Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.04.2014, 12:46   #1
bm123
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Moin,
mein Bruder gab mir seinen Laptop. Seine Aussage:
Der Internet Explorer hat immer die falsche Startseite, einstellen nüzt nichts und Firefox verweigert die Verbindung mit Proxy-Server!

Er selber hatt schon was mit Virescannern versucht, welche weis ich nicht, hat er mir nicht mitgeteilt.
Vorher hatte Firefox das selbe Problem wie der IE, nach dem scan kam die o.g. Fehlermeldung.

Auf dem Laptop sind zwei Benutzerkonten, Seines und das seiner Tochter.
Ich habe die folgenden Logfiles nur auf seinem Konto erstellt!
Wenn ich welche mit dem anderen Konto erstellen soll, so sagt es mir bitte.

defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:06 on 16/04/2014 (ICH)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by ICH (administrator) on SVENI-PC on 16-04-2014 13:08:02
Running from C:\Users\ICH\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-29] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [165912 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [385560 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [363544 2009-09-23] (Intel Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A51FD27CE3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default
FF user.js: detected! => C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Mysearchdial
FF Homepage: hxxp://google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) =================

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 13:08 - 2014-04-16 13:08 - 00009106 _____ () C:\Users\ICH\Desktop\FRST.txt
2014-04-16 13:07 - 2014-04-16 13:08 - 00000000 ____D () C:\FRST
2014-04-16 13:06 - 2014-04-16 13:06 - 00000468 _____ () C:\Users\ICH\Desktop\defogger_disable.log
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable
2014-04-16 13:06 - 2014-04-16 13:05 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe
2014-04-16 13:06 - 2014-04-16 13:05 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe
2014-04-16 13:06 - 2014-04-16 13:04 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe
2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog
2014-04-15 18:39 - 2014-04-15 18:40 - 00000000 ____D () C:\03463972d690932c2a4980ba
2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log
2014-04-14 23:54 - 2014-02-17 21:55 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 23:49 - 2014-04-16 12:41 - 00000946 _____ () C:\Windows\setupact.log
2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-14 21:46 - 2014-04-16 12:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 21:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 21:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 21:38 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 21:26 - 2014-04-14 21:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-04-14 21:26 - 2014-04-14 21:27 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part
2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg
2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe
2014-04-10 12:14 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 12:14 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 12:14 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 12:14 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 12:14 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 12:14 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 12:14 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 12:14 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 12:14 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 12:14 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 12:14 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 12:14 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 12:14 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 12:14 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 12:14 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 12:14 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat
2014-03-30 17:21 - 2014-03-30 20:09 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe
2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 17:05 - 2014-04-16 13:05 - 00000284 _____ () C:\Windows\Tasks\MySearchDial.job
2014-03-30 17:05 - 2014-04-14 20:05 - 00003220 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-03-30 17:05 - 2014-04-14 20:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG
2014-03-30 17:05 - 2014-03-30 17:08 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-03-30 17:05 - 2014-03-28 16:38 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe
2014-03-30 16:55 - 2014-03-30 16:55 - 00000000 ____D () C:\Users\ICH\AppData\Local\Tuguu_SL
2014-03-30 16:54 - 2014-03-31 17:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-03-30 16:54 - 2014-03-30 20:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-03-30 16:54 - 2014-03-30 17:26 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-03-30 16:54 - 2014-03-30 17:06 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-03-30 16:54 - 2014-03-30 17:06 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results
2014-03-30 16:53 - 2014-04-16 12:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-30 16:52 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\WPM
2014-03-30 16:52 - 2014-04-14 22:18 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\SupTab
2014-03-30 16:50 - 2014-03-30 16:50 - 00003208 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-03-30 16:50 - 2014-03-30 16:49 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp
2014-03-30 16:49 - 2014-04-16 12:50 - 00000274 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-03-30 16:49 - 2014-04-16 12:42 - 00000268 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-03-30 16:49 - 2014-03-30 16:50 - 00002496 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-03-30 16:48 - 2014-03-30 16:48 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Uniblue
2014-03-30 16:48 - 2014-03-30 16:48 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 16:45 - 2014-03-30 16:45 - 00000000 ____D () C:\Users\ICH\AppData\Local\SearchProtect
2014-03-30 16:45 - 2014-03-30 16:45 - 00000000 _____ () C:\END
2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn
2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac

==================== One Month Modified Files and Folders =======

2014-04-16 13:08 - 2014-04-16 13:08 - 00009106 _____ () C:\Users\ICH\Desktop\FRST.txt
2014-04-16 13:08 - 2014-04-16 13:07 - 00000000 ____D () C:\FRST
2014-04-16 13:06 - 2014-04-16 13:06 - 00000468 _____ () C:\Users\ICH\Desktop\defogger_disable.log
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable
2014-04-16 13:06 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH
2014-04-16 13:05 - 2014-04-16 13:06 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe
2014-04-16 13:05 - 2014-04-16 13:06 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe
2014-04-16 13:05 - 2014-03-30 17:05 - 00000284 _____ () C:\Windows\Tasks\MySearchDial.job
2014-04-16 13:04 - 2014-04-16 13:06 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe
2014-04-16 12:51 - 2014-03-30 16:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 12:50 - 2014-03-30 16:49 - 00000274 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-04-16 12:48 - 2011-09-07 19:27 - 01401585 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 12:48 - 2009-07-14 19:58 - 00699712 _____ () C:\Windows\system32\perfh007.dat
2014-04-16 12:48 - 2009-07-14 19:58 - 00149820 _____ () C:\Windows\system32\perfc007.dat
2014-04-16 12:48 - 2009-07-14 07:13 - 01620812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 12:48 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 12:48 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 12:47 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH\AppData\Local\VirtualStore
2014-04-16 12:45 - 2014-03-10 20:23 - 01595092 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog
2014-04-16 12:44 - 2011-10-27 20:28 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-16 12:42 - 2014-03-30 16:49 - 00000268 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-04-16 12:41 - 2014-04-14 23:49 - 00000946 _____ () C:\Windows\setupact.log
2014-04-16 12:41 - 2014-04-14 21:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 12:41 - 2013-06-01 20:02 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn Hamachi
2014-04-16 12:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-15 18:40 - 2014-04-15 18:39 - 00000000 ____D () C:\03463972d690932c2a4980ba
2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log
2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-14 23:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-14 23:14 - 2013-02-04 15:09 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA.job
2014-04-14 23:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-14 22:20 - 2014-03-30 16:52 - 00000000 ____D () C:\ProgramData\WPM
2014-04-14 22:18 - 2014-03-30 16:52 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\SupTab
2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 21:28 - 2014-04-14 21:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-04-14 21:27 - 2014-04-14 21:26 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part
2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg
2014-04-14 20:05 - 2014-03-30 17:05 - 00003220 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-04-14 20:05 - 2014-03-30 17:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG
2014-04-14 19:25 - 2013-11-23 21:31 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 19:25 - 2011-09-07 20:23 - 00000000 ____D () C:\Windows\Panther
2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe
2014-04-13 17:43 - 2013-03-23 10:36 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Spotify
2014-04-13 17:43 - 2013-03-16 13:59 - 00000000 ____D () C:\Users\sveni\AppData\Local\LogMeIn Hamachi
2014-04-13 17:38 - 2013-02-04 15:09 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core.job
2014-04-13 17:30 - 2013-01-10 19:51 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Skype
2014-04-11 11:49 - 2013-08-15 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 11:46 - 2012-02-12 12:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 12:04 - 2013-03-23 10:39 - 00000000 ____D () C:\Users\sveni\AppData\Local\Spotify
2014-04-03 09:51 - 2014-04-14 21:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 21:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 21:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 17:06 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-03-31 14:52 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-31 03:16 - 2014-04-10 12:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 12:14 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe
2014-03-30 20:09 - 2014-03-30 17:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-30 20:01 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-03-30 18:54 - 2013-01-19 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 17:36 - 2013-03-23 10:39 - 00002022 _____ () C:\Users\sveni\Desktop\Spotify.lnk
2014-03-30 17:36 - 2013-03-23 10:39 - 00002008 _____ () C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-03-30 17:26 - 2014-03-30 16:54 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe
2014-03-30 17:08 - 2014-03-30 17:05 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 17:06 - 2014-03-30 16:54 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-03-30 17:06 - 2014-03-30 16:54 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results
2014-03-30 16:57 - 2013-01-30 22:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-30 16:55 - 2014-03-30 16:55 - 00000000 ____D () C:\Users\ICH\AppData\Local\Tuguu_SL
2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-30 16:53 - 2013-09-01 20:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-30 16:53 - 2011-09-17 11:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-30 16:50 - 2014-03-30 16:50 - 00003208 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-03-30 16:50 - 2014-03-30 16:49 - 00002496 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-03-30 16:49 - 2014-03-30 16:50 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp
2014-03-30 16:48 - 2014-03-30 16:48 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Uniblue
2014-03-30 16:48 - 2014-03-30 16:48 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-30 16:45 - 2014-03-30 16:45 - 00000000 ____D () C:\Users\ICH\AppData\Local\SearchProtect
2014-03-30 16:45 - 2014-03-30 16:45 - 00000000 _____ () C:\END
2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn
2014-03-29 13:44 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-28 16:38 - 2014-03-30 17:05 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe
2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac
2014-03-17 16:18 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\sveni\AppData\Local\Temp\AskSLib.dll
C:\Users\sveni\AppData\Local\Temp\chutil.dll
C:\Users\sveni\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\sveni\AppData\Local\Temp\i4jdel0.exe
C:\Users\sveni\AppData\Local\Temp\install_flashplayer10_chra_aih.exe
C:\Users\sveni\AppData\Local\Temp\ptk4gcrl.dll
C:\Users\sveni\AppData\Local\Temp\ResetDevice.exe
C:\Users\sveni\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sveni\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-14 22:50

==================== End Of Log ============================
         
FRST Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by ICH at 2014-04-16 13:08:55
Running from C:\Users\ICH\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{B0BF4E84-0EE3-4E47-B90E-27B40348E022}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.2 - Synaptics Incorporated)

==================== Restore Points  =========================

18-03-2014 20:21:17 Windows Update
19-03-2014 14:22:16 Windows Update
23-03-2014 18:20:35 Windows Update
28-03-2014 13:22:58 Windows Update
30-03-2014 14:47:14 Uniblue SpeedUpMyPC installation
30-03-2014 14:56:40 Removed Adobe Flash Player 11 ActiveX.
30-03-2014 15:21:24 Installed SpyHunter
30-03-2014 18:03:47 Removed SpyHunter
30-03-2014 18:05:39 Removed SpyHunter
30-03-2014 18:07:45 Removed SpyHunter
30-03-2014 18:08:29 Removed SpyHunter
30-03-2014 22:04:10 Avira EU-Cleaner - 31.03.2014 00:04
01-04-2014 15:52:23 Windows Update
07-04-2014 17:39:13 Windows Update
10-04-2014 18:05:52 Windows Update
11-04-2014 09:44:35 Windows Update
14-04-2014 21:27:47 Windows Update
15-04-2014 16:38:54 Windows Update
16-04-2014 10:43:27 Removed QLBCASL

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {16BB62E6-A89B-4DFB-BCE3-F75A23F8B3A9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-04] (Facebook Inc.)
Task: {2A543878-7A91-4DA1-81D5-2753F4AC716B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4410127F-8756-45D4-9BEF-5CD9D0DCEEE0} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION
Task: {61F9AC68-036A-41BA-98A3-3FF4A95D4229} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION
Task: {7795566C-0694-4F2D-A6C4-CF2722F6E4BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30] (Adobe Systems Incorporated)
Task: {8320BD4E-28C7-426D-9570-5B8A61A14071} - System32\Tasks\MySearchDial => C:\Users\ICH\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9572EB78-6F60-4F78-A026-97A81A454122} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C6441921-8992-4C53-B66F-7E7DC726A46C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CC969808-F2C1-4491-9195-E2856F0816C3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-04] (Facebook Inc.)
Task: {DE11AFC9-B9B4-46CA-A7F2-E3B3C8909E9C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DFDE54CF-55E7-4A27-AD5D-1F4AF4433B76} - System32\Tasks\{F826A647-66EC-4707-99FD-F9875470C78A} => C:\Program Files (x86)\Surf &amp; E-Mail-Stick\Surf &amp; E-Mail-Stick.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core.job => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA.job => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\ICH\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-06-08 23:49 - 2011-06-08 23:49 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3070_B611.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 00:44:30 PM) (Source: Microsoft-Windows-RestartManager) (User: sveni-PC)
Description: Die Anwendung oder der Dienst "hpqwmiex" konnte nicht neu gestartet werden.

Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (04/16/2014 00:42:25 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/16/2014 00:38:56 PM) (Source: Microsoft-Windows-DriverFrameworks-UserMode) (User: NT-AUTORITÄT)
Description: Das Treiberpaket konnte nicht installiert werden. Der letzte Status war "1115".

Error: (04/16/2014 00:35:05 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎15.‎04.‎2014 um 18:39:39 unerwartet heruntergefahren.

Error: (04/14/2014 11:52:07 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/14/2014 11:51:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/14/2014 11:51:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (04/14/2014 10:18:52 PM) (Source: DCOM) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (04/14/2014 07:45:59 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.

Error: (04/14/2014 07:08:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140966905

Error: (04/14/2014 07:08:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140966905


Microsoft Office Sessions:
=========================
Error: (04/16/2014 00:44:30 PM) (Source: Microsoft-Windows-RestartManager)(User: sveni-PC)
Description: 0hpqWmiEx.exehpqwmiex03026217830600

Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 2037.88 MB
Available physical RAM: 1129.94 MB
Total Pagefile: 4075.77 MB
Available Pagefile: 2917.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:106.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1DDD9228)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-16 13:18:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVS-00VAT0 rev.11.01A11 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\ICH\AppData\Local\Temp\pgloypog.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:3992]                                                                      0000000076f47587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:2548]                                                                      00000000745f7712
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:468]                                                                       00000000773b2e65
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:1920]                                                                      00000000773b3e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:2524]                                                                      00000000773b3e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:3000]                                                                      00000000773b3e85

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind    \Device\{0A499656-1C08-48D6-BF2D-E027948BC8E6}?\Device\{0FAD5763-F823-4325-BAFA-EF6BB46A7167}?\Device\{4E818552-8FD4-498E-96BB-16D6001927CD}?\Device\{1E999E6A-5029-42F2-BB9B-CFE48FAD23EB}?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route   "{0A499656-1C08-48D6-BF2D-E027948BC8E6}"?"{0FAD5763-F823-4325-BAFA-EF6BB46A7167}"?"{4E818552-8FD4-498E-96BB-16D6001927CD}"?"{1E999E6A-5029-42F2-BB9B-CFE48FAD23EB}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export  \Device\TCPIP6TUNNEL_{0A499656-1C08-48D6-BF2D-E027948BC8E6}?\Device\TCPIP6TUNNEL_{0FAD5763-F823-4325-BAFA-EF6BB46A7167}?\Device\TCPIP6TUNNEL_{4E818552-8FD4-498E-96BB-16D6001927CD}?\Device\TCPIP6TUNNEL_{1E999E6A-5029-42F2-BB9B-CFE48FAD23EB}?
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4E818552-8FD4-498E-96BB-16D6001927CD}@InterfaceName                      isatap.{DCD2706F-1E03-4BFA-9C58-C569D4F71B34}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4E818552-8FD4-498E-96BB-16D6001927CD}@ReusableType                       0

---- EOF - GMER 2.1 ----
         
Danke für eure Hilfe!
MfG
Björn

Alt 16.04.2014, 12:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 16.04.2014, 13:02   #3
bm123
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Moin,

leider habe ich keine anderen Logs, außer die, die ich selbst angelegt habe.

Ich weiß nicht was er da genau gemacht hat, jedenfalss sind keine Logs vorhanden, habe eben extra in beiden Konten nachgeschaut.

Edit:
Ich muss noch was anfügen:

Er hat scheinbar Malwarebytes Anti-Malware installiert, was mich verwundert: eine Trail Version?
Ich dachte das wäre Freeware?
__________________

Alt 16.04.2014, 13:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Zitat:
Er hat scheinbar Malwarebytes Anti-Malware installiert, was mich verwundert: eine Trail Version?
Ich dachte das wäre Freeware?
Man kann Malwarebytes auch kaufen, aber das ist doch jetzt ein Nebenkriegsschauplatz. Sieht nach was Malwarebytes an Logs hat und poste diese.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.04.2014, 13:30   #5
bm123
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Moin,

ich habe noch ein Log gefunden!
Wenn ich Malwarebytes sage das ich es exportieren möchte, stürzt das Programm ab.
Deshalb hier der inhalt der MBAM Log xml datei, ich hoffe das ist so ok?

Code:
ATTFilter
2014/04/14 22:17:09 +0200 mbam-log-2014-04-14 (21-56-12).xml yes  2.00.1.1004 v2014.04.14.07 v2014.03.27.01 trial enabled enabled disabled  Windows 7 Service Pack 1 x64 ICH NTFS  threat completed 266519 1254 5 2 60 10 16 54 447 0  enabled enabled enabled enabled disabled disabled enabled enabled enabled  C:\ProgramData\IePluginService\PluginService.exePUP.Optional.IePluginService.Adelete-on-reboot11925ae571b9daa162d4dbd82f218d742ed2 C:\ProgramData\WPM\wprotectmanager.exePUP.Optional.WpManagerdelete-on-reboot129244fb9595c6b5989eb553dd7eb74ab749 C:\Program Files (x86)\Re-markit Corp\Re-markit158.exePUP.Optional.ReMarkit.Adelete-on-reboot170847f847e396e5191d266fb0bd62a0ad53 C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exePUP.Optional.ReMarkIt.Adelete-on-reboot2072be81de4cd9a2db5be73c88daf80a9a66 C:\Program Files (x86)\HQVid8\HQVid8-bg.exePUP.Optional.HQVid.Adelete-on-reboot17768073893973546f640810475efcc36c33d C:\Program Files (x86)\SupTab\DpInterface32.dllPUP.Optional.SupTab.Adelete-on-reboot72cda585fa812e08e67a2551b74b0cf4 C:\Program Files (x86)\Re-markit Corp\Re-markit158.dllPUP.Optional.ReMarkIt.Adelete-on-rebootbe81de4cd9a2db5be73c88daf80a9a66 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServicePUP.Optional.IePluginService.Asuccess5ae571b9daa162d4dbd82f218d742ed2 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WpmPUP.Optional.WpManagersuccess44fb9595c6b5989eb553dd7eb74ab749 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}PUP.Optional.VShareRedirsuccess2a15a3872e4db87e6e08e343e61cb24e HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}PUP.Optional.VShareRedirsuccessb9862802f6856ec845305ec855ad43bd HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvcPUP.Optional.MySearchDial.Asuccess93ac31f9502b0e280cd59cac27db966a HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1PUP.Optional.MySearchDial.Asuccess152ab07a215a1125fde485c3e61cc43c HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvcPUP.Optional.MySearchDial.Asuccess152ab07a215a1125fde485c3e61cc43c HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1PUP.Optional.MySearchDial.Asuccess152ab07a215a1125fde485c3e61cc43c HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.BHOPUP.Optional.CrossRider.Asuccess1c23c86233480135f1ddd0c0788b1ce4 HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.BHO.1PUP.Optional.CrossRider.Asuccess4ef11d0db8c31a1c844a2f610ff47987 HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.SandboxPUP.Optional.CrossRider.Asuccessca7564c62f4cbb7b507e1080a261db25 HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.Sandbox.1PUP.Optional.CrossRider.Asuccessb68907233a41bf778747f29e9c677b85 HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058PUP.Optional.CrossRider.Asuccess3f005ecc324968ce13a7bfad33cf956b HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8success51ee01292457c17506aa3c5fba49867a HKLM\SOFTWARE\WOW6432NODE\HQVid8PUP.Optional.HQVid.Asuccess91ae50da75069d998103b3b646bccc34 HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftwarePUP.Optional.WebsSearches.Asuccessb78864c6542786b0cccfe3893cc6e31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.BHOPUP.Optional.CrossRider.Asuccessf04f35f506754ceaab23f59be91a5aa6 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.BHO.1PUP.Optional.CrossRider.Asuccessd36c52d8027966d01ab4b4dc08fb9a66 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.SandboxPUP.Optional.CrossRider.Asuccess2f10bf6b2b5064d22da17f114cb7748c HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.Sandbox.1PUP.Optional.CrossRider.Asuccess51ee89a1f38874c2ede1840c12f1a858 HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\27058PUP.Optional.CrossRider.Asuccess80bffa3098e3df57ecceda92dd252cd4 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8success6ed1c664f28996a0dcd4950648bbcb35 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Re-markitPUP.Optional.ReMarkit.Asuccess47f847e396e5191d266fb0bd62a0ad53 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8PUP.Optional.HQVid.Asuccess17289793116a360062207fea30d27090 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplusPUP.Optional.MediaPlayerplus.Asuccess46f925054b30fe38a322541735cdc739 HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.comPUP.Optional.MySearchDial.Asuccess9ea1f238e695be78c227dcb4dc27ad53 HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CrossriderPUP.Optional.CrossRider.Asuccess3b0444e6daa1e0562e4b3e6641c28f71 HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8PUP.Optional.HQVid.Asuccessee5168c2df9c7abcf48e6207f210ac54 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MySearchDialPUP.Optional.MySearchDial.Asuccess94ab7cae6c0fe3535098731dbb488a76 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.comPUP.Optional.MySearchDial.Asuccess0c336fbb83f8a29472778e02cb385fa1 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CrossriderPUP.Optional.CrossRider.Asuccess60df57d3bcbf03332158dbc9cb38916f HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8PUP.Optional.HQVid.Asuccessfc43be6c413a142286fc0564b34f6898 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1SPUP.Optional.InstallCore.Asuccessbe8156d4bac13501beeb5623e1216f91 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCOREPUP.Optional.InstallCore.Asuccess89b6200acfacfd39fde749462fd49f61 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058PUP.Optional.CrossRider.Asuccess1728e2480477cd697a417eee18ea7b85 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\High-QualityV8PUP.Optional.CrossRider.Asuccess8db2c16982f98da9c6a20662758d53ad HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8success1e21a6844b3054e2e9c683188f7435cb HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}\INPROCSERVER32PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}PUP.Optional.VShareRedirsuccess
         


Alt 16.04.2014, 13:36   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Das ist keine XML-Datei. Öffne die XML-Datei mit einem Editor wie Notepad++ und poste den Inhalt des Logs 1:1 hier in CODE-Tags.
__________________
--> Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung

Alt 16.04.2014, 13:52   #7
bm123
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Bitte entschuldige.

Das Log ist zu lang, ich bekam die Meldung, ich soll es bitte als zip anhängen.

Alt 16.04.2014, 14:09   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.04.2014, 14:15   #9
bm123
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Tut mir leid, aber über all in den Anleitungen steht, dass man es zippen soll wenns zu groß ist und da mir die Foren Software dies auch mitteielte habe ich es so gemacht.
Wenn ihr das nicht wollt, wieso steht es denn da?
Das erschwert mir auch die Arbeit!
So weiter:
Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/04/14 22:17:09 +0200</date>
<log>mbam-log-2014-04-14 (21-56-12).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.04.14.07</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>ICH</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>266519</objects>
<time>1254</time>
<processes>5</processes>
<modules>2</modules>
<keys>60</keys>
<values>10</values>
<datas>16</datas>
<folders>54</folders>
<files>447</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\ProgramData\IePluginService\PluginService.exe</path><vendor>PUP.Optional.IePluginService.A</vendor><action>delete-on-reboot</action><pid>1192</pid><hash>5ae571b9daa162d4dbd82f218d742ed2</hash></process>
<process><path>C:\ProgramData\WPM\wprotectmanager.exe</path><vendor>PUP.Optional.WpManager</vendor><action>delete-on-reboot</action><pid>1292</pid><hash>44fb9595c6b5989eb553dd7eb74ab749</hash></process>
<process><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe</path><vendor>PUP.Optional.ReMarkit.A</vendor><action>delete-on-reboot</action><pid>1708</pid><hash>47f847e396e5191d266fb0bd62a0ad53</hash></process>
<process><path>C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>delete-on-reboot</action><pid>2072</pid><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></process>
<process><path>C:\Program Files (x86)\HQVid8\HQVid8-bg.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>delete-on-reboot</action><pid>17768</pid><hash>073893973546f640810475efcc36c33d</hash></process>
<module><path>C:\Program Files (x86)\SupTab\DpInterface32.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>delete-on-reboot</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></module>
<module><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.dll</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>delete-on-reboot</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></module>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService</path><vendor>PUP.Optional.IePluginService.A</vendor><action>success</action><hash>5ae571b9daa162d4dbd82f218d742ed2</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm</path><vendor>PUP.Optional.WpManager</vendor><action>success</action><hash>44fb9595c6b5989eb553dd7eb74ab749</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}</path><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><hash>2a15a3872e4db87e6e08e343e61cb24e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}</path><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><hash>b9862802f6856ec845305ec855ad43bd</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>93ac31f9502b0e280cd59cac27db966a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>152ab07a215a1125fde485c3e61cc43c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>152ab07a215a1125fde485c3e61cc43c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>152ab07a215a1125fde485c3e61cc43c</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.BHO</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>1c23c86233480135f1ddd0c0788b1ce4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.BHO.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>4ef11d0db8c31a1c844a2f610ff47987</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.Sandbox</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>ca7564c62f4cbb7b507e1080a261db25</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.Sandbox.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>b68907233a41bf778747f29e9c677b85</hash></key>
<key><path>HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>3f005ecc324968ce13a7bfad33cf956b</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>51ee01292457c17506aa3c5fba49867a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\HQVid8</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>91ae50da75069d998103b3b646bccc34</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>b78864c6542786b0cccfe3893cc6e31d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.BHO</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>f04f35f506754ceaab23f59be91a5aa6</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.BHO.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>d36c52d8027966d01ab4b4dc08fb9a66</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.Sandbox</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>2f10bf6b2b5064d22da17f114cb7748c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.Sandbox.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>51ee89a1f38874c2ede1840c12f1a858</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\27058</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>80bffa3098e3df57ecceda92dd252cd4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>6ed1c664f28996a0dcd4950648bbcb35</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Re-markit</path><vendor>PUP.Optional.ReMarkit.A</vendor><action>success</action><hash>47f847e396e5191d266fb0bd62a0ad53</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>17289793116a360062207fea30d27090</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus</path><vendor>PUP.Optional.MediaPlayerplus.A</vendor><action>success</action><hash>46f925054b30fe38a322541735cdc739</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9ea1f238e695be78c227dcb4dc27ad53</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>3b0444e6daa1e0562e4b3e6641c28f71</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>ee5168c2df9c7abcf48e6207f210ac54</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MySearchDial</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>94ab7cae6c0fe3535098731dbb488a76</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>0c336fbb83f8a29472778e02cb385fa1</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>60df57d3bcbf03332158dbc9cb38916f</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>fc43be6c413a142286fc0564b34f6898</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>be8156d4bac13501beeb5623e1216f91</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>89b6200acfacfd39fde749462fd49f61</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>1728e2480477cd697a417eee18ea7b85</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\High-QualityV8</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>8db2c16982f98da9c6a20662758d53ad</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>1e21a6844b3054e2e9c683188f7435cb</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}\INPROCSERVER32</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key>
<value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}</valuename><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><valuedata>;áÃzÊ;XA³0öm»Áµ</valuedata><hash>b9862802f6856ec845305ec855ad43bd</hash></value>
<value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}</valuename><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><valuedata>;áÃzÊ;XA³0öm»Áµ</valuedata><hash>b9862802f6856ec845305ec855ad43bd</hash></value>
<value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}</path><valuename></valuename><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><valuedata></valuedata><hash>132c2703126986b05520f92da65c7c84</hash></value>
<value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}</path><valuename></valuename><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><valuedata></valuedata><hash>89b643e7116a2e08afc643e343bf1ee2</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>quick_start@gmail.com</valuename><vendor>PUP.Optional.QuickStart.A</vendor><action>success</action><valuedata>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\extensions\quick_start@gmail.com</valuedata><hash>e05f002a6d0ec571fe5a73fadf230ff1</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM</path><valuename>ImagePath</valuename><vendor>PUP.Optional.WpManager.A</vendor><action>success</action><valuedata>C:\ProgramData\WPM\wprotectmanager.exe -service</valuedata><hash>b98634f6e4972610305e2f7128db24dc</hash></value>
<value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path><valuename>ProxyServer</valuename><vendor>PUM.Bad.Proxy</vendor><action>success</action><valuedata>http=127.0.0.1:13828</valuedata><hash>97a836f42f4c1323d6fec8e040c35aa6</hash></value>
<value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0A2O1C1R1H2Z1S1G1M1F</valuedata><hash>89b6200acfacfd39fde749462fd49f61</hash></value>
<value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path><valuename>ProxyServer</valuename><vendor>PUM.Bad.Proxy</vendor><action>success</action><valuedata>http=127.0.0.1:13828</valuedata><hash>4af5a387dba08caafed67d2bcf34c838</hash></value>
<value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>{5ae66703-77f8-4623-8c81-9ba769053c03}</valuename><vendor>PUP.Optional.ReMarkIT.A</vendor><action>success</action><valuedata>C:\Program Files (x86)\Re-markit Corp\158.xpi</valuedata><hash>91ae1d0de6955adc42aee485f40e6a96</hash></value>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path><valuename>AppInit_DLLs</valuename><vendor>PUP.Optional.SupTab.A</vendor><action>replaced</action><valuedata>C:\PROGRA~2\SupTab\SEARCH~1.DLL</valuedata><baddata>C:\PROGRA~2\SupTab\SEARCH~1.DLL</baddata><gooddata></gooddata><hash>72cda585fa812e08e67a2551b74b0cf4</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path><valuename>AppInit_DLLs</valuename><vendor>PUP.Optional.SupTab.A</vendor><action>replaced</action><valuedata>C:\PROGRA~2\SupTab\SEARCH~2.DLL</valuedata><baddata>C:\PROGRA~2\SupTab\SEARCH~2.DLL</baddata><gooddata></gooddata><hash>72cda585fa812e08e67a2551b74b0cf4</hash></data>
<data><path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>&quot;C:\Program Files (x86)\Mozilla Firefox\firefox.exe&quot; hxxp://istart.webssearches.com/?type=sc&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>&quot;C:\Program Files (x86)\Mozilla Firefox\firefox.exe&quot; hxxp://istart.webssearches.com/?type=sc&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>firefox.exe</gooddata><hash>1f2086a435462412e7e22aee976d59a7</hash></data>
<data><path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>iexplore.exe</gooddata><hash>310e61c97ffc21159931948433d136ca</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/web/?type=ds&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&amp;q={searchTerms}</valuedata><baddata>hxxp://istart.webssearches.com/web/?type=ds&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>65daee3cfd7e7db9b21b50c8966e3bc5</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Page_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/?type=hp&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>hxxp://istart.webssearches.com/?type=hp&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>www.google.com</gooddata><hash>043bcb5f6e0d66d08547fb1d15eff808</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><valuedata>hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=</valuedata><baddata>hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>e25dc06af4874de94bd8de4450b43ec2</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>58e770bab8c39f976555938f73919c64</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>&quot;C:\Program Files (x86)\Mozilla Firefox\firefox.exe&quot; hxxp://istart.webssearches.com/?type=sc&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>&quot;C:\Program Files (x86)\Mozilla Firefox\firefox.exe&quot; hxxp://istart.webssearches.com/?type=sc&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>firefox.exe</gooddata><hash>9aa548e286f51a1c3594a67254b0c43c</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>iexplore.exe</gooddata><hash>bc83c06a4a31f73f3694c35512f260a0</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/web/?type=ds&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&amp;q={searchTerms}</valuedata><baddata>hxxp://istart.webssearches.com/web/?type=ds&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>c877e842106b9e98933a75a3ce368977</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Page_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/?type=hp&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>hxxp://istart.webssearches.com/?type=hp&amp;ts=1396190897&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>www.google.com</gooddata><hash>1e212406a8d3d95da428bf59db2908f8</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><valuedata>hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=</valuedata><baddata>hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>b48ba783d1aabe7869bafa28b64e7090</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>320d260497e44beb8d2d70b2f311cc34</hash></data>
<data><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>Hijack.StartPage</vendor><action>replaced</action><valuedata>hxxp://startsear.ch/?aff=1</valuedata><baddata>hxxp://startsear.ch/?aff=1</baddata><gooddata>hxxp://www.google.com</gooddata><hash>19260921a1da93a3b61a71aa36ce629e</hash></data>
<data><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><valuedata>hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=</valuedata><baddata>hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>102f76b42b5077bf47db82a0cf35ae52</hash></data>
<folder><path>C:\Program Files (x86)\SupTab</path><vendor>PUP.Optional.SupTab.A</vendor><action>delete-on-reboot</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\img</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\img\weather</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\en-US</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\es-419</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\es-ES</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-BE</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CA</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CH</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-FR</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-LU</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\it-CH</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\it-IT</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\pl</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\pt</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\pt-BR</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\ru</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\ru-MO</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\tr-TR</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\vi-VI</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\zh-CN</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\zh-TW</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder>
<folder><path>C:\Users\ICH\AppData\Local\Lollipop</path><vendor>Adware.LolliPop.IT</vendor><action>success</action><hash>59e60c1e8dee64d2342520583cc71ae6</hash></folder>
<folder><path>C:\Users\ICH\AppData\Roaming\mysearchdial</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></folder>
<folder><path>C:\Users\ICH\AppData\Roaming\mysearchdial\icons_2.18.2.0</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></folder>
<folder><path>C:\Users\ICH\AppData\Roaming\mysearchdial\UpdateProc</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></folder>
<folder><path>C:\ProgramData\IePluginService</path><vendor>PUP.Optional.IePluginService.A</vendor><action>delete-on-reboot</action><hash>e25d42e8a7d43ef82459a9b550b2fe02</hash></folder>
<folder><path>C:\ProgramData\IePluginService\update</path><vendor>PUP.Optional.IePluginService.A</vendor><action>success</action><hash>e25d42e8a7d43ef82459a9b550b2fe02</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\defaults</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\defaults\preferences</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\userCode</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\locale</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\locale\en-US</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\components</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder>
<folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\META-INF</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder>
<folder><path>C:\Program Files (x86)\Re-markit Corp</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>delete-on-reboot</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></folder>
<folder><path>C:\Users\ICH\AppData\Roaming\webssearches</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></folder>
<folder><path>C:\Users\ICH\AppData\Roaming\webssearches\images</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></folder>
<folder><path>C:\Program Files (x86)\HQVid8</path><vendor>PUP.Optional.HQVid.A</vendor><action>delete-on-reboot</action><hash>073893973546f640810475efcc36c33d</hash></folder>
<file><path>C:\ProgramData\IePluginService\PluginService.exe</path><vendor>PUP.Optional.IePluginService.A</vendor><action>delete-on-reboot</action><hash>5ae571b9daa162d4dbd82f218d742ed2</hash></file>
<file><path>C:\ProgramData\WPM\wprotectmanager.exe</path><vendor>PUP.Optional.WpManager</vendor><action>delete-on-reboot</action><hash>44fb9595c6b5989eb553dd7eb74ab749</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SupTab.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\SupTab\SupTab.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff72b8b7c4350194b6a1948878ed13</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>d26d002a6912c2747149610656ac4cb4</hash></file>
<file><path>C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>1e217ab00873181e240f0269966cc13f</hash></file>
<file><path>C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>94ab002a2259ff37c76cda91cc3625db</hash></file>
<file><path>C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>eb5498921b609b9ba58e1259a35fe31d</hash></file>
<file><path>C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>221d4fdb700b3cfac2710d5e7e84728e</hash></file>
<file><path>C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>7ac5fe2c5d1e191d8fa4006bbb47d32d</hash></file>
<file><path>C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>c7782cfe126956e05f3eb1bb2fd3f808</hash></file>
<file><path>C:\Windows\Tasks\Re-markit Update.job</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>49f63ded2754d165dcba8be22bd760a0</hash></file>
<file><path>C:\Windows\Tasks\Re-markit_wd.job</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>7bc46bbfb3c861d5d6c0dc915fa3a15f</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\searchplugins\Mysearchdial.xml</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>1a25bf6b85f6d85e6a8cb7b73bc7629e</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\searchplugins\Mysearchdial.xml</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>b58a002ad5a67bbb728491ddcd3557a9</hash></file>
<file><path>C:\Program Files (x86)\SupTab\install.data</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\DpInterface32.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>delete-on-reboot</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\DpInterface64.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\DpInterfacef32.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\ient.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\RSHP.exe</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SearchProtect32.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SearchProtect64.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SpAPPSv32.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SpAPPSv64.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\uninstall.exe</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\data.html</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\indexIE.html</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\indexIE8.html</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\main.css</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\style.css</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\ver.txt</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\arrow.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\default_add_logo.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\default_logo.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\googlelogo.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\googlelogo2.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\google_trends.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\icon128.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\icon16.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\icon48.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\loading.gif</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\logo32.ico</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\27.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\0.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\1.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\10.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\11.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\12.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\13.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\14.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\15.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\16.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\17.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\18.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\19.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\2.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\20.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\21.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\22.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\23.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\24.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\25.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\26.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\28.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\29.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\3.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\30.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\31.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\32.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\33.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\34.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\35.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\36.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\37.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\38.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\39.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\4.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\40.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\41.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\42.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\43.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\44.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\45.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\46.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\47.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\5.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\6.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\7.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\8.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\9.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\background.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\common.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\ga.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\ie8.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\jquery-base.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\js.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\library.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\xagainit.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file>
<file><path>C:\Users\ICH\AppData\Local\Lollipop\lollipop.bat</path><vendor>Adware.LolliPop.IT</vendor><action>success</action><hash>59e60c1e8dee64d2342520583cc71ae6</hash></file>
<file><path>C:\Users\ICH\AppData\Local\Lollipop\Lollipop.exe</path><vendor>Adware.LolliPop.IT</vendor><action>success</action><hash>59e60c1e8dee64d2342520583cc71ae6</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe</path><vendor>PUP.Optional.ReMarkit.A</vendor><action>delete-on-reboot</action><hash>47f847e396e5191d266fb0bd62a0ad53</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\mysearchdial\UpdateProc\config.dat</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\mysearchdial\UpdateProc\info.dat</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\mysearchdial\UpdateProc\STTL.DAT</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></file>
<file><path>C:\ProgramData\IePluginService\update\conf</path><vendor>PUP.Optional.IePluginService.A</vendor><action>success</action><hash>e25d42e8a7d43ef82459a9b550b2fe02</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome.manifest</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\install.rdf</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\background.html</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\baseObject.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\browser.xul</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\dialog.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\ffCoreFilesIndex.txt</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\main.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\options.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\options.xul</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\platformVersion.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\search_dialog.xul</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\asyncDB.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\background.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\browserAction.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\contextMenu.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\dbManager.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\dom_bg.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\fileManager.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\firefox.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\firefoxNotifications.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\firefoxOmnibox.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\message.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\pageAction.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\request.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\tabs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\webRequest.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\windowsMessagingHandler.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\addressBarChangeObserver.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\console.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\consts.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\delegate.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\extensionDataStore.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\folderIOWrapper.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\httpObserver.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\IDBWrapper.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\installer.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\logFile.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\progressListenerObserver.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\registry.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\reloadObserver.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\reports.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\requestObject.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\searchSettings.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\uninstallObserver.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\updateManager.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\utils.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\xhr.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\defaults\preferences\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\manifest.xml</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins.json</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\1.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\102.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\103.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\104.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\119.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\13.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\14.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\16.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\17.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\177.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\178.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\179.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\180.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\182.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\183.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\184.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\191.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\207.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\21.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\22.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\223.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\231.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\232.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\242.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\246.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\28.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\4.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\47.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\64.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\72.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\78.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\91.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\93.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\98.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\userCode\background.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\userCode\extension.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\locale\en-US\translations.dtd</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\button1.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
         

Alt 16.04.2014, 14:16   #10
bm123
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Code:
ATTFilter
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\button2.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\button3.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\button4.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\button5.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\crossrider_statusbar.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\icon128.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\icon16.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\icon24.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\icon48.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\panelarrow-up.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\popup.html</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\skin.css</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\update.css</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\chrome.manifest</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\install.rdf</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\components\FFDisp.dll</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\dpk.htm</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\hlprs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\loader.xul</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\mtstart.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\mysearchdial.css</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\mysearchdial.xul</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\serp.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\tmplt.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\arwDwn.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\closeo.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\help_16.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\home.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\icon_seperator.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\logo.PNG</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\privecy_16_hot.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\sign.jpg</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\specialoffer.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\tellafriend.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ae.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\bg.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ch.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\cn.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\cz.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\de.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\eg.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\en.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\es.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\fr.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\gr.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\he.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\il.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\it.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ja.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\jp.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\nl.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\no.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\pl.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\pt.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ro.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ru.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\sa.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\se.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\sv.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\tr.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ua.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\us.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\META-INF\manifest.mf</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\META-INF\zigbert.rsa</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\META-INF\zigbert.sf</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\158.crx</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\158.dat</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\158.xpi</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\a.db</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\b.db</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.bin</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.dll</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>delete-on-reboot</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.ini</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>delete-on-reboot</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\ReMar.exe</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\Sqlite3.dll</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Program Files (x86)\Re-markit Corp\Uninstall.exe</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\webssearches\92.json</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\webssearches\uninstallDlg.xml</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\webssearches\UninstallManager.exe</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\bg1.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\button1.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\checked.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\close.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\min.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\Thumbs.db</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\unchecked.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\53172.crx</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\53172.xpi</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\background.html</path><vendor>PUP.Optional.HQVid.A</vendor><action>delete-on-reboot</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\HQVid8-bg.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>delete-on-reboot</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\HQVid8-bho.dll</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\HQVid8-bho64.dll</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\HQVid8-codedownloader.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\HQVid8.ico</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\Uninstall.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Program Files (x86)\HQVid8\utils.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.crossrider.bic&quot;, &quot;14513781b1beed9302e71ba40939acf5&quot;);</baddata><gooddata></gooddata><hash>221dd753bbc0a591ee879cb11be9be42</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.AL&quot;, 2);</baddata><gooddata></gooddata><hash>09364fdb2b508da9f983113c15efd52b</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.aflt&quot;, &quot;cmi_14_13_ff&quot;);</baddata><gooddata></gooddata><hash>2e1169c183f8e94d027a65e842c28878</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.appId&quot;, &quot;{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}&quot;);</baddata><gooddata></gooddata><hash>320df2383c3f0d299ddf004d15ef13ed</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.cd&quot;, &quot;2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&quot;);</baddata><gooddata></gooddata><hash>1a259694d2a9bd79205c56f7ac5803fd</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.cntry&quot;, &quot;DE&quot;);</baddata><gooddata></gooddata><hash>88b7dd4d9cdff6408cf04efffa0a4bb5</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.cr&quot;, &quot;960138954&quot;);</baddata><gooddata></gooddata><hash>9aa51515403b999d126a3c1159ab5ca4</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dfltLng&quot;, &quot;&quot;);</baddata><gooddata></gooddata><hash>0d3279b1374453e34a32f5580df7629e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dfltSrch&quot;, true);</baddata><gooddata></gooddata><hash>2718ea40572474c282fadb7251b33cc4</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dnsErr&quot;, true);</baddata><gooddata></gooddata><hash>49f635f59ae15bdb9ae2b19c9a6a03fd</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dpkLst&quot;, &quot;3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613&quot;);</baddata><gooddata></gooddata><hash>ee5114160972db5b17658fbea064748c</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.excTlbr&quot;, false);</baddata><gooddata></gooddata><hash>86b9e743e39852e4d7a5fa539a6aa35d</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hdrMd5&quot;, &quot;1DC32EA1E2A85726847780FB73701EDB&quot;);</baddata><gooddata></gooddata><hash>bc8372b8fd7ee155d1ab6be23fc59c64</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hmpg&quot;, true);</baddata><gooddata></gooddata><hash>211e77b37b0074c2106c59f4c4406a96</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hmpgUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&quot;);</baddata><gooddata></gooddata><hash>97a8cc5e8bf033031765103dc63e8779</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hpFFXOld&quot;, &quot;hxxp://istart.webssearches.com/?type=hp&amp;ts=1396191910&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&quot;);</baddata><gooddata></gooddata><hash>bf808f9b88f3cc6aef8dd37a5ba98d73</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.id&quot;, &quot;70F395542C236460&quot;);</baddata><gooddata></gooddata><hash>59e62307b6c5ee48304c4b02818354ac</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.instlDay&quot;, &quot;16159&quot;);</baddata><gooddata></gooddata><hash>c679052599e2c2740b711c31f90b50b0</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.instlRef&quot;, &quot;140305_b&quot;);</baddata><gooddata></gooddata><hash>17289c8edf9c4beb7309df6e669e916f</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.lastB&quot;, &quot;hxxp://istart.webssearches.com/?type=hp&amp;ts=1396191910&amp;from=tugs&amp;uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&quot;);</baddata><gooddata></gooddata><hash>5ee148e2057689addba1aca1758f936d</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.lastVrsnTs&quot;, &quot;1.8.29.017:5:3&quot;);</baddata><gooddata></gooddata><hash>bd82cf5b1e5dce68adcf4a03d43043bd</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.newTabUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=2&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&quot;);</baddata><gooddata></gooddata><hash>8fb0b872d0abc373cfadf05d2bd935cb</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.pnu_base&quot;, &quot;{\&quot;newVrsn\&quot;:\&quot;94\&quot;,\&quot;lastVrsn\&quot;:\&quot;94\&quot;,\&quot;vrsnLoad\&quot;:\&quot;\&quot;,\&quot;showMsg\&quot;:\&quot;false\&quot;,\&quot;showSilent\&quot;:\&quot;false\&quot;,\&quot;msgTs\&quot;:0,\&quot;lstMsgTs\&quot;:\&quot;0\&quot;}&quot;);</baddata><gooddata></gooddata><hash>7ac55eccb7c49a9c1666e06d8b799967</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.prdct&quot;, &quot;mysearchdial&quot;);</baddata><gooddata></gooddata><hash>a29da9811a61b1856c10fb522ed6f709</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.prtnrId&quot;, &quot;mysearchdial&quot;);</baddata><gooddata></gooddata><hash>bd82ed3dc0bb3402f98393ba51b3f50b</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.sg&quot;, &quot;none&quot;);</baddata><gooddata></gooddata><hash>5de2e644413a1e18106cb994fd07e917</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.srchPrvdr&quot;, &quot;Mysearchdial&quot;);</baddata><gooddata></gooddata><hash>37085dcd7506181e7efeb994a460e020</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.tlbrId&quot;, &quot;base&quot;);</baddata><gooddata></gooddata><hash>6dd267c3bac1d5613d3f73dad2328b75</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.tlbrSrchUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=3&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&amp;q=&quot;);</baddata><gooddata></gooddata><hash>1b249a9004770f275824d37adf25cd33</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.vrsn&quot;, &quot;1.8.29.0&quot;);</baddata><gooddata></gooddata><hash>0639d555ff7cbd7947357ecf5ea69c64</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.vrsni&quot;, &quot;1.8.29.0&quot;);</baddata><gooddata></gooddata><hash>46f9ed3d3f3c6fc78af2a8a5ba4a0ef2</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.newTab&quot;, false);</baddata><gooddata></gooddata><hash>3c03ad7d5c1fb97d700cf85530d44ab6</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.smplGrp&quot;, &quot;none&quot;);</baddata><gooddata></gooddata><hash>e15e89a1a4d7f73fabd11b327b89d030</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.vrsnTs&quot;, &quot;1.8.29.017:5:3&quot;);</baddata><gooddata></gooddata><hash>f34c79b19ae121150874004d52b2e51b</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.irmysearch.aflt&quot;, &quot;cmi_14_13_ff&quot;);</baddata><gooddata></gooddata><hash>49f64fdb79020b2b730115380004748c</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.irmysearch.instlRef&quot;, &quot;140305_b&quot;);</baddata><gooddata></gooddata><hash>ac9370ba62197db988ec6ce1f1138977</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.irmysearch.cr&quot;, &quot;960138954&quot;);</baddata><gooddata></gooddata><hash>d56a50daa8d384b2294bba931ee6966a</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.irmysearch.cd&quot;, &quot;2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&quot;);</baddata><gooddata></gooddata><hash>c77886a4d5a60f275c180449e02402fe</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hmpg&quot;, true);</baddata><gooddata></gooddata><hash>6fd01a10a2d91e18aecf35188e7610f0</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hmpgUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&quot;);</baddata><gooddata></gooddata><hash>f9467ab0e09bab8b403d1835a55f23dd</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dfltSrch&quot;, true);</baddata><gooddata></gooddata><hash>f44b64c6d3a8a98d5a23f55808fcc43c</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.srchPrvdr&quot;, &quot;Mysearchdial&quot;);</baddata><gooddata></gooddata><hash>4cf3b3773c3f9e988cf1ada0b64e6b95</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dnsErr&quot;, true);</baddata><gooddata></gooddata><hash>52ed84a6a3d88fa7126b4508cf356898</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.newTab&quot;, false);</baddata><gooddata></gooddata><hash>9da2a08a6813cd69d4a945088d77bc44</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.newTabUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=2&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&quot;);</baddata><gooddata></gooddata><hash>86b91911106b3006dca1d8750ff55fa1</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.tlbrSrchUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=3&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&amp;q=&quot;);</baddata><gooddata></gooddata><hash>82bd4ddda9d257df1964b59815efe11f</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.id&quot;, &quot;70F395542C236460&quot;);</baddata><gooddata></gooddata><hash>6ad5b674cab1ce68f58894b95ca8ce32</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.instlDay&quot;, &quot;16159&quot;);</baddata><gooddata></gooddata><hash>0a35cc5e99e2ad89e994b796768ebd43</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.vrsn&quot;, &quot;1.8.29.0&quot;);</baddata><gooddata></gooddata><hash>a69942e8d9a2df576c11eb6237cda957</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.vrsni&quot;, &quot;1.8.29.0&quot;);</baddata><gooddata></gooddata><hash>ba852901a8d3df5797e6c48940c442be</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.vrsnTs&quot;, &quot;1.8.29.017:5:3&quot;);</baddata><gooddata></gooddata><hash>2916f2383a41072f6914a3aa30d43fc1</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.prtnrId&quot;, &quot;mysearchdial&quot;);</baddata><gooddata></gooddata><hash>340b14163546f93d84f956f7cb3915eb</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.prdct&quot;, &quot;mysearchdial&quot;);</baddata><gooddata></gooddata><hash>2d12b674aad1e84e552814396c980af6</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.aflt&quot;, &quot;cmi_14_13_ff&quot;);</baddata><gooddata></gooddata><hash>bd8266c4057677bf5d2059f4b054c23e</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.smplGrp&quot;, &quot;none&quot;);</baddata><gooddata></gooddata><hash>211e2a007ffcda5c86f7cc81bd47b050</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.tlbrId&quot;, &quot;base&quot;);</baddata><gooddata></gooddata><hash>e05f6dbd3a4179bd9fde420ba85c2ad6</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.instlRef&quot;, &quot;140305_b&quot;);</baddata><gooddata></gooddata><hash>7fc0909af48778be473661ec4cb816ea</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dfltLng&quot;, &quot;&quot;);</baddata><gooddata></gooddata><hash>74cb32f8ed8e33031667e766a75d817f</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.appId&quot;, &quot;{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}&quot;);</baddata><gooddata></gooddata><hash>78c7bf6bf18aee48502d3716aa5afe02</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.excTlbr&quot;, false);</baddata><gooddata></gooddata><hash>c47bfb2fe8932511a6d7381543c1817f</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.cr&quot;, &quot;960138954&quot;);</baddata><gooddata></gooddata><hash>55ea7eac017a41f5770634191ce8be42</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.cd&quot;, &quot;2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&quot;);</baddata><gooddata></gooddata><hash>8ab58aa0e19ae74fe994460745bfa55b</hash></file>
<file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.AL&quot;, 2);</baddata><gooddata></gooddata><hash>71ceb07a67140630403d3518d62ed729</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.crossrider.bic&quot;, &quot;1451809b8d78d55f14606bfc06d18eaa&quot;);</baddata><gooddata></gooddata><hash>023d4edcfa8113230570ed60d33125db</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.AL&quot;, 2);</baddata><gooddata></gooddata><hash>1d2237f3e4972a0c97e57fce996b1ee2</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.aflt&quot;, &quot;cmi_14_13_ff&quot;);</baddata><gooddata></gooddata><hash>06399199ef8c132387f52726cd37ed13</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.appId&quot;, &quot;{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}&quot;);</baddata><gooddata></gooddata><hash>f54a4ddd681373c3c5b73815d331867a</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.cd&quot;, &quot;2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&quot;);</baddata><gooddata></gooddata><hash>de616ac0fe7dba7c2a521538ba4a7c84</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.cntry&quot;, &quot;DE&quot;);</baddata><gooddata></gooddata><hash>70cfb872413abc7a9edebe8fa064d828</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.cr&quot;, &quot;960138954&quot;);</baddata><gooddata></gooddata><hash>5ae5a783c3b8ff3787f59db0bd478e72</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dfltLng&quot;, &quot;&quot;);</baddata><gooddata></gooddata><hash>f9467dad15660e2884f80d4023e1a957</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dfltSrch&quot;, true);</baddata><gooddata></gooddata><hash>57e8ab7fc0bb7eb8f686c78661a326da</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dnsErr&quot;, true);</baddata><gooddata></gooddata><hash>ee5163c7bfbce6502953fa53eb198b75</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dpkLst&quot;, &quot;3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613&quot;);</baddata><gooddata></gooddata><hash>92ad11196f0c1125f7852825b450c43c</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.excTlbr&quot;, false);</baddata><gooddata></gooddata><hash>9ba486a45724d363c4b8c8854eb646ba</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hdrMd5&quot;, &quot;F598D13A9F556AA7FFCF5F546A7F6D42&quot;);</baddata><gooddata></gooddata><hash>54eb53d7c3b8af87fb818dc0d03416ea</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hmpg&quot;, true);</baddata><gooddata></gooddata><hash>d966d951eb9086b0a9d3b6978c78936d</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hmpgUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&quot;);</baddata><gooddata></gooddata><hash>9ea14fdbd1aaa195c8b45df0fd074cb4</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.id&quot;, &quot;70F395542C236460&quot;);</baddata><gooddata></gooddata><hash>54eb1e0c6e0d3cfa55273815877d16ea</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.instlDay&quot;, &quot;16159&quot;);</baddata><gooddata></gooddata><hash>cb744bdf5e1d8babeb912f1e966e8c74</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.instlRef&quot;, &quot;140305_b&quot;);</baddata><gooddata></gooddata><hash>102f55d52b50a492aad2c38aaa5a8e72</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.lastB&quot;, &quot;hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&quot;);</baddata><gooddata></gooddata><hash>be81c56595e6c571592358f553b1758b</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.lastVrsnTs&quot;, &quot;&quot;);</baddata><gooddata></gooddata><hash>340bb67490eb6acca0dc9eaf8e76d729</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.newTabUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=2&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&quot;);</baddata><gooddata></gooddata><hash>5ae50921f08b61d50f6def5ea064ff01</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.pnu_base&quot;, &quot;{\&quot;newVrsn\&quot;:\&quot;95\&quot;,\&quot;lastVrsn\&quot;:\&quot;95\&quot;,\&quot;vrsnLoad\&quot;:\&quot;\&quot;,\&quot;showMsg\&quot;:\&quot;false\&quot;,\&quot;showSilent\&quot;:\&quot;true\&quot;,\&quot;msgTs\&quot;:0,\&quot;lstMsgTs\&quot;:\&quot;0\&quot;}&quot;);</baddata><gooddata></gooddata><hash>c679cd5d3744a6900874311c966ea060</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.prdct&quot;, &quot;mysearchdial&quot;);</baddata><gooddata></gooddata><hash>9aa54ae05f1c092d2a52bf8e2ed637c9</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.prtnrId&quot;, &quot;mysearchdial&quot;);</baddata><gooddata></gooddata><hash>5be40426aecdbf77e696ea637292b848</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.sg&quot;, &quot;{smplGrp}&quot;);</baddata><gooddata></gooddata><hash>1b24f4368cef52e481fbc28b927208f8</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.srchPrvdr&quot;, &quot;Mysearchdial&quot;);</baddata><gooddata></gooddata><hash>f14e1218b9c2a393621a3d1024e0847c</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.tlbrId&quot;, &quot;base&quot;);</baddata><gooddata></gooddata><hash>083736f45328ee48e795d17c40c440c0</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.tlbrSrchUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=3&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&amp;q=&quot;);</baddata><gooddata></gooddata><hash>9fa0cf5bd0abc6708cf03f0e7f85af51</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.vrsn&quot;, &quot;1.8.29.0&quot;);</baddata><gooddata></gooddata><hash>053a1a1091ea79bd2458ae9f60a42bd5</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.vrsni&quot;, &quot;1.8.29.0&quot;);</baddata><gooddata></gooddata><hash>cc73f238c9b2d066acd0c4892cd8b44c</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.newTab&quot;, false);</baddata><gooddata></gooddata><hash>83bc39f1f6854ee8ec90252872927e82</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.smplGrp&quot;, &quot;none&quot;);</baddata><gooddata></gooddata><hash>d966c763c1ba84b2fc80212c5ea6db25</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.vrsnTs&quot;, &quot;1.8.29.017:5:3&quot;);</baddata><gooddata></gooddata><hash>45fa53d73447fa3ccdaff954e91b0cf4</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;browser.startup.homepage&quot;, &quot;hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&quot;);</baddata><gooddata></gooddata><hash>be8181a96912d6607f3359f40df7659b</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.irmysearch.aflt&quot;, &quot;cmi_14_13_ff&quot;);</baddata><gooddata></gooddata><hash>eb540f1bef8c93a3e2923e0f9d6705fb</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.irmysearch.instlRef&quot;, &quot;140305_b&quot;);</baddata><gooddata></gooddata><hash>40ff1c0ee39875c1c1b3ba934aba8d73</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.irmysearch.cr&quot;, &quot;960138954&quot;);</baddata><gooddata></gooddata><hash>fd42b278dc9f60d6a0d42a23ee16eb15</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.irmysearch.cd&quot;, &quot;2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&quot;);</baddata><gooddata></gooddata><hash>79c6c6643c3f2313d89ccc81e222817f</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hmpg&quot;, true);</baddata><gooddata></gooddata><hash>eb549d8dd6a5b48296e7ae9fee16b24e</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.hmpgUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=1&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&quot;);</baddata><gooddata></gooddata><hash>ed52ee3c4b307fb7eb9283ca06fedf21</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dfltSrch&quot;, true);</baddata><gooddata></gooddata><hash>1d2233f7afcca78f83fa74d9f80cff01</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.srchPrvdr&quot;, &quot;Mysearchdial&quot;);</baddata><gooddata></gooddata><hash>95aad4560e6d979f7508400d41c3e917</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dnsErr&quot;, true);</baddata><gooddata></gooddata><hash>f7482efcec8f2016a7d6aaa38084a060</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.newTab&quot;, false);</baddata><gooddata></gooddata><hash>8db284a6d0ab1125c2bb2f1eb94bc23e</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.newTabUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=2&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&quot;);</baddata><gooddata></gooddata><hash>bf80999186f5f640a2db4ffe2bd90cf4</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.tlbrSrchUrl&quot;, &quot;hxxp://start.mysearchdial.com/?f=3&amp;a=cmi_14_13_ff&amp;cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&amp;cr=960138954&amp;ir=&amp;q=&quot;);</baddata><gooddata></gooddata><hash>1c230426bcbfbf776d1085c8e91b9e62</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.id&quot;, &quot;70F395542C236460&quot;);</baddata><gooddata></gooddata><hash>a39c0129ccaf3afceb928cc1d52f59a7</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.instlDay&quot;, &quot;16159&quot;);</baddata><gooddata></gooddata><hash>54ebc26892e9db5b04797ecf12f20bf5</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.vrsn&quot;, &quot;1.8.29.0&quot;);</baddata><gooddata></gooddata><hash>5de253d7ccaf122409741a33b94bff01</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.vrsni&quot;, &quot;1.8.29.0&quot;);</baddata><gooddata></gooddata><hash>6ad5df4b1d5ea88e2756fd5019eb4db3</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.vrsnTs&quot;, &quot;1.8.29.017:5:3&quot;);</baddata><gooddata></gooddata><hash>f34cf3377a0151e569145df071933ec2</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.prtnrId&quot;, &quot;mysearchdial&quot;);</baddata><gooddata></gooddata><hash>bf80b575bfbcaa8c8eef4c0106fe9a66</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.prdct&quot;, &quot;mysearchdial&quot;);</baddata><gooddata></gooddata><hash>52edf2386219e94dbcc15bf20004f907</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.aflt&quot;, &quot;cmi_14_13_ff&quot;);</baddata><gooddata></gooddata><hash>2718e04aed8eae886c11e36a94701fe1</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial_i.smplGrp&quot;, &quot;none&quot;);</baddata><gooddata></gooddata><hash>f24df93192e9ac8ab3ca0a431be9bc44</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.tlbrId&quot;, &quot;base&quot;);</baddata><gooddata></gooddata><hash>a798a9814e2d7eb8d5a8d776fd07c739</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.instlRef&quot;, &quot;140305_b&quot;);</baddata><gooddata></gooddata><hash>39064ae0ea9185b15d20034ad1339d63</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.dfltLng&quot;, &quot;&quot;);</baddata><gooddata></gooddata><hash>152a1119c1bae2544b3295b8dd27a759</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.appId&quot;, &quot;{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}&quot;);</baddata><gooddata></gooddata><hash>7bc4e545235885b1b3cad17ca85c27d9</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.excTlbr&quot;, false);</baddata><gooddata></gooddata><hash>211e52d8c1ba7fb7cab38bc2bb49eb15</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.cr&quot;, &quot;960138954&quot;);</baddata><gooddata></gooddata><hash>b28d0723ceadf442522b0746f70db44c</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.cd&quot;, &quot;2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&quot;);</baddata><gooddata></gooddata><hash>26198aa0592247efea93d875fa0a867a</hash></file>
<file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.mysearchdial.AL&quot;, 2);</baddata><gooddata></gooddata><hash>3d02c8621566211576076de01fe58a76</hash></file>
</items>
</mbam-log>
         

Alt 16.04.2014, 14:33   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Zitat:
Wenn ihr das nicht wollt, wieso steht es denn da?
Das erschwert mir auch die Arbeit!
Ich hab keinen administrativen Zugriff auf das Forum! Und nicht jeder kann sich Dateianhänge von einem Forum runterladen, außerdem steht es auch in meinem Lesestoff wie du mir die Arbeit erleichterst


Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.04.2014, 15:15   #12
bm123
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Ich finde es ziehmlich verwirrend in einer Anleitung für "neue" etwas vorzuschreiben, wenn es nicht alle Mitglieder öffnen können/dürfen/wollen.

Und entschuldige bitte, ich hatte es im ersten Lesestoff überlesen!

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 15:42:39
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : ICH - SVENI-PC
# Gestartet von : C:\Users\ICH\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\uniblue
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\Users\ICH\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\ICH\AppData\Local\Tuguu_SL
Ordner Gelöscht : C:\Users\ICH\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\ICH\AppData\Roaming\uniblue
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\searchplugins\Startsear.xml
Datei Gelöscht : C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js
Datei Gelöscht : C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial
Datei Gelöscht : C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
Datei Gelöscht : C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
Datei Gelöscht : C:\Windows\Tasks\SpeedUpMyPC Startup.job
Datei Gelöscht : C:\Windows\System32\Tasks\SpeedUpMyPC Startup

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\ICH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\ICH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKLM\Software\IePlugin
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.previous_page.value", "%22hxxp%3A//start.mysearchdial.com/%3Ff%3D1%26a%3Dcmi_14_13_ff%26cd%[...]
Zeile gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr%40mysearchdial.com:1.6.0,ee5ad154-f909-4cc0-aa51-d7e94e3fb0af%4036204afd-f43e-4917-9c71-8384e2e4d3ad.com:0.94.33,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://startsear.ch/?aff=1&src=sp&cf=6496af50-ff38-11e0-ba7b-70f395542c23&q=");

[ Datei : C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "14513781b1beed9302e71ba40939acf5");
Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "cmi_14_13_ff");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAz[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "960138954");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "1DC32EA1E2A85726847780FB73701EDB");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEt[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.hpFFXOld", "hxxp://istart.webssearches.com/?type=hp&ts=1396191910&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639");
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "70F395542C236460");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16159");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "140305_b");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://istart.webssearches.com/?type=hp&ts=1396191910&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.017:5:3");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCy[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"94\",\"lastVrsn\":\"94\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1Czut[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.017:5:3");

*************************

AdwCleaner[R0].txt - [10029 octets] - [16/04/2014 15:41:26]
AdwCleaner[S0].txt - [8758 octets] - [16/04/2014 15:42:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8818 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by ICH on 16.04.2014 at 15:46:22,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\ICH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ICH\AppData\Roaming\mozilla\firefox\profiles\iqsjhmlr.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2014 at 16:01:49,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by ICH (administrator) on SVENI-PC on 16-04-2014 16:09:53
Running from C:\Users\ICH\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-29] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [165912 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [385560 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [363544 2009-09-23] (Intel Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A51FD27CE3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) =================

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 16:09 - 2014-04-16 16:09 - 00007551 _____ () C:\Users\ICH\Desktop\FRST.txt
2014-04-16 16:01 - 2014-04-16 16:01 - 00000868 _____ () C:\Users\ICH\Desktop\JRT.txt
2014-04-16 15:46 - 2014-04-16 15:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 15:45 - 2014-04-16 15:45 - 00008910 _____ () C:\Users\ICH\Desktop\AdwCleaner[S0].txt
2014-04-16 15:40 - 2014-04-16 15:42 - 00000000 ____D () C:\AdwCleaner
2014-04-16 15:40 - 2014-04-16 15:39 - 01426178 _____ () C:\Users\ICH\Desktop\adwcleaner.exe
2014-04-16 15:40 - 2014-04-16 15:39 - 01016261 _____ (Thisisu) C:\Users\ICH\Desktop\JRT.exe
2014-04-16 14:43 - 2014-04-16 14:45 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Notepad++
2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-16 13:07 - 2014-04-16 16:09 - 00000000 ____D () C:\FRST
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable
2014-04-16 13:06 - 2014-04-16 13:05 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe
2014-04-16 13:06 - 2014-04-16 13:05 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe
2014-04-16 13:06 - 2014-04-16 13:04 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe
2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog
2014-04-15 18:39 - 2014-04-15 18:40 - 00000000 ____D () C:\03463972d690932c2a4980ba
2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log
2014-04-14 23:54 - 2014-02-17 21:55 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 23:49 - 2014-04-16 15:44 - 00001002 _____ () C:\Windows\setupact.log
2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-14 21:46 - 2014-04-16 15:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 21:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 21:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 21:38 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 21:26 - 2014-04-14 21:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-04-14 21:26 - 2014-04-14 21:27 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part
2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg
2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe
2014-04-10 12:14 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 12:14 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 12:14 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 12:14 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 12:14 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 12:14 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 12:14 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 12:14 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 12:14 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 12:14 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 12:14 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 12:14 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 12:14 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 12:14 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 12:14 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 12:14 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat
2014-03-30 17:21 - 2014-03-30 20:09 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe
2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 17:05 - 2014-04-14 20:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG
2014-03-30 17:05 - 2014-03-28 16:38 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe
2014-03-30 16:54 - 2014-03-31 17:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-03-30 16:54 - 2014-03-30 20:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-03-30 16:54 - 2014-03-30 17:26 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-03-30 16:54 - 2014-03-30 17:06 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-03-30 16:54 - 2014-03-30 17:06 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results
2014-03-30 16:53 - 2014-04-16 15:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-30 16:50 - 2014-03-30 16:49 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp
2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn
2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac

==================== One Month Modified Files and Folders =======

2014-04-16 16:10 - 2014-04-16 16:09 - 00007551 _____ () C:\Users\ICH\Desktop\FRST.txt
2014-04-16 16:09 - 2014-04-16 13:07 - 00000000 ____D () C:\FRST
2014-04-16 16:01 - 2014-04-16 16:01 - 00000868 _____ () C:\Users\ICH\Desktop\JRT.txt
2014-04-16 15:52 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 15:52 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 15:51 - 2014-03-30 16:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 15:46 - 2014-04-16 15:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 15:45 - 2014-04-16 15:45 - 00008910 _____ () C:\Users\ICH\Desktop\AdwCleaner[S0].txt
2014-04-16 15:45 - 2014-04-14 21:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 15:45 - 2013-06-01 20:02 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn Hamachi
2014-04-16 15:44 - 2014-04-14 23:49 - 00001002 _____ () C:\Windows\setupact.log
2014-04-16 15:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 15:43 - 2011-09-07 19:27 - 01412264 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 15:42 - 2014-04-16 15:40 - 00000000 ____D () C:\AdwCleaner
2014-04-16 15:39 - 2014-04-16 15:40 - 01426178 _____ () C:\Users\ICH\Desktop\adwcleaner.exe
2014-04-16 15:39 - 2014-04-16 15:40 - 01016261 _____ (Thisisu) C:\Users\ICH\Desktop\JRT.exe
2014-04-16 14:45 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Notepad++
2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-16 14:14 - 2013-02-04 15:09 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA.job
2014-04-16 14:14 - 2013-02-04 15:09 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core.job
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable
2014-04-16 13:06 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH
2014-04-16 13:05 - 2014-04-16 13:06 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe
2014-04-16 13:05 - 2014-04-16 13:06 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe
2014-04-16 13:04 - 2014-04-16 13:06 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe
2014-04-16 12:48 - 2009-07-14 19:58 - 00699712 _____ () C:\Windows\system32\perfh007.dat
2014-04-16 12:48 - 2009-07-14 19:58 - 00149820 _____ () C:\Windows\system32\perfc007.dat
2014-04-16 12:48 - 2009-07-14 07:13 - 01620812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 12:47 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH\AppData\Local\VirtualStore
2014-04-16 12:45 - 2014-03-10 20:23 - 01595092 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog
2014-04-16 12:44 - 2011-10-27 20:28 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-15 18:40 - 2014-04-15 18:39 - 00000000 ____D () C:\03463972d690932c2a4980ba
2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log
2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-14 23:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-14 23:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 21:28 - 2014-04-14 21:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-04-14 21:27 - 2014-04-14 21:26 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part
2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg
2014-04-14 20:05 - 2014-03-30 17:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG
2014-04-14 19:25 - 2013-11-23 21:31 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 19:25 - 2011-09-07 20:23 - 00000000 ____D () C:\Windows\Panther
2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe
2014-04-13 17:43 - 2013-03-23 10:36 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Spotify
2014-04-13 17:43 - 2013-03-16 13:59 - 00000000 ____D () C:\Users\sveni\AppData\Local\LogMeIn Hamachi
2014-04-13 17:30 - 2013-01-10 19:51 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Skype
2014-04-11 11:49 - 2013-08-15 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 11:46 - 2012-02-12 12:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 12:04 - 2013-03-23 10:39 - 00000000 ____D () C:\Users\sveni\AppData\Local\Spotify
2014-04-03 09:51 - 2014-04-14 21:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 21:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 21:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 17:06 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-03-31 14:52 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-31 03:16 - 2014-04-10 12:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 12:14 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe
2014-03-30 20:09 - 2014-03-30 17:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-30 20:01 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-03-30 18:54 - 2013-01-19 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 17:36 - 2013-03-23 10:39 - 00002022 _____ () C:\Users\sveni\Desktop\Spotify.lnk
2014-03-30 17:36 - 2013-03-23 10:39 - 00002008 _____ () C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-03-30 17:26 - 2014-03-30 16:54 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe
2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 17:06 - 2014-03-30 16:54 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-03-30 17:06 - 2014-03-30 16:54 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results
2014-03-30 16:57 - 2013-01-30 22:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-30 16:53 - 2013-09-01 20:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-30 16:53 - 2011-09-17 11:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-30 16:49 - 2014-03-30 16:50 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp
2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn
2014-03-29 13:44 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-28 16:38 - 2014-03-30 17:05 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe
2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac
2014-03-17 16:18 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\ICH\AppData\Local\Temp\Quarantine.exe
C:\Users\ICH\AppData\Local\Temp\xmlUpdater.exe
C:\Users\sveni\AppData\Local\Temp\AskSLib.dll
C:\Users\sveni\AppData\Local\Temp\chutil.dll
C:\Users\sveni\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\sveni\AppData\Local\Temp\i4jdel0.exe
C:\Users\sveni\AppData\Local\Temp\install_flashplayer10_chra_aih.exe
C:\Users\sveni\AppData\Local\Temp\ptk4gcrl.dll
C:\Users\sveni\AppData\Local\Temp\ResetDevice.exe
C:\Users\sveni\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sveni\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-14 22:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Vielen Dank für deine Hilfe!

Eine Addition.txt gabs diesmal nicht!

Alt 16.04.2014, 20:59   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



DHaken setzen bei addition.txt dann auf Scan klicken. Sonst wird keine neue addition erstellt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.04.2014, 11:38   #14
bm123
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



okay, das wusste ich nicht,


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by ICH (administrator) on SVENI-PC on 17-04-2014 10:57:24
Running from C:\Users\ICH\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-29] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [165912 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [385560 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [363544 2009-09-23] (Intel Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A51FD27CE3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) =================

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 16:09 - 2014-04-17 10:57 - 00007622 _____ () C:\Users\ICH\Desktop\FRST.txt
2014-04-16 16:01 - 2014-04-16 16:01 - 00000868 _____ () C:\Users\ICH\Desktop\JRT.txt
2014-04-16 15:46 - 2014-04-16 15:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 15:45 - 2014-04-16 15:45 - 00008910 _____ () C:\Users\ICH\Desktop\AdwCleaner[S0].txt
2014-04-16 15:40 - 2014-04-16 15:42 - 00000000 ____D () C:\AdwCleaner
2014-04-16 15:40 - 2014-04-16 15:39 - 01426178 _____ () C:\Users\ICH\Desktop\adwcleaner.exe
2014-04-16 15:40 - 2014-04-16 15:39 - 01016261 _____ (Thisisu) C:\Users\ICH\Desktop\JRT.exe
2014-04-16 14:43 - 2014-04-16 14:45 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Notepad++
2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-16 13:07 - 2014-04-17 10:57 - 00000000 ____D () C:\FRST
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable
2014-04-16 13:06 - 2014-04-16 13:05 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe
2014-04-16 13:06 - 2014-04-16 13:05 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe
2014-04-16 13:06 - 2014-04-16 13:04 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe
2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog
2014-04-15 18:39 - 2014-04-15 18:40 - 00000000 ____D () C:\03463972d690932c2a4980ba
2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log
2014-04-14 23:54 - 2014-02-17 21:55 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 23:49 - 2014-04-17 10:56 - 00001058 _____ () C:\Windows\setupact.log
2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-14 21:46 - 2014-04-17 10:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 21:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 21:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 21:38 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 21:26 - 2014-04-14 21:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-04-14 21:26 - 2014-04-14 21:27 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part
2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg
2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe
2014-04-10 12:14 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 12:14 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 12:14 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 12:14 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 12:14 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 12:14 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 12:14 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 12:14 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 12:14 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 12:14 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 12:14 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 12:14 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 12:14 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 12:14 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 12:14 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 12:14 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 12:14 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat
2014-03-30 17:21 - 2014-03-30 20:09 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe
2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 17:05 - 2014-04-14 20:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG
2014-03-30 17:05 - 2014-03-28 16:38 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe
2014-03-30 16:54 - 2014-03-31 17:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-03-30 16:54 - 2014-03-30 20:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-03-30 16:54 - 2014-03-30 17:26 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-03-30 16:54 - 2014-03-30 17:06 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-03-30 16:54 - 2014-03-30 17:06 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results
2014-03-30 16:53 - 2014-04-16 17:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-30 16:50 - 2014-03-30 16:49 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp
2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn
2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac

==================== One Month Modified Files and Folders =======

2014-04-17 10:57 - 2014-04-16 16:09 - 00007622 _____ () C:\Users\ICH\Desktop\FRST.txt
2014-04-17 10:57 - 2014-04-16 13:07 - 00000000 ____D () C:\FRST
2014-04-17 10:56 - 2014-04-14 23:49 - 00001058 _____ () C:\Windows\setupact.log
2014-04-17 10:56 - 2014-04-14 21:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 10:56 - 2013-06-01 20:02 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn Hamachi
2014-04-17 10:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 18:08 - 2011-09-07 19:27 - 01413095 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 17:51 - 2014-03-30 16:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 17:14 - 2013-02-04 15:09 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA.job
2014-04-16 16:01 - 2014-04-16 16:01 - 00000868 _____ () C:\Users\ICH\Desktop\JRT.txt
2014-04-16 15:52 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 15:52 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 15:46 - 2014-04-16 15:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 15:45 - 2014-04-16 15:45 - 00008910 _____ () C:\Users\ICH\Desktop\AdwCleaner[S0].txt
2014-04-16 15:42 - 2014-04-16 15:40 - 00000000 ____D () C:\AdwCleaner
2014-04-16 15:39 - 2014-04-16 15:40 - 01426178 _____ () C:\Users\ICH\Desktop\adwcleaner.exe
2014-04-16 15:39 - 2014-04-16 15:40 - 01016261 _____ (Thisisu) C:\Users\ICH\Desktop\JRT.exe
2014-04-16 14:45 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Notepad++
2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-16 14:14 - 2013-02-04 15:09 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core.job
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable
2014-04-16 13:06 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH
2014-04-16 13:05 - 2014-04-16 13:06 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe
2014-04-16 13:05 - 2014-04-16 13:06 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe
2014-04-16 13:04 - 2014-04-16 13:06 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe
2014-04-16 12:48 - 2009-07-14 19:58 - 00699712 _____ () C:\Windows\system32\perfh007.dat
2014-04-16 12:48 - 2009-07-14 19:58 - 00149820 _____ () C:\Windows\system32\perfc007.dat
2014-04-16 12:48 - 2009-07-14 07:13 - 01620812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 12:47 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH\AppData\Local\VirtualStore
2014-04-16 12:45 - 2014-03-10 20:23 - 01595092 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog
2014-04-16 12:44 - 2011-10-27 20:28 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-15 18:40 - 2014-04-15 18:39 - 00000000 ____D () C:\03463972d690932c2a4980ba
2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log
2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-14 23:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-14 23:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 21:28 - 2014-04-14 21:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-04-14 21:27 - 2014-04-14 21:26 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part
2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg
2014-04-14 20:05 - 2014-03-30 17:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG
2014-04-14 19:25 - 2013-11-23 21:31 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 19:25 - 2011-09-07 20:23 - 00000000 ____D () C:\Windows\Panther
2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe
2014-04-13 17:43 - 2013-03-23 10:36 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Spotify
2014-04-13 17:43 - 2013-03-16 13:59 - 00000000 ____D () C:\Users\sveni\AppData\Local\LogMeIn Hamachi
2014-04-13 17:30 - 2013-01-10 19:51 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Skype
2014-04-11 11:49 - 2013-08-15 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 11:46 - 2012-02-12 12:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 12:04 - 2013-03-23 10:39 - 00000000 ____D () C:\Users\sveni\AppData\Local\Spotify
2014-04-03 09:51 - 2014-04-14 21:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 21:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 21:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 17:06 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-03-31 14:52 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-31 03:16 - 2014-04-10 12:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 12:14 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe
2014-03-30 20:09 - 2014-03-30 17:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-30 20:01 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-03-30 18:54 - 2013-01-19 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 17:36 - 2013-03-23 10:39 - 00002022 _____ () C:\Users\sveni\Desktop\Spotify.lnk
2014-03-30 17:36 - 2013-03-23 10:39 - 00002008 _____ () C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-03-30 17:26 - 2014-03-30 16:54 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe
2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe
2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 17:06 - 2014-03-30 16:54 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-03-30 17:06 - 2014-03-30 16:54 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results
2014-03-30 16:57 - 2013-01-30 22:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-30 16:53 - 2013-09-01 20:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-30 16:53 - 2011-09-17 11:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-30 16:49 - 2014-03-30 16:50 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp
2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn
2014-03-29 13:44 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-28 16:38 - 2014-03-30 17:05 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe
2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac

Some content of TEMP:
====================
C:\Users\ICH\AppData\Local\Temp\Quarantine.exe
C:\Users\ICH\AppData\Local\Temp\xmlUpdater.exe
C:\Users\sveni\AppData\Local\Temp\AskSLib.dll
C:\Users\sveni\AppData\Local\Temp\chutil.dll
C:\Users\sveni\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\sveni\AppData\Local\Temp\i4jdel0.exe
C:\Users\sveni\AppData\Local\Temp\install_flashplayer10_chra_aih.exe
C:\Users\sveni\AppData\Local\Temp\ptk4gcrl.dll
C:\Users\sveni\AppData\Local\Temp\ResetDevice.exe
C:\Users\sveni\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sveni\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-14 22:50

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by ICH at 2014-04-17 10:58:23
Running from C:\Users\ICH\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{B0BF4E84-0EE3-4E47-B90E-27B40348E022}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.2 - Synaptics Incorporated)

==================== Restore Points  =========================

07-04-2014 17:39:13 Windows Update
10-04-2014 18:05:52 Windows Update
11-04-2014 09:44:35 Windows Update
14-04-2014 21:27:47 Windows Update
15-04-2014 16:38:54 Windows Update
16-04-2014 10:43:27 Removed QLBCASL

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {16BB62E6-A89B-4DFB-BCE3-F75A23F8B3A9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-04] (Facebook Inc.)
Task: {2A543878-7A91-4DA1-81D5-2753F4AC716B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4410127F-8756-45D4-9BEF-5CD9D0DCEEE0} - \SpeedUpMyPC Startup ATTENTION ====> No Task File
Task: {61F9AC68-036A-41BA-98A3-3FF4A95D4229} - \SpeedUpMyPC Maintenance ATTENTION ====> No Task File
Task: {7795566C-0694-4F2D-A6C4-CF2722F6E4BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30] (Adobe Systems Incorporated)
Task: {8320BD4E-28C7-426D-9570-5B8A61A14071} - \MySearchDial ATTENTION ====> No Task File
Task: {9572EB78-6F60-4F78-A026-97A81A454122} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C6441921-8992-4C53-B66F-7E7DC726A46C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CC969808-F2C1-4491-9195-E2856F0816C3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-04] (Facebook Inc.)
Task: {DE11AFC9-B9B4-46CA-A7F2-E3B3C8909E9C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DFDE54CF-55E7-4A27-AD5D-1F4AF4433B76} - System32\Tasks\{F826A647-66EC-4707-99FD-F9875470C78A} => C:\Program Files (x86)\Surf &amp; E-Mail-Stick\Surf &amp; E-Mail-Stick.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core.job => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA.job => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-08 23:49 - 2011-06-08 23:49 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3070_B611.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/17/2014 10:57:46 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/17/2014 10:57:17 AM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (04/16/2014 04:10:02 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 2039.3 MB
Available physical RAM: 1093.55 MB
Total Pagefile: 4078.61 MB
Available Pagefile: 3004.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:106.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (KONBOOT) (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1DDD9228)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 962 MB) (Disk ID: 000D01D4)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Bitte schön, habe beides neu gemacht.

Alt 17.04.2014, 12:01   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Standard

Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe
C:\Windows\Tasks\APSnotifierPP2.job
C:\Windows\Tasks\APSnotifierPP3.job
C:\Windows\Tasks\APSnotifierPP1.job
C:\Windows\System32\Tasks\APSnotifierPP1
C:\Windows\System32\Tasks\APSnotifierPP3
C:\Windows\System32\Tasks\APSnotifierPP2
C:\Users\ICH\Downloads\SpyHunter-Installer.exe
C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe
C:\Users\ICH\AppData\Roaming\WB.CFG
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\AnyProtectEx
Task: {4410127F-8756-45D4-9BEF-5CD9D0DCEEE0} - \SpeedUpMyPC Startup ATTENTION ====> No Task File
Task: {61F9AC68-036A-41BA-98A3-3FF4A95D4229} - \SpeedUpMyPC Maintenance ATTENTION ====> No Task File
Task: {8320BD4E-28C7-426D-9570-5B8A61A14071} - \MySearchDial ATTENTION ====> No Task File
Task: {C6441921-8992-4C53-B66F-7E7DC726A46C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DE11AFC9-B9B4-46CA-A7F2-E3B3C8909E9C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung
adobe, browser, ccsetup, defender, device driver, explorer, falsche startseite, fehlermeldung, firefox, flash player, homepage, iexplore.exe, internet, internet explorer, launch, mozilla, netzwerk, neustart, newtab, problem, proxy-server, registry, security, services.exe, software, svchost.exe, system, temp, tunnel, viel werbung, werbung, windows, winlogon.exe




Ähnliche Themen: Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung


  1. Proxy-Server verweigert die Verbindung; Interneteinstellungen werden automatisch wieder geändert
    Log-Analyse und Auswertung - 15.01.2015 (27)
  2. Windows 7: Internet: Proxy-Server verweigert die Verbindung
    Log-Analyse und Auswertung - 19.09.2014 (15)
  3. Firefox: Proxy-Server verweigert die Verbindung
    Plagegeister aller Art und deren Bekämpfung - 13.09.2014 (1)
  4. Proxy-Server verweigert die Verbindung
    Plagegeister aller Art und deren Bekämpfung - 19.08.2014 (15)
  5. Firefox: Proxy-Server verweigert die Verbindung
    Log-Analyse und Auswertung - 19.05.2014 (12)
  6. Viel Werbung bei internet explorer
    Plagegeister aller Art und deren Bekämpfung - 19.04.2014 (4)
  7. proxy server verweigert die verbindung
    Log-Analyse und Auswertung - 14.04.2014 (12)
  8. Firefox: Ein Proxy-Server verweigert die Verbindung
    Plagegeister aller Art und deren Bekämpfung - 25.02.2014 (13)
  9. Firefox: Verbindung zum Proxy Server kann nicht hergestellt werden
    Plagegeister aller Art und deren Bekämpfung - 20.02.2014 (3)
  10. Firefox-Fehler: Proxy-Server verweigert die Verbindung
    Log-Analyse und Auswertung - 03.01.2014 (24)
  11. Proxy Server verweigert die Verbindung
    Mülltonne - 27.10.2013 (3)
  12. Firefox: "Proxy-Server verweigert die Verbindung"
    Log-Analyse und Auswertung - 01.09.2013 (9)
  13. Firefox: Proxy-Server verweigert die Verbindung
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (20)
  14. Firefox: Proxy-Server verweigert die Verbindung
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (3)
  15. Firefox: Proxy Server verweigert die Verbindung
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (5)
  16. Firefox fehlermeldung : Proxy-Server verweigert die Verbindung
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (36)
  17. Firefox - Fehler: Proxy-Server verweigert die Verbindung
    Plagegeister aller Art und deren Bekämpfung - 30.01.2011 (1)

Zum Thema Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung - Moin, mein Bruder gab mir seinen Laptop. Seine Aussage: Der Internet Explorer hat immer die falsche Startseite, einstellen nüzt nichts und Firefox verweigert die Verbindung mit Proxy-Server! Er selber hatt - Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung...
Archiv
Du betrachtest: Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.