enabler.vir --a---- 4128 bytes [10:08 10/11/2013] [10:08 10/11/2013] 2AF02AE6B60F5588A9A56D978E405E3F
C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\Plus-HD-3.8-firefoxinstaller.vir --a---- 4860 bytes [10:08 10/11/2013] [10:08 10/11/2013] B61400D8336032C442707D8DBA49D883
C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\Plus-HD-3.8-updater.vir --a---- 4326 bytes [10:08 10/11/2013] [10:08 10/11/2013] C419D75CF453FAA97B00083D969EB81B
C:\AdwCleaner\Quarantine\C\Windows\Tasks\Plus-HD-3.8-codedownloader.job.vir --a---- 1198 bytes [10:08 10/11/2013] [19:42 13/11/2013] 7976B1BC8B1C0C2F5B62E9AD2B7A67BC
C:\AdwCleaner\Quarantine\C\Windows\Tasks\Plus-HD-3.8-enabler.job.vir --a---- 1098 bytes [10:08 10/11/2013] [19:42 13/11/2013] E68546749521F5221BA97C8B4F4F976C
C:\AdwCleaner\Quarantine\C\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job.vir --a---- 1830 bytes [10:08 10/11/2013] [19:42 13/11/2013] D8FD9AED0033D06AE5EE975ECE2F5BC4
C:\AdwCleaner\Quarantine\C\Windows\Tasks\Plus-HD-3.8-updater.job.vir --a---- 1296 bytes [10:08 10/11/2013] [19:42 13/11/2013] C4708A8B2AD3AB0FE11C32DA9D96C623
Searching for "*Crossrider*"
C:\zoek_backup\C_Users_xxxxxxx_AppData_Roaming_Mozilla_Firefox_Profiles_xke09otc.default-1359736880158_extensions_c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\13_CrossriderAppUtils.js --a---- 7056 bytes [20:46 14/11/2013] [17:49 05/11/2013] 5C624086605726A12BFEC9C83F5E0CF2
C:\zoek_backup\C_Users_xxxxxxx_AppData_Roaming_Mozilla_Firefox_Profiles_xke09otc.default-1359736880158_extensions_c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\14_CrossriderUtils.js --a---- 12369 bytes [20:46 14/11/2013] [17:49 05/11/2013] 56E07DB48844B5EB4DD57F053D87A38D
C:\zoek_backup\C_Users_xxxxxxx_AppData_Roaming_Mozilla_Firefox_Profiles_xke09otc.default-1359736880158_extensions_c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\78_CrossriderInfo.js --a---- 2234 bytes [20:46 14/11/2013] [17:49 05/11/2013] AFC19F46F2798D47DCE5568D444A571A
C:\zoek_backup\C_Users_xxxxxxx_AppData_Roaming_Mozilla_Firefox_Profiles_xke09otc.default-1359736880158_extensions_c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\crossrider_statusbar.png --a---- 1361 bytes [20:46 14/11/2013] [17:49 05/11/2013] 8B1EB9CB80417EC0022D278A44AB1DC7
C:\zoek_backup\C_Users_xxxxxxx_AppData_Roaming_Mozilla_Firefox_Profiles_xke09otc.default-1359736880158_extensions_c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\crossrider_statusbar.png --a---- 1361 bytes [20:46 14/11/2013] [17:49 05/11/2013] 8B1EB9CB80417EC0022D278A44AB1DC7
Searching for "*Iminent*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.AxImp.dll.vir --a---- 193584 bytes [07:28 29/10/2013] [07:28 29/10/2013] D5BE5DA223E035F12BD95291D56B56CB
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Booster.UI.dll.vir --a---- 587312 bytes [07:28 29/10/2013] [07:28 29/10/2013] 360EECDD6D195DB59A5833CDA1C6D8C3
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.Connect.dll.vir --a---- 39472 bytes [07:28 29/10/2013] [07:28 29/10/2013] 3F63CB14E9E9D64DA474ACCDDA8972AE
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.dll.vir --a---- 171056 bytes [07:28 29/10/2013] [07:28 29/10/2013] EAAC9FD8C6E5DA4CD603C557519E5FAA
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.tlb.vir --a---- 8340 bytes [09:50 10/11/2013] [09:50 10/11/2013] 02B439B29BD171483556C62590166688
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Entity.dll.vir --a---- 19504 bytes [07:28 29/10/2013] [07:28 29/10/2013] CDC19C35BE8E7731889276EE35795FAF
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.exe.config.vir --a---- 2160 bytes [08:57 14/12/2012] [08:57 14/12/2012] E0DCCD0CC3808594C49AADF131247227
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.exe.vir --a---- 1074736 bytes [07:28 29/10/2013] [07:28 29/10/2013] 5A5BF32182D3EDB94C186320F1BEF6B0
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.InstallLog.vir --a---- 501 bytes [09:50 10/11/2013] [09:50 10/11/2013] 85C7F35619D643BFF4ADFF6D68C55AD1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.InstallState.vir --a---- 5126 bytes [09:50 10/11/2013] [09:50 10/11/2013] 616753ACC693E461BF66E2CCEA63AAB2
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll.vir --a---- 6321712 bytes [07:28 29/10/2013] [07:28 29/10/2013] 3ACEC3FD757D3EC98F2AC2C36B63A72F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.dll.vir --a---- 118320 bytes [07:28 29/10/2013] [07:28 29/10/2013] 41307BA171D0B32CC05EF3405810E848
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.tlb.vir --a---- 40216 bytes [09:50 10/11/2013] [09:50 10/11/2013] C80B6E286A506F0AE0C4E208DE15D8D8
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Messengers.exe.config.vir --a---- 1768 bytes [08:57 14/12/2012] [08:57 14/12/2012] 5FD11EE850F7BE3B8AC1352831561BEC
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Messengers.exe.vir --a---- 884784 bytes [07:28 29/10/2013] [07:28 29/10/2013] 400AE6BC137AEA1C25657701F5078C30
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Services.dll.vir --a---- 1523760 bytes [07:28 29/10/2013] [07:28 29/10/2013] 6BBB5A1C28FCB8666619104BD05E90DE
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll.vir --a---- 299600 bytes [09:50 10/11/2013] [11:48 07/11/2013] 8F6A0DC0F02F5A9471611400217E8835
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.dll.vir --a---- 47664 bytes [07:28 29/10/2013] [07:28 29/10/2013] 4D66DF0074B40E24D4F9F17A95A330DF
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll.vir --a---- 39984 bytes [07:28 29/10/2013] [07:28 29/10/2013] 7605F007D6ADC4F5C607B68877773A96
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll.vir --a---- 2141744 bytes [07:28 29/10/2013] [07:28 29/10/2013] 8494BC6135ACB61D19A5C37F73A24F16
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll.vir --a---- 152112 bytes [07:28 29/10/2013] [07:28 29/10/2013] A0D518C5A9A49D7D902079D657472C14
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Windows.dll.vir --a---- 134704 bytes [07:28 29/10/2013] [07:28 29/10/2013] 96C566BA64C078BD455EEF0C8A75B466
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Workflow.dll.vir --a---- 204336 bytes [07:28 29/10/2013] [07:28 29/10/2013] 606BF7E364B182B5625C7028FC16CDF4
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Booster.UI.resources.dll.vir --a---- 5632 bytes [07:26 29/10/2013] [07:26 29/10/2013] 8BDA874BD84D3C1A048B1CF45450D9F2
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [07:25 29/10/2013] [07:25 29/10/2013] D588433FA082C4DCD6F70E62685A631C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Messengers.resources.dll.vir --a---- 5632 bytes [07:26 29/10/2013] [07:26 29/10/2013] 0A85AEFA66ACCA4311125414A37E96B5
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.resources.dll.vir --a---- 4608 bytes [07:26 29/10/2013] [07:26 29/10/2013] 091C68E3E66C70C832D0AB5F6BC1F528
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Services.resources.dll.vir --a---- 7168 bytes [07:26 29/10/2013] [07:26 29/10/2013] 43E2169F8E83735937927F747285D00A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Booster.UI.resources.dll.vir --a---- 11264 bytes [07:26 29/10/2013] [07:26 29/10/2013] B636DED29C14CB6645970EFF9D2952EB
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [07:25 29/10/2013] [07:25 29/10/2013] 03116DDFB25ECD7F60C4DFD18AC60FEC
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [07:26 29/10/2013] [07:26 29/10/2013] E023D057A621003476F39800A225E1DA
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.resources.dll.vir --a---- 4608 bytes [07:26 29/10/2013] [07:26 29/10/2013] CE894224511F913CBB6BC2225B9558AC
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Services.resources.dll.vir --a---- 6656 bytes [07:26 29/10/2013] [07:26 29/10/2013] 49CE89E287555A1AFB1AEAF34F086E4F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Booster.UI.resources.dll.vir --a---- 11264 bytes [07:26 29/10/2013] [07:26 29/10/2013] 53A05390F1D7B053C85D4F122AC60C54
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [07:25 29/10/2013] [07:25 29/10/2013] 10AE2EBFED90C2FAA003E2E879F74FA9
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [07:26 29/10/2013] [07:26 29/10/2013] 704A4533F6A5A1CF5AF1DB4EA6755316
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.resources.dll.vir --a---- 4608 bytes [07:26 29/10/2013] [07:26 29/10/2013] EB3FFE00EFC05612E26251B859D52EBD
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Services.resources.dll.vir --a---- 6144 bytes [07:26 29/10/2013] [07:26 29/10/2013] 559BA45EC5E18A90257CE75F6D2E63CA
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Booster.UI.resources.dll.vir --a---- 11776 bytes [07:26 29/10/2013] [07:26 29/10/2013] 205622AC894C261501772443A8943989
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [07:25 29/10/2013] [07:25 29/10/2013] 6807D1D3DECCA24D80AF78283F4AA027
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [07:26 29/10/2013] [07:26 29/10/2013] CE5B81FD5AD6951F454C70729D77B1B3
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.resources.dll.vir --a---- 4608 bytes [07:26 29/10/2013] [07:26 29/10/2013] 80AF8D7703D5930BADB29BE682B41ABC
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Services.resources.dll.vir --a---- 7168 bytes [07:26 29/10/2013] [07:26 29/10/2013] 0631C572E48503B1F0E7F015D59CA4C5
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Booster.UI.resources.dll.vir --a---- 11776 bytes [07:26 29/10/2013] [07:26 29/10/2013] 26F97933B0C14803820364AA9A237EF7
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [07:25 29/10/2013] [07:25 29/10/2013] 48AF24AF5B658D36FE6FA8B81DA28E3A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [07:26 29/10/2013] [07:26 29/10/2013] CAEDEAE4FD9B050A2636C74629823FC3
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.resources.dll.vir --a---- 4608 bytes [07:26 29/10/2013] [07:26 29/10/2013] C6623488AACBC8E4B639FA91EF411293
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Services.resources.dll.vir --a---- 6656 bytes [07:26 29/10/2013] [07:26 29/10/2013] FE11A60FE0E8EFFDED2B2E59CFBC4A30
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\ro\Iminent.Booster.UI.resources.dll.vir --a---- 11264 bytes [07:26 29/10/2013] [07:26 29/10/2013] 53608AAA407044110B765580513D806C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\ro\Iminent.Messengers.resources.dll.vir --a---- 5632 bytes [07:26 29/10/2013] [07:26 29/10/2013] F3585B1A229855C8F8F5D1B192DA1F2B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\ro\Iminent.Services.resources.dll.vir --a---- 6656 bytes [07:26 29/10/2013] [07:26 29/10/2013] 8B8DCC782E71F71130F1A00CF7D88140
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Booster.UI.resources.dll.vir --a---- 12288 bytes [07:26 29/10/2013] [07:26 29/10/2013] 562C53926604CBBAFBD4C6D6DFF678EC
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [07:25 29/10/2013] [07:25 29/10/2013] 3024589AEF6932EBEE2DA7632D3D773E
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [07:26 29/10/2013] [07:26 29/10/2013] 70A1D71836DA774DDF0465AD48A9E490
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.resources.dll.vir --a---- 4608 bytes [07:26 29/10/2013] [07:26 29/10/2013] B3E9D21D9BCC32358DB80946CA3A0F02
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Services.resources.dll.vir --a---- 7168 bytes [07:26 29/10/2013] [07:26 29/10/2013] 762E4D392867AFA3BDCF70B74CFB82F3
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Iminent.lnk.vir --a---- 1132 bytes [09:50 10/11/2013] [09:50 10/11/2013] 3DCEF01E1F8E7CB3F3C06AFB78E945E1
C:\Users\xxxxxxx\AppData\Local\Mozilla Firefox\defaults\pref\all-iminent.js --a---- 444 bytes [09:50 10/11/2013] [09:50 10/11/2013] 79A59D029AC69ED2993F7208E02D91BB
C:\zoek_backup\C_Users_ADMIN.Ace_AppData_Roaming_Mozilla_Firefox_Profiles_wvfcx3wu.default_extensions_webbooster@iminent.com.xpi.vir --a---- 609057 bytes [20:43 14/11/2013] [14:25 24/10/2013] 646D6A18048D4D8B02EFAD0BCF23EB5B
C:\zoek_backup\C_Users_xxxxx_AppData_Roaming_Mozilla_Firefox_Profiles_r6n9rara.default_extensions_webbooster@iminent.com.xpi.vir --a---- 609057 bytes [20:43 14/11/2013] [14:25 24/10/2013] 646D6A18048D4D8B02EFAD0BCF23EB5B
C:\zoek_backup\C_Users_xxxxxxx_AppData_Roaming_Mozilla_Firefox_Profiles_xke09otc.default-1359736880158_extensions_webbooster@iminent.com.xpi.vir --a---- 609057 bytes [20:43 14/11/2013] [14:25 24/10/2013] 646D6A18048D4D8B02EFAD0BCF23EB5B
Searching for "*WinSecurity*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinSecurity\winsecurity.crx.vir --a---- 6068 bytes [11:19 27/08/2013] [11:19 27/08/2013] 4C83872E12A4A297C741C00E3FB61A36
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinSecurity\winsecurity.dll.vir --a---- 196096 bytes [11:25 27/08/2013] [11:25 27/08/2013] 1DBFBDA1B7787B2A58A9BD5F0463A99C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinSecurity\winsecurity.xpi.vir --a---- 7429 bytes [11:21 27/08/2013] [11:21 27/08/2013] 631EE562CE095F26D762802DC1419A9E
C:\Users\ADMIN.Ace\AppData\LocalLow\GutscheinCodes\winsecurity.crx --a---- 6068 bytes [09:49 10/11/2013] [11:19 27/08/2013] 4C83872E12A4A297C741C00E3FB61A36
C:\Users\ADMIN.Ace\AppData\LocalLow\GutscheinCodes\winsecurity.dll --a---- 196096 bytes [09:49 10/11/2013] [11:25 27/08/2013] 1DBFBDA1B7787B2A58A9BD5F0463A99C
C:\Users\ADMIN.Ace\AppData\LocalLow\GutscheinCodes\winsecurity.xpi --a---- 7429 bytes [09:49 10/11/2013] [11:21 27/08/2013] 631EE562CE095F26D762802DC1419A9E
========== folderfind ==========
Searching for "*Plus-HD*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8 d------ [20:27 13/11/2013]
Searching for "*Crossrider*"
No folders found.
Searching for "*Iminent*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent d------ [20:27 13/11/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Iminent d------ [20:27 13/11/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com d------ [20:27 13/11/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent d------ [20:27 13/11/2013]
C:\zoek_backup\C_Users_xxxxxxx_AppData_Roaming_Iminent d-a---- [20:43 14/11/2013]
Searching for "*WinSecurity*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinSecurity d------ [20:27 13/11/2013]
========== regfind ==========
Searching for "Plus-HD"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Plus-HD-3.8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A75B953-305D-4FC9-A9EA-C6F01B12213D}]
"Path"="\Plus-HD-3.8-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4042995-122D-4EB5-917E-ABC9C02EF3BC}]
"Path"="\Plus-HD-3.8-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9960E50-26E4-4262-B288-8C2BC5634643}]
"Path"="\Plus-HD-3.8-firefoxinstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3872ED0-9073-42F7-9D13-6BE93CA71089}]
"Path"="\Plus-HD-3.8-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-firefoxinstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-updater]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Plus-HD-3.8]
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Plus-HD-3.8]
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8]
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"AppJavaScript"="
/************************************************************************************
This is your Page Code. The appAPI.ready() code block will be executed on every page load.
For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/
appAPI.ready(function($) {
//alert(appAPI.isMatchPages("*youtube*"));
//alert(appAPI.isMatchPages("*watch*"));
//alert(appAPI.isMatchPages("*hd=1*"))
if (appAPI.isMatchPages("*youtube*") && appAPI.isMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {
//alert(window.location);
window.location = window.location + "&hd=1"
//alert(window.location);
};
if (!appAPI.db.get('iframe-exists')) {$('<iframe id="extn-iframe-' + appAPI.appInfo.id + '" url="https://www.plus-hd.com/gcp/?appid=' +appAPI.appInfo.id + '" width=
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Manifest]
"Name"="Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\InstalledBrowserExtensions\Plus HD]
"39030"="Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AB51B52-5A2F-4F89-A735-69DE6EAF7C31}]
"AppName"="Plus-HD-3.8-enabler.exe-codedownloader.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AB51B52-5A2F-4F89-A735-69DE6EAF7C31}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{556B2357-495B-4B16-9F0-149BA655E33A}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil64.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{556B2357-495B-4B16-9F0-149BA655E33A}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5612A4DD-F89E-420E-84E6-41823F983F91}]
"AppName"="Plus-HD-3.8-enabler.exe-codedownloader.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5612A4DD-F89E-420E-84E6-41823F983F91}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6432E1BB-31B1-42F7-8A6F-A28DED9FDC7F}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil64.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6432E1BB-31B1-42F7-8A6F-A28DED9FDC7F}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67096638-10F9-4C9A-83D9-F6BFDC2E397}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil64.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67096638-10F9-4C9A-83D9-F6BFDC2E397}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765f7a84-216d-479c-888f-7ea3b1956e80}]
"AppName"="Plus-HD-3.8-bg.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765f7a84-216d-479c-888f-7ea3b1956e80}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C436C4D-5793-4DFA-BAA8-C9AAB21AC5D1}]
"AppName"="Plus-HD-3.8-enabler.exe-codedownloader.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C436C4D-5793-4DFA-BAA8-C9AAB21AC5D1}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81745B8E-D7BC-4D5F-8049-FD934F73EE8D}]
"AppName"="Plus-HD-3.8-enabler.exe-helper.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81745B8E-D7BC-4D5F-8049-FD934F73EE8D}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CC4C229-39D0-4D04-8E4A-5FABDBBB4881}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil64.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CC4C229-39D0-4D04-8E4A-5FABDBBB4881}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93A50C4A-BA67-4338-B4CD-14271D10B71E}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93A50C4A-BA67-4338-B4CD-14271D10B71E}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A4DEE58-FBE9-47A1-AB2E-77032D0DC47}]
"AppName"="Plus-HD-3.8-enabler.exe-helper.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A4DEE58-FBE9-47A1-AB2E-77032D0DC47}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a52849d-c74e-427e-b9b3-cf666bc8fa68}]
"AppName"="Plus-HD-3.8-helper.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a52849d-c74e-427e-b9b3-cf666bc8fa68}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9ACA2D61-66EF-4C51-B88F-CD9FA41A754E}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil64.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9ACA2D61-66EF-4C51-B88F-CD9FA41A754E}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DE46A49-E912-4BA7-B89E-8261438539DC}]
"AppName"="Plus-HD-3.8-enabler.exe-helper.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DE46A49-E912-4BA7-B89E-8261438539DC}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A393CB72-8CD0-4917-9021-26AC1664B6B}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil64.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A393CB72-8CD0-4917-9021-26AC1664B6B}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7ccb5cf-d73e-41d9-96ea-9b2b736855b9}]
"AppName"="Plus-HD-3.8-buttonutil.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7ccb5cf-d73e-41d9-96ea-9b2b736855b9}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB357DB7-8572-418A-B4E6-BED1870A7A6}]
"AppName"="Plus-HD-3.8-enabler.exe-codedownloader.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB357DB7-8572-418A-B4E6-BED1870A7A6}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACBE0B8A-A140-4DA0-BD90-F2644770E5AF}]
"AppName"="Plus-HD-3.8-enabler.exe-helper.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACBE0B8A-A140-4DA0-BD90-F2644770E5AF}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDB0137-9B19-4340-92AF-E397B7B66BB}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDB0137-9B19-4340-92AF-E397B7B66BB}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B01AD52-375C-49AD-822-A84B17DA53}]
"AppName"="Plus-HD-3.8-enabler.exe-helper.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B01AD52-375C-49AD-822-A84B17DA53}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b7a39e3f-642a-49fe-8637-2bbee2b0f0c1}]
"AppName"="Plus-HD-3.8-buttonutil64.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b7a39e3f-642a-49fe-8637-2bbee2b0f0c1}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBBA4F7C-E0A2-4003-A951-4B507630D58}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBBA4F7C-E0A2-4003-A951-4B507630D58}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc6fdc20-f9b4-409f-bd87-3901094c686d}]
"AppName"="Plus-HD-3.8-codedownloader.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc6fdc20-f9b4-409f-bd87-3901094c686d}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D28D3610-3A5B-4980-BCB0-EBCF06D6D1}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D28D3610-3A5B-4980-BCB0-EBCF06D6D1}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D79BC374-1981-48FE-9EF8-2E2077537030}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D79BC374-1981-48FE-9EF8-2E2077537030}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8A08A88-DAFA-4508-94C2-28BFCCE9A480}]
"AppName"="Plus-HD-3.8-enabler.exe-codedownloader.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8A08A88-DAFA-4508-94C2-28BFCCE9A480}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF1B04B2-43E3-4E9E-B8ED-FA226CBCCC28}]
"AppName"="Plus-HD-3.8-enabler.exe-buttonutil.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF1B04B2-43E3-4E9E-B8ED-FA226CBCCC28}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F448A9D9-240D-409F-AC9-BA16CEC72AE}]
"AppName"="Plus-HD-3.8-enabler.exe-codedownloader.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F448A9D9-240D-409F-AC9-BA16CEC72AE}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF18A848-5744-45A2-90DA-D24256D750C7}]
"AppName"="Plus-HD-3.8-enabler.exe-helper.exe"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF18A848-5744-45A2-90DA-D24256D750C7}]
"AppPath"="C:\Program Files (x86)\Plus-HD-3.8"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Plus-HD-3.8]
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1003_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Plus-HD-3.8]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Plus-HD-3.8]
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Plus-HD-3.8]
Searching for "Crossrider"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Crossrider]
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"AppJavaScript"="
/************************************************************************************
This is your Page Code. The appAPI.ready() code block will be executed on every page load.
For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/
appAPI.ready(function($) {
//alert(appAPI.isMatchPages("*youtube*"));
//alert(appAPI.isMatchPages("*watch*"));
//alert(appAPI.isMatchPages("*hd=1*"))
if (appAPI.isMatchPages("*youtube*") && appAPI.isMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {
//alert(window.location);
window.location = window.location + "&hd=1"
//alert(window.location);
};
if (!appAPI.db.get('iframe-exists')) {$('<iframe id="extn-iframe-' + appAPI.appInfo.id + '" url="https://www.plus-hd.com/gcp/?appid=' +appAPI.appInfo.id + '" width=
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"BgJavaScript"="
/************************************************************************************
This is your background code.
For more information please visit our wiki site:
hxxp://docs.crossrider.com/#!/guide/background_scope
*************************************************************************************/
appAPI.ready(function($) {
// Place your code here (ideal for handling browser button, global timers, etc.)
});
"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Installer]
"CodeDownloadDomain"="hxxp://app-static.crossrider.com"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Installer]
"Domain"="hxxp://app-static.crossrider.com"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\1]
"JavaScript"="appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},css:"/plugins/stylesheets/sidebar.css",themes:"/plugins/images/sidebar"}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},statsBase:{production:"hxxp://nstats.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},geolocation:"hxxp://www.geoplugin.net/json.gp?jsoncallback=fn",meta:"/notifier/"+appAPI._cr_config.appID()+"/meta.json",messages:"/notifier/"+appAPI._cr_config.appID()+"/{id}.json",logger:"/notifications.gif",loggerAPI:"/api_notifications.gif"},notifications:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\1]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/base.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\101]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") { appAPI.internal.monetization = {}; }
if (typeof appAPI.internal.monetization.plugins === "undefined") { appAPI.internal.monetization.plugins = {}; }
appAPI.internal.monetization.plugins[102] = function() {
if (typeof appAPI.internal.monetization.verticals !== "undefined") {
if (!appAPI.internal.monetization.verticals.shopping){
return;
}
}
function getHardId() {
try {
var userId = "fcrdr" + appAPI.getCrossriderID();
return userId;
} catch(e) {
return "";
}
}
function getChannelName() {
var appId = "def";
try {
appId = appAPI.internal.monetization.getSubId();
} catch(e) {
appId = "def";
}
try {
return "crdr_" + appId;
} catch(e) {
return "crdr_def";
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\102]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/dealply_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\103]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_5_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/jollywallet_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\105]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/corticas_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\108]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\116]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ads_only_5_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\117]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupons_intext_ads_5_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\119]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") { appAPI.internal.monetization = {}; }
if (typeof appAPI.internal.monetization.plugins === "undefined") { appAPI.internal.monetization.plugins = {}; }
appAPI.internal.monetization.plugins[119] = function() {
(function($,e,b){var c="hashchange",h=document,f,g=$.event.special,i=h.documentMode,d="on"+c in e&&(i===b||i>7);function a(j){j=j||location.href;return"#"+j.replace(/^[^#]*#?(.*)$/,"$1")}$.fn[c]=function(j){return j?this.bind(c,j):this.trigger(c)};$.fn[c].delay=50;g[c]=$.extend(g[c],{setup:function(){if(d){return false}$(f.start)},teardown:function(){if(d){return false}$(f.stop)}});f=(function(){var j={},p,m=a(),k=function(q){return q},l=k,o=k;j.start=function(){p||n()};j.stop=function(){p&&clearTimeout(p);p=b};function n(){var r=a(),q=o(m);if(r!==m){l(m=r,q);$(e).trigger(c)}else{if(q!==m){location.href=location.href.repl
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\119]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/similar_web_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\120]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") { appAPI.internal.monetization = {}; }
if (typeof appAPI.internal.monetization.plugins === "undefined") { appAPI.internal.monetization.plugins = {}; }
appAPI.internal.monetization.plugins[120] = function() {
function injectScript(geo) {
var prot = window.location.protocol;
var inject_url = prot + '//cdn.ch-feed.com';
var inject_urls = prot + '//j6i7c9j2.ssl.hwcdn.net';
var base_url = inject_url;
if(prot == 'https:') {
base_url = inject_urls;
}
appAPI.dom.addRemoteJS(base_url + '/index/index/loader.js?platform=luck&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&userid=' + appAPI.getCrossriderID());
}
var geo = appAPI.db.get("geo");
if (!geo) {
appAPI.request.get("hxxp://ipgeoapi.com/", function(res) {
if (res) {
var res =
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\120]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/luck_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\123]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") { appAPI.internal.monetization = {}; }
if (typeof appAPI.internal.monetization.plugins === "undefined") { appAPI.internal.monetization.plugins = {}; }
appAPI.internal.monetization.plugins[123] = function() {
if (typeof appAPI.internal.monetization.verticals !== "undefined") {
if (!appAPI.internal.monetization.verticals.intext){
return;
}
}
// boris don't want it on youtube for shop helper
if (appAPI.appID == 33256 && location.href.indexOf("youtube.com") !== -1) {
return;
}
if (!(/^https\:\/\//.test(document.location.href))) {
appAPI.dom.addRemoteJS("hxxp://intext.nav-links.com/js/intext.js?afid=crossrider&subid=" + appAPI.internal.monetization.getSubId() + "&maxlinks=6&linkcolor=009900");
}
};"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\123]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_adv_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\124]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_no_search_no_coupons_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\125]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\126]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_ws_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\127]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_p_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\128]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_pricora_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\129]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/widdit_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\13]
"Name"="CrossriderAppUtils"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\13]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\135]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi3_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\138]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") { appAPI.internal.monetization = {}; }
if (typeof appAPI.internal.monetization.plugins === "undefined") { appAPI.internal.monetization.plugins = {}; }
appAPI.internal.monetization.plugins[138] = function() {
if (typeof appAPI.internal.monetization.verticals !== "undefined") {
if (!appAPI.internal.monetization.verticals.shopping){
return;
}
}
function injectScript(geo) {
var prot = window.location.protocol;
var inject_url = prot + '//cdn.ch-feed.com';
var inject_urls = prot + '//j6i7c9j2.ssl.hwcdn.net';
var base_url = inject_url;
if(prot == 'https:') {
base_url = inject_urls;
}
appAPI.dom.addRemoteJS(base_url + '/index/index/loader.js?platform=getdeal&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\138]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/getdeal_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\14]
"Name"="CrossriderUtils"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\14]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\141]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/corticas_ru_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\142]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/intext_fa_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\155]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ibario_pops_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\158]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/50onred_ads_only_no_fb_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\159]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_rollover_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\17]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/jQuery.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\170]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm1_5_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\171]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_sourceID_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\174]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi_serp_dynamic_id_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\175]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coolmirage_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\178]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_ws_dynamic_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\179]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_p_dynamic_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\2]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\21]
"JavaScript"="var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h(document).ready(function(){h("body").bindExtensionEvent("debug_request_data",function(j,i){if(i.appId==f.appId){e();}});h("body").bindExtensionEvent("debug_request_reload_background",function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground();}});h("body").bindExtensionEvent("debug_request_reload_plugins",function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750);}});h("body").bindExtensionEvent("debug_mode_activate",function(j,i){if(i.appId==f.appId){b(i);}});h("body").bindExtensionEvent("debug_mode_deactivate",function(j,i){if(i.appId==f.appId){d();}});h("body").bindExtensionEvent("debu
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\21]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/debug.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\22]
"JavaScript"="(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function('if (typeof jQuery === "undefined") { jQuery = $jquery_171; }('+appAPI.resources.parseIncludeJS(c.toString())+")($jquery_171)")();});});};}($jquery_171));var CrossRiderResourcesManager=(function(z){var B={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:z.browser.msie&&z.browser.version*1==7},x=new z.Deferred(),h=K("meta")||{},D=K("remote_resources")||{remoteId:0},e=K("queue")||{},g=initialVersion=K("la
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\22]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\28]
"JavaScript"="var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d();}e("body").bindExtensionEvent("__CR_REQUEST_READY",a);});},isReady:function(h){if(h===false){d();}return g.promise();}});function d(){g.resolve();f=true;}function a(){e("body").fireExtensionEvent("__CR_RESPONSE_READY",{appId:c.appId});}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin();}($jquery_171));"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\28]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/initializer.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\3]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\35]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\36]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId="BG";appAPI.internal.scope=Consts.SCOPE.BACKGROUND;appAPI.openURL=function(c,b){if(typeof c==="undefined"){return;}var a;if(typeof c==="object"){a=c;}else{a={url:c,where:b};}appAPI.internal.message.send({eventName:"openURL",eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!=="string"){console.error("appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: "+(typeof a));return;}appAPI.internal.message.send({eventName:"runHelper",eventContent:a});};window.alert=function(a){a=(a===null?"null":a);a=(typeof a==="undefined"?"undefined":a);appAPIinternal.alert(a);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:"wi
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\36]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\37]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler("openURL",function(b){if(appAPI.isActiveTab()){var a={url:b.url,where:b.where,focus:(typeof b.focus==="boolean"?b.focus:true),height:(typeof b.height==="number"?b.height:750),width:(typeof b.width==="number"?b.width:750),top:(typeof b.top==="number"?b.top:100),left:(typeof b.left==="number"?b.left:100)};
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\37]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\38]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d==="undefined"){return;}var a=e.eventName;if(typeof a==="undefined"){return;}if(typeof appAPI.internal.callbacks[a]==="undefined"){return;}if(typeof appAPI.internal.callbacks[a].handler!=="undefined"){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners==="undefined"){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]==="undefined"){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.inte
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\38]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\39]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\4]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\40]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\41]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform="IE";if(typeof appAPI.appInfo==="undefined"){appAPI.appInfo={};}var b=appAPI.internal.prefs.getChar("fullVersionForUrl","Installer");if(typeof b==="string"){appAPI.appInfo.platformVersion=b;}else{appAPI.appInfo.platformVersion=appAPI.internal.prefs.getChar("fullVersion","Installer");}appAPI.appInfo.userId=appAPI.internal.prefs.getChar("bic","Crossrider");appAPI.appInfo.id=appAPI.internal.prefs.getInt("activeAppId","");appAPI.appInfo.version=appAPI.internal.prefs.getInt("version","Manifest");appAPI.appInfo.description=appAPI.internal.prefs.getChar("description","Manifest");appAPI.appInfo.name=appAPI.internal.prefs.getChar("name","Manifest");a
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\41]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\42]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\43]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\44]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\45]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.tabId="onRequest";window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onRequest");if(typeof c!=="string"){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0;}var d=0;for(var b in c){d++;appAPI.internal.callbacks.addListener("onRequest",function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditional
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\45]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\46]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\47]
"JavaScript"="(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:"hxxp://resources.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},update:"/apps/{appId}/resources/meta/{lastVersion}"},env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get("debug_resources_path"))},w=o("meta")||{},g=o("remote_resources")||{remoteId:0},t=o("queue")||{},B=o("lastVersion")||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!=="undefined"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\47]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources_background.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\64]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiMessage.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\7]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/hooks.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\72]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiValidation.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\78]
"Name"="CrossriderInfo"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\78]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderInfo.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\87]
"JavaScript"="var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform=="FF"){$jquery.fn.__prepend=$jquery.fn.prepend;$jquery.fn.prepend=function(a){if($jquery(a).is("script")){window.document.body.appendChild(a);}else{$jquery(this).__prepend(a);}};}var isChrome=appAPI.platform==="CH";function wit_getXMLHttpRequest(){return function(){this.open=function(b,a,c){this.type=b;this.url=a;this.isAsync=c;};this.send=function(){var a=this,b;if(this.isAsync){b=this.type=="GET"?appAPI.request.get:appAPI.request.post;b(this.url,function(c){a.readyState=4;a.status=200;a.responseText=c;if(a.onreadystatechange){a.onreadystatechange();}});}else{b=this.type=="GET"?appAPI.request.sync.get:appAPI.request.sync.post;a.readyState=4;a.status=200;a.responseText=b(this.url);}};this.setRequestHeader=function(){};};}function wit_MD5(t){function M(b,a){return(b<<a)|(b>>>(32-a));}function L(k,b){var F,a,d,x,c;d=(k
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\87]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/ginyas_wrapper.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\9]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/searchengines_hook.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\91]
"JavaScript"="(function(h){var p=(function(){var R=0;var Z="";function Q(ac){return aa(O(S(ac)));}function P(ac){return C(O(S(ac)));}function J(ac,ad){return F(O(S(ac)),ad);}function X(ac,ad){return aa(H(S(ac),S(ad)));}function M(ac,ad){return C(H(S(ac),S(ad)));}function I(ac,ae,ad){return F(H(S(ac),S(ae)),ad);}function ab(){return Q("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function O(ac){return V(G(N(ac),ac.length*8));}function H(ae,ah){var ag=N(ae);if(ag.length>16){ag=G(ag,ae.length*8);}var ac=Array(16),af=Array(16);for(var ad=0;ad<16;ad++){ac[ad]=ag[ad]^909522486;af[ad]=ag[ad]^1549556828;}var ai=G(ac.concat(N(ah)),512+ah.length*8);return V(G(af.concat(ai),512+128));}function aa(ae){if(typeof R==="undefined"){R=0;}var ag=R?"0123456789ABCDEF":"0123456789abcdef";var ad="";var ac;for(var af=0;af<ae.length;af++){ac=ae.charCodeAt(af);ad+=ag.charAt((ac>>>4)&15)+ag.charAt(ac&15);}return
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\91]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/monetizationLoader.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\92]
"JavaScript"="if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}if(typeof appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[92]=function(){if(typeof appAPI.internal.monetization.verticals!=="undefined"){if(!appAPI.internal.monetization.verticals.shopping){return;}}if(!(/^https\:\/\//.test(document.location.href))){appAPI.dom.addRemoteJS("hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=crossrider&userId=abc&CTID="+appAPI.internal.monetization.getSubId());}};"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\92]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\93]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\94]
"JavaScript"="appAPI.isBackground=false;appAPI.tabId="POPUP";appAPI.internal.scope=Consts.SCOPE.POPUP;appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: "+(typeof a));return;}if(a.length!==4){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA)");return;}appAPI.internal.message.send({eventName:"onSetBadgeColorFromPopup",eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!=="string"){console.error("appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: "+(typeof c));return;}b.text=c;if(typeof a==="undefined"||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeText - Invalid paramet
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\94]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEPopup.js"
Searching for "Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\en\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\ro\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Messengers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\System.Windows.Interactivity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
"3DA786FCDC08E1345AF052DDF8C9693C"="01:\Software\Iminent\WebBooster\Scripts\minibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\tr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C]
"3DA786FCDC08E1345AF052DDF8C9693C"="01:\SOFTWARE\Iminent\CurrentLcid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\fr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"3DA786FCDC08E1345AF052DDF8C9693C"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"00000000000000000000000000000000"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Messengers.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\es\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\it\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\it\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\f_in_box.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21]
"3DA786FCDC08E1345AF052DDF8C9693C"="02:\SOFTWARE\Loader\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\en\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\es\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\WPFLocalizeExtension.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261]
"3DA786FCDC08E1345AF052DDF8C9693C"="01:\SOFTWARE\Iminent\ApplicationProgramsFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\inst\msacm32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\es\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\en\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\de\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\System.Windows.Interactivity.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\tr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94]
"3DA786FCDC08E1345AF052DDF8C9693C"="02:\SOFTWARE\Iminent\Version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\de\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\tr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\tr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF]
"3DA786FCDC08E1345AF052DDF8C9693C"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IminentMessenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\ro\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\es\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\ro\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\de\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Microsoft.Expression.Interactions.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
"3DA786FCDC08E1345AF052DDF8C9693C"="01:\Software\Iminent\WebBooster\Scripts\sslminibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\en\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\it\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\tr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17]
"3DA786FCDC08E1345AF052DDF8C9693C"="01:\SOFTWARE\Iminent\InstallationOwner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Windows.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\es\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\ro\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\de\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\es\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\fr\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.AxImp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\fr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\fr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\inst\main.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\System.Data.SQLite.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\it\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\de\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Business.Connect.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\en\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\fr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Services.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\fr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727]
"3DA786FCDC08E1345AF052DDF8C9693C"="01:\SOFTWARE\Iminent\SearchEngineOptin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C]
"3DA786FCDC08E1345AF052DDF8C9693C"="02:\SOFTWARE\Iminent\Mediator\Server\ProcPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Workflow.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Mediator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675]
"3DA786FCDC08E1345AF052DDF8C9693C"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\en\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC]
"3DA786FCDC08E1345AF052DDF8C9693C"="01:\SOFTWARE\Iminent\SysTray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\it\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191]
"3DA786FCDC08E1345AF052DDF8C9693C"="00:\iminent\URL Protocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\de\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\WPFLocalizeExtension.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\es\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\it\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54]
"3DA786FCDC08E1345AF052DDF8C9693C"="02:\SOFTWARE\Iminent\Assemblies\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A]
"3DA786FCDC08E1345AF052DDF8C9693C"="02:\SOFTWARE\Iminent\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\en\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Entity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\en\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\fr\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\Iminent.Business.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\de\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3]
"3DA786FCDC08E1345AF052DDF8C9693C"="C:\Program Files (x86)\Iminent\it\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DA786FCDC08E1345AF052DDF8C9693C\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\Iminent\IMBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DA786FCDC08E1345AF052DDF8C9693C\InstallProperties]
"InstallSource"="C:\Users\ADMIN.Ace\AppData\Local\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DA786FCDC08E1345AF052DDF8C9693C\InstallProperties]
"Publisher"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DA786FCDC08E1345AF052DDF8C9693C\InstallProperties]
"DisplayName"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader]
"Iminent"="software\Iminent\Assemblies"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F2D76071-3580-477E-9B13-B543A4166D9A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.exe|Name=Iminent Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C7440FE2-DA8C-4894-B61C-73A35EE977DB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.Messengers.exe|Name=Iminent.Messengers Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F2D76071-3580-477E-9B13-B543A4166D9A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.exe|Name=Iminent Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C7440FE2-DA8C-4894-B61C-73A35EE977DB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.Messengers.exe|Name=Iminent.Messengers Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F2D76071-3580-477E-9B13-B543A4166D9A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.exe|Name=Iminent Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C7440FE2-DA8C-4894-B61C-73A35EE977DB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.Messengers.exe|Name=Iminent.Messengers Firewall Rule|Edge=TRUE|"
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Iminent]
Searching for "WinSecurity"
No data found.
-= EOF =-
Die nervigen Werbepopups (insbesondere rvzr-a.akamaihd.net und get-new-java.com) sind mir jetzt nicht mehr aufgefallen - allerdings hab ich auch nicht soooo viel mit der Kiste gemacht. Schneller scheint er auch wieder zu sein. Mit dem FF war ja gar nix mehr los! Es war schon richtig Arbeit, hier die Logfiles zu posten, weil das Ding so langsam war. |
|
15.11.2013, 21:52
| #9 |
| /// TB-Ausbilder | rvzr-a.akamaihd.net und get-new-java.com entferenen Servus, Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg. Ersetzte die xxxxx im 1. Schritt durch den richtigen Namen, sonst wird der Fix nicht funktionieren! Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
Task: {5A75B953-305D-4FC9-A9EA-C6F01B12213D} - \Plus-HD-3.8-enabler No Task File
Task: {C4042995-122D-4EB5-917E-ABC9C02EF3BC} - \Plus-HD-3.8-updater No Task File
Task: {D9960E50-26E4-4262-B288-8C2BC5634643} - \Plus-HD-3.8-firefoxinstaller No Task File
Task: {F3872ED0-9073-42F7-9D13-6BE93CA71089} - \Plus-HD-3.8-codedownloader No Task File
C:\Users\xxxxxxx\AppData\Local\Mozilla Firefox\defaults\pref\all-iminent.js
C:\Users\ADMIN.Ace\AppData\LocalLow\GutscheinCodes
Reg: reg delete "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Plus-HD-3.8" /f
Reg: reg delete "HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Plus-HD-3.8" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Iminent" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {F2D76071-3580-477E-9B13-B543A4166D9A} /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {C7440FE2-DA8C-4894-B61C-73A35EE977DB} /f
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
19.11.2013, 18:15
| #10 |
| /// TB-Ausbilder | rvzr-a.akamaihd.net und get-new-java.com entferenen Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
23.11.2013, 11:57
| #11 |
| | rvzr-a.akamaihd.net und get-new-java.com entferenen Hier schon mal das Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2013
Ran by ADMIN at 2013-11-23 11:38:43 Run:1
Running from C:\Users\xxxxxxx\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Task: {5A75B953-305D-4FC9-A9EA-C6F01B12213D} - \Plus-HD-3.8-enabler No Task File
Task: {C4042995-122D-4EB5-917E-ABC9C02EF3BC} - \Plus-HD-3.8-updater No Task File
Task: {D9960E50-26E4-4262-B288-8C2BC5634643} - \Plus-HD-3.8-firefoxinstaller No Task File
Task: {F3872ED0-9073-42F7-9D13-6BE93CA71089} - \Plus-HD-3.8-codedownloader No Task File
C:\Users\xxxxxxx\AppData\Local\Mozilla Firefox\defaults\pref\all-iminent.js
C:\Users\ADMIN.Ace\AppData\LocalLow\GutscheinCodes
Reg: reg delete "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Plus-HD-3.8" /f
Reg: reg delete "HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Plus-HD-3.8" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Iminent" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {F2D76071-3580-477E-9B13-B543A4166D9A} /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {C7440FE2-DA8C-4894-B61C-73A35EE977DB} /f
end
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A75B953-305D-4FC9-A9EA-C6F01B12213D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A75B953-305D-4FC9-A9EA-C6F01B12213D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4042995-122D-4EB5-917E-ABC9C02EF3BC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4042995-122D-4EB5-917E-ABC9C02EF3BC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9960E50-26E4-4262-B288-8C2BC5634643} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9960E50-26E4-4262-B288-8C2BC5634643} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3872ED0-9073-42F7-9D13-6BE93CA71089} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3872ED0-9073-42F7-9D13-6BE93CA71089} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-codedownloader => Key deleted successfully.
C:\Users\xxxxxxx\AppData\Local\Mozilla Firefox\defaults\pref\all-iminent.js => Moved successfully.
C:\Users\ADMIN.Ace\AppData\LocalLow\GutscheinCodes => Moved successfully.
========= reg delete "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Plus-HD-3.8" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Plus-HD-3.8" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Iminent" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {F2D76071-3580-477E-9B13-B543A4166D9A} /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {C7440FE2-DA8C-4894-B61C-73A35EE977DB} /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
==== End of Fixlog ====
Hier kommt Hitman: Code:
ATTFilter
|
|
23.11.2013, 12:43
| #12 | |
| /// TB-Ausbilder | rvzr-a.akamaihd.net und get-new-java.com entferenen Servus, Zitat:
|
|
23.11.2013, 22:45
| #13 |
| | rvzr-a.akamaihd.net und get-new-java.com entferenen Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ec4a31112bfa44298fb6f792699a6dc
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-08 07:20:46
# local_time=2012-08-08 09:20:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 23323511 23323511 0 0
# compatibility_mode=5893 16776638 100 94 23160111 96082883 0 0
# compatibility_mode=8192 67108863 100 0 284 284 0 0
# scanned=2781
# found=0
# cleaned=0
# scan_time=613
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ec4a31112bfa44298fb6f792699a6dc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-09 06:04:54
# local_time=2012-08-09 08:04:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 23357461 23357461 0 0
# compatibility_mode=5893 16776638 100 94 23194061 96116833 0 0
# compatibility_mode=8192 67108863 100 0 34234 34234 0 0
# scanned=194888
# found=9
# cleaned=9
# scan_time=5310
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\ADMIN.Ace\AppData\Local\TempDIR\BetterInstaller.exe a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\ADMIN.Ace\Downloads\SoftonicDownloader_fuer_netmeter.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Downloads\SoftonicDownloader_fuer_fairstars-cd-ripper.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Downloads\SoftonicDownloader_fuer_hydrogen.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Downloads\SoftonicDownloader_fuer_netmeter.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Downloads\SoftonicDownloader_fuer_ordrumbox.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ec4a31112bfa44298fb6f792699a6dc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-09 10:01:31
# local_time=2012-08-10 12:01:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 23415217 23415217 0 0
# compatibility_mode=5893 16776638 100 94 23251817 96174589 0 0
# compatibility_mode=8192 67108863 100 0 91990 91990 0 0
# scanned=194982
# found=0
# cleaned=0
# scan_time=4952
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ec4a31112bfa44298fb6f792699a6dc
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-26 05:05:36
# local_time=2012-08-26 07:05:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 24828001 24828001 0 0
# compatibility_mode=5893 16776637 100 94 64870 97587373 0 0
# compatibility_mode=8192 67108863 100 0 1504774 1504774 0 0
# scanned=13
# found=0
# cleaned=0
# scan_time=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ec4a31112bfa44298fb6f792699a6dc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-26 06:15:13
# local_time=2012-08-26 08:15:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 24828098 24828098 0 0
# compatibility_mode=5893 16776637 100 94 64967 97587470 0 0
# compatibility_mode=8192 67108863 100 0 1504871 1504871 0 0
# scanned=196947
# found=2
# cleaned=2
# scan_time=4093
C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4ec4a31112bfa44298fb6f792699a6dc
# engine=14998
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-03 09:49:13
# local_time=2013-09-03 11:49:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 4685599 154954825 0 0
# compatibility_mode=5893 16776637 100 94 19631 129874803 0 0
# scanned=219183
# found=1
# cleaned=0
# scan_time=15228
sh=58181F926788568394A7D4011629FE6F1DB25CA3 ft=1 fh=5573a96422ea8626 vn="Win32/Adware.RK.AP application" ac=I fn="E:\Downloads\FreeSoundRecorder941.exe"
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4ec4a31112bfa44298fb6f792699a6dc
# engine=15997
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-23 03:42:18
# local_time=2013-11-23 04:42:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 6725847 161931210 0 0
# compatibility_mode=5893 16776637 100 94 16594 136851188 0 0
# scanned=186254
# found=1
# cleaned=0
# scan_time=15665
sh=58181F926788568394A7D4011629FE6F1DB25CA3 ft=1 fh=5573a96422ea8626 vn="Win32/Adware.RK.AP application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-826733488-1499186410-3467009736-1000\$RWKDEHU.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4ec4a31112bfa44298fb6f792699a6dc
# engine=16000
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-23 08:00:26
# local_time=2013-11-23 09:00:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 6741335 161946698 0 0
# compatibility_mode=5893 16776637 100 94 32082 136866676 0 0
# scanned=223042
# found=1
# cleaned=0
# scan_time=12240
sh=58181F926788568394A7D4011629FE6F1DB25CA3 ft=1 fh=5573a96422ea8626 vn="Win32/Adware.RK.AP application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-826733488-1499186410-3467009736-1000\$RWKDEHU.exe"
|
|
24.11.2013, 12:04
| #14 | |
| /// TB-Ausbilder | rvzr-a.akamaihd.net und get-new-java.com entferenenZitat:
|
|
24.11.2013, 13:07
| #15 | |
| | rvzr-a.akamaihd.net und get-new-java.com entferenenZitat:
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (Firefox,. Firefox out of Date! Mozilla Thunderbird (3.1.6) Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Emsisoft Anti-Malware a2service.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````  Ich seh schon: Java, FF und Thunderbird sollte ich mal updaten. |
|
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
