|
Log-Analyse und Auswertung: Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.04.2014, 12:46 | #1 |
| Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung Moin, mein Bruder gab mir seinen Laptop. Seine Aussage: Der Internet Explorer hat immer die falsche Startseite, einstellen nüzt nichts und Firefox verweigert die Verbindung mit Proxy-Server! Er selber hatt schon was mit Virescannern versucht, welche weis ich nicht, hat er mir nicht mitgeteilt. Vorher hatte Firefox das selbe Problem wie der IE, nach dem scan kam die o.g. Fehlermeldung. Auf dem Laptop sind zwei Benutzerkonten, Seines und das seiner Tochter. Ich habe die folgenden Logfiles nur auf seinem Konto erstellt! Wenn ich welche mit dem anderen Konto erstellen soll, so sagt es mir bitte. defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:06 on 16/04/2014 (ICH) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by ICH (administrator) on SVENI-PC on 16-04-2014 13:08:02 Running from C:\Users\ICH\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-29] (Synaptics Incorporated) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [165912 2009-09-23] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [385560 2009-09-23] (Intel Corporation) HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [363544 2009-09-23] (Intel Corporation) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) Startup: C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A51FD27CE3CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default FF user.js: detected! => C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js FF NewTab: chrome://quick_start/content/index.html FF SearchEngineOrder.1: Mysearchdial FF Homepage: hxxp://google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF StartMenuInternet: FIREFOX.EXE - firefox.exe ==================== Services (Whitelisted) ================= R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 13:08 - 2014-04-16 13:08 - 00009106 _____ () C:\Users\ICH\Desktop\FRST.txt 2014-04-16 13:07 - 2014-04-16 13:08 - 00000000 ____D () C:\FRST 2014-04-16 13:06 - 2014-04-16 13:06 - 00000468 _____ () C:\Users\ICH\Desktop\defogger_disable.log 2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable 2014-04-16 13:06 - 2014-04-16 13:05 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe 2014-04-16 13:06 - 2014-04-16 13:05 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe 2014-04-16 13:06 - 2014-04-16 13:04 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe 2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog 2014-04-15 18:39 - 2014-04-15 18:40 - 00000000 ____D () C:\03463972d690932c2a4980ba 2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log 2014-04-14 23:54 - 2014-02-17 21:55 - 00000426 _____ () C:\AVScanner.ini 2014-04-14 23:49 - 2014-04-16 12:41 - 00000946 _____ () C:\Windows\setupact.log 2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-14 21:46 - 2014-04-16 12:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-14 21:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-14 21:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-14 21:38 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-14 21:26 - 2014-04-14 21:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe 2014-04-14 21:26 - 2014-04-14 21:27 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part 2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg 2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe 2014-04-10 12:14 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-10 12:14 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-10 12:14 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-10 12:14 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-10 12:14 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-10 12:14 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-10 12:14 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-10 12:14 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-10 12:14 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-10 12:14 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-10 12:14 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-10 12:14 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-10 12:14 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-10 12:14 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-10 12:14 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-10 12:14 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat 2014-03-30 17:21 - 2014-03-30 20:09 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe 2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-30 17:05 - 2014-04-16 13:05 - 00000284 _____ () C:\Windows\Tasks\MySearchDial.job 2014-03-30 17:05 - 2014-04-14 20:05 - 00003220 _____ () C:\Windows\System32\Tasks\MySearchDial 2014-03-30 17:05 - 2014-04-14 20:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG 2014-03-30 17:05 - 2014-03-30 17:08 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-03-30 17:05 - 2014-03-28 16:38 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe 2014-03-30 16:55 - 2014-03-30 16:55 - 00000000 ____D () C:\Users\ICH\AppData\Local\Tuguu_SL 2014-03-30 16:54 - 2014-03-31 17:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-03-30 16:54 - 2014-03-30 20:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-03-30 16:54 - 2014-03-30 17:26 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-03-30 16:54 - 2014-03-30 17:06 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-03-30 16:54 - 2014-03-30 17:06 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results 2014-03-30 16:53 - 2014-04-16 12:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-30 16:52 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\WPM 2014-03-30 16:52 - 2014-04-14 22:18 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\SupTab 2014-03-30 16:50 - 2014-03-30 16:50 - 00003208 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance 2014-03-30 16:50 - 2014-03-30 16:49 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp 2014-03-30 16:49 - 2014-04-16 12:50 - 00000274 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job 2014-03-30 16:49 - 2014-04-16 12:42 - 00000268 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job 2014-03-30 16:49 - 2014-03-30 16:50 - 00002496 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup 2014-03-30 16:48 - 2014-03-30 16:48 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Uniblue 2014-03-30 16:48 - 2014-03-30 16:48 - 00000000 ____D () C:\Program Files (x86)\Uniblue 2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-03-30 16:45 - 2014-03-30 16:45 - 00000000 ____D () C:\Users\ICH\AppData\Local\SearchProtect 2014-03-30 16:45 - 2014-03-30 16:45 - 00000000 _____ () C:\END 2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn 2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac ==================== One Month Modified Files and Folders ======= 2014-04-16 13:08 - 2014-04-16 13:08 - 00009106 _____ () C:\Users\ICH\Desktop\FRST.txt 2014-04-16 13:08 - 2014-04-16 13:07 - 00000000 ____D () C:\FRST 2014-04-16 13:06 - 2014-04-16 13:06 - 00000468 _____ () C:\Users\ICH\Desktop\defogger_disable.log 2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable 2014-04-16 13:06 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH 2014-04-16 13:05 - 2014-04-16 13:06 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe 2014-04-16 13:05 - 2014-04-16 13:06 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe 2014-04-16 13:05 - 2014-03-30 17:05 - 00000284 _____ () C:\Windows\Tasks\MySearchDial.job 2014-04-16 13:04 - 2014-04-16 13:06 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe 2014-04-16 12:51 - 2014-03-30 16:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 12:50 - 2014-03-30 16:49 - 00000274 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job 2014-04-16 12:48 - 2011-09-07 19:27 - 01401585 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 12:48 - 2009-07-14 19:58 - 00699712 _____ () C:\Windows\system32\perfh007.dat 2014-04-16 12:48 - 2009-07-14 19:58 - 00149820 _____ () C:\Windows\system32\perfc007.dat 2014-04-16 12:48 - 2009-07-14 07:13 - 01620812 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-16 12:48 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 12:48 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 12:47 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH\AppData\Local\VirtualStore 2014-04-16 12:45 - 2014-03-10 20:23 - 01595092 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog 2014-04-16 12:44 - 2011-10-27 20:28 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-04-16 12:42 - 2014-03-30 16:49 - 00000268 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job 2014-04-16 12:41 - 2014-04-14 23:49 - 00000946 _____ () C:\Windows\setupact.log 2014-04-16 12:41 - 2014-04-14 21:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 12:41 - 2013-06-01 20:02 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn Hamachi 2014-04-16 12:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-15 18:40 - 2014-04-15 18:39 - 00000000 ____D () C:\03463972d690932c2a4980ba 2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log 2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-14 23:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-14 23:14 - 2013-02-04 15:09 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA.job 2014-04-14 23:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-14 22:20 - 2014-03-30 16:52 - 00000000 ____D () C:\ProgramData\WPM 2014-04-14 22:18 - 2014-03-30 16:52 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\SupTab 2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-14 21:28 - 2014-04-14 21:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe 2014-04-14 21:27 - 2014-04-14 21:26 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part 2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg 2014-04-14 20:05 - 2014-03-30 17:05 - 00003220 _____ () C:\Windows\System32\Tasks\MySearchDial 2014-04-14 20:05 - 2014-03-30 17:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG 2014-04-14 19:25 - 2013-11-23 21:31 - 00000000 ____D () C:\Windows\Minidump 2014-04-14 19:25 - 2011-09-07 20:23 - 00000000 ____D () C:\Windows\Panther 2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe 2014-04-13 17:43 - 2013-03-23 10:36 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Spotify 2014-04-13 17:43 - 2013-03-16 13:59 - 00000000 ____D () C:\Users\sveni\AppData\Local\LogMeIn Hamachi 2014-04-13 17:38 - 2013-02-04 15:09 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core.job 2014-04-13 17:30 - 2013-01-10 19:51 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Skype 2014-04-11 11:49 - 2013-08-15 02:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 11:46 - 2012-02-12 12:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 12:04 - 2013-03-23 10:39 - 00000000 ____D () C:\Users\sveni\AppData\Local\Spotify 2014-04-03 09:51 - 2014-04-14 21:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-14 21:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-14 21:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 17:06 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-03-31 14:52 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-31 03:16 - 2014-04-10 12:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-10 12:14 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe 2014-03-30 20:09 - 2014-03-30 17:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-30 20:01 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-03-30 18:54 - 2013-01-19 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 17:36 - 2013-03-23 10:39 - 00002022 _____ () C:\Users\sveni\Desktop\Spotify.lnk 2014-03-30 17:36 - 2013-03-23 10:39 - 00002008 _____ () C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2014-03-30 17:26 - 2014-03-30 16:54 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe 2014-03-30 17:08 - 2014-03-30 17:05 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-30 17:06 - 2014-03-30 16:54 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-03-30 17:06 - 2014-03-30 16:54 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results 2014-03-30 16:57 - 2013-01-30 22:23 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-03-30 16:55 - 2014-03-30 16:55 - 00000000 ____D () C:\Users\ICH\AppData\Local\Tuguu_SL 2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-30 16:53 - 2013-09-01 20:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-30 16:53 - 2011-09-17 11:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-30 16:50 - 2014-03-30 16:50 - 00003208 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance 2014-03-30 16:50 - 2014-03-30 16:49 - 00002496 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup 2014-03-30 16:49 - 2014-03-30 16:50 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp 2014-03-30 16:48 - 2014-03-30 16:48 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Uniblue 2014-03-30 16:48 - 2014-03-30 16:48 - 00000000 ____D () C:\Program Files (x86)\Uniblue 2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-03-30 16:45 - 2014-03-30 16:45 - 00000000 ____D () C:\Users\ICH\AppData\Local\SearchProtect 2014-03-30 16:45 - 2014-03-30 16:45 - 00000000 _____ () C:\END 2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn 2014-03-29 13:44 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-03-28 16:38 - 2014-03-30 17:05 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe 2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac 2014-03-17 16:18 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT Some content of TEMP: ==================== C:\Users\sveni\AppData\Local\Temp\AskSLib.dll C:\Users\sveni\AppData\Local\Temp\chutil.dll C:\Users\sveni\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\sveni\AppData\Local\Temp\i4jdel0.exe C:\Users\sveni\AppData\Local\Temp\install_flashplayer10_chra_aih.exe C:\Users\sveni\AppData\Local\Temp\ptk4gcrl.dll C:\Users\sveni\AppData\Local\Temp\ResetDevice.exe C:\Users\sveni\AppData\Local\Temp\SkypeSetup.exe C:\Users\sveni\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-14 22:50 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014 Ran by ICH at 2014-04-16 13:08:55 Running from C:\Users\ICH\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{B0BF4E84-0EE3-4E47-B90E-27B40348E022}) (Version: 25.0.571.0 - Hewlett-Packard Co.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.2 - Synaptics Incorporated) ==================== Restore Points ========================= 18-03-2014 20:21:17 Windows Update 19-03-2014 14:22:16 Windows Update 23-03-2014 18:20:35 Windows Update 28-03-2014 13:22:58 Windows Update 30-03-2014 14:47:14 Uniblue SpeedUpMyPC installation 30-03-2014 14:56:40 Removed Adobe Flash Player 11 ActiveX. 30-03-2014 15:21:24 Installed SpyHunter 30-03-2014 18:03:47 Removed SpyHunter 30-03-2014 18:05:39 Removed SpyHunter 30-03-2014 18:07:45 Removed SpyHunter 30-03-2014 18:08:29 Removed SpyHunter 30-03-2014 22:04:10 Avira EU-Cleaner - 31.03.2014 00:04 01-04-2014 15:52:23 Windows Update 07-04-2014 17:39:13 Windows Update 10-04-2014 18:05:52 Windows Update 11-04-2014 09:44:35 Windows Update 14-04-2014 21:27:47 Windows Update 15-04-2014 16:38:54 Windows Update 16-04-2014 10:43:27 Removed QLBCASL ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {16BB62E6-A89B-4DFB-BCE3-F75A23F8B3A9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-04] (Facebook Inc.) Task: {2A543878-7A91-4DA1-81D5-2753F4AC716B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {4410127F-8756-45D4-9BEF-5CD9D0DCEEE0} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION Task: {61F9AC68-036A-41BA-98A3-3FF4A95D4229} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION Task: {7795566C-0694-4F2D-A6C4-CF2722F6E4BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30] (Adobe Systems Incorporated) Task: {8320BD4E-28C7-426D-9570-5B8A61A14071} - System32\Tasks\MySearchDial => C:\Users\ICH\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {9572EB78-6F60-4F78-A026-97A81A454122} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: {C6441921-8992-4C53-B66F-7E7DC726A46C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {CC969808-F2C1-4491-9195-E2856F0816C3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-04] (Facebook Inc.) Task: {DE11AFC9-B9B4-46CA-A7F2-E3B3C8909E9C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {DFDE54CF-55E7-4A27-AD5D-1F4AF4433B76} - System32\Tasks\{F826A647-66EC-4707-99FD-F9875470C78A} => C:\Program Files (x86)\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core.job => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA.job => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\ICH\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2011-06-08 23:49 - 2011-06-08 23:49 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3070_B611.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/16/2014 00:44:30 PM) (Source: Microsoft-Windows-RestartManager) (User: sveni-PC) Description: Die Anwendung oder der Dienst "hpqwmiex" konnte nicht neu gestartet werden. Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service) (User: ) Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service) (User: ) Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden. Details: 0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800)) System errors: ============= Error: (04/16/2014 00:42:25 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (04/16/2014 00:38:56 PM) (Source: Microsoft-Windows-DriverFrameworks-UserMode) (User: NT-AUTORITÄT) Description: Das Treiberpaket konnte nicht installiert werden. Der letzte Status war "1115". Error: (04/16/2014 00:35:05 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 15.04.2014 um 18:39:39 unerwartet heruntergefahren. Error: (04/14/2014 11:52:07 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (04/14/2014 11:51:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/14/2014 11:51:24 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error: (04/14/2014 10:18:52 PM) (Source: DCOM) (User: ) Description: {06622D85-6856-4460-8DE1-A81921B41C4B} Error: (04/14/2014 07:45:59 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht. Error: (04/14/2014 07:08:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140966905 Error: (04/14/2014 07:08:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140966905 Microsoft Office Sessions: ========================= Error: (04/16/2014 00:44:30 PM) (Source: Microsoft-Windows-RestartManager)(User: sveni-PC) Description: 0hpqWmiEx.exehpqwmiex03026217830600 Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service)(User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2014 11:51:24 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service)(User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service)(User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) 4700 Error: (04/14/2014 11:51:20 PM) (Source: Windows Search Service)(User: ) Description: Details: 0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800)) ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 2037.88 MB Available physical RAM: 1129.94 MB Total Pagefile: 4075.77 MB Available Pagefile: 2917.08 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.05 GB) (Free:106.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1DDD9228) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-16 13:18:10 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVS-00VAT0 rev.11.01A11 149,05GB Running: Gmer-19357.exe; Driver: C:\Users\ICH\AppData\Local\Temp\pgloypog.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:3992] 0000000076f47587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:2548] 00000000745f7712 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:468] 00000000773b2e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:1920] 00000000773b3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:2524] 00000000773b3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3912:3000] 00000000773b3e85 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{0A499656-1C08-48D6-BF2D-E027948BC8E6}?\Device\{0FAD5763-F823-4325-BAFA-EF6BB46A7167}?\Device\{4E818552-8FD4-498E-96BB-16D6001927CD}?\Device\{1E999E6A-5029-42F2-BB9B-CFE48FAD23EB}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{0A499656-1C08-48D6-BF2D-E027948BC8E6}"?"{0FAD5763-F823-4325-BAFA-EF6BB46A7167}"?"{4E818552-8FD4-498E-96BB-16D6001927CD}"?"{1E999E6A-5029-42F2-BB9B-CFE48FAD23EB}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{0A499656-1C08-48D6-BF2D-E027948BC8E6}?\Device\TCPIP6TUNNEL_{0FAD5763-F823-4325-BAFA-EF6BB46A7167}?\Device\TCPIP6TUNNEL_{4E818552-8FD4-498E-96BB-16D6001927CD}?\Device\TCPIP6TUNNEL_{1E999E6A-5029-42F2-BB9B-CFE48FAD23EB}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4E818552-8FD4-498E-96BB-16D6001927CD}@InterfaceName isatap.{DCD2706F-1E03-4BFA-9C58-C569D4F71B34} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4E818552-8FD4-498E-96BB-16D6001927CD}@ReusableType 0 ---- EOF - GMER 2.1 ---- MfG Björn |
16.04.2014, 12:54 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
16.04.2014, 13:02 | #3 |
| Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung Moin,
__________________leider habe ich keine anderen Logs, außer die, die ich selbst angelegt habe. Ich weiß nicht was er da genau gemacht hat, jedenfalss sind keine Logs vorhanden, habe eben extra in beiden Konten nachgeschaut. Edit: Ich muss noch was anfügen: Er hat scheinbar Malwarebytes Anti-Malware installiert, was mich verwundert: eine Trail Version? Ich dachte das wäre Freeware? |
16.04.2014, 13:13 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
16.04.2014, 13:30 | #5 |
| Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung Moin, ich habe noch ein Log gefunden! Wenn ich Malwarebytes sage das ich es exportieren möchte, stürzt das Programm ab. Deshalb hier der inhalt der MBAM Log xml datei, ich hoffe das ist so ok? Code:
ATTFilter 2014/04/14 22:17:09 +0200 mbam-log-2014-04-14 (21-56-12).xml yes 2.00.1.1004 v2014.04.14.07 v2014.03.27.01 trial enabled enabled disabled Windows 7 Service Pack 1 x64 ICH NTFS threat completed 266519 1254 5 2 60 10 16 54 447 0 enabled enabled enabled enabled disabled disabled enabled enabled enabled C:\ProgramData\IePluginService\PluginService.exePUP.Optional.IePluginService.Adelete-on-reboot11925ae571b9daa162d4dbd82f218d742ed2 C:\ProgramData\WPM\wprotectmanager.exePUP.Optional.WpManagerdelete-on-reboot129244fb9595c6b5989eb553dd7eb74ab749 C:\Program Files (x86)\Re-markit Corp\Re-markit158.exePUP.Optional.ReMarkit.Adelete-on-reboot170847f847e396e5191d266fb0bd62a0ad53 C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exePUP.Optional.ReMarkIt.Adelete-on-reboot2072be81de4cd9a2db5be73c88daf80a9a66 C:\Program Files (x86)\HQVid8\HQVid8-bg.exePUP.Optional.HQVid.Adelete-on-reboot17768073893973546f640810475efcc36c33d C:\Program Files (x86)\SupTab\DpInterface32.dllPUP.Optional.SupTab.Adelete-on-reboot72cda585fa812e08e67a2551b74b0cf4 C:\Program Files (x86)\Re-markit Corp\Re-markit158.dllPUP.Optional.ReMarkIt.Adelete-on-rebootbe81de4cd9a2db5be73c88daf80a9a66 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServicePUP.Optional.IePluginService.Asuccess5ae571b9daa162d4dbd82f218d742ed2 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WpmPUP.Optional.WpManagersuccess44fb9595c6b5989eb553dd7eb74ab749 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Asuccess40ff53d765169e9819cf848f50b28f71 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}PUP.Optional.VShareRedirsuccess2a15a3872e4db87e6e08e343e61cb24e HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}PUP.Optional.VShareRedirsuccessb9862802f6856ec845305ec855ad43bd HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvcPUP.Optional.MySearchDial.Asuccess93ac31f9502b0e280cd59cac27db966a HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1PUP.Optional.MySearchDial.Asuccess152ab07a215a1125fde485c3e61cc43c HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvcPUP.Optional.MySearchDial.Asuccess152ab07a215a1125fde485c3e61cc43c HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1PUP.Optional.MySearchDial.Asuccess152ab07a215a1125fde485c3e61cc43c HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.BHOPUP.Optional.CrossRider.Asuccess1c23c86233480135f1ddd0c0788b1ce4 HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.BHO.1PUP.Optional.CrossRider.Asuccess4ef11d0db8c31a1c844a2f610ff47987 HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.SandboxPUP.Optional.CrossRider.Asuccessca7564c62f4cbb7b507e1080a261db25 HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.Sandbox.1PUP.Optional.CrossRider.Asuccessb68907233a41bf778747f29e9c677b85 HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058PUP.Optional.CrossRider.Asuccess3f005ecc324968ce13a7bfad33cf956b HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8success51ee01292457c17506aa3c5fba49867a HKLM\SOFTWARE\WOW6432NODE\HQVid8PUP.Optional.HQVid.Asuccess91ae50da75069d998103b3b646bccc34 HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftwarePUP.Optional.WebsSearches.Asuccessb78864c6542786b0cccfe3893cc6e31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.BHOPUP.Optional.CrossRider.Asuccessf04f35f506754ceaab23f59be91a5aa6 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.BHO.1PUP.Optional.CrossRider.Asuccessd36c52d8027966d01ab4b4dc08fb9a66 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.SandboxPUP.Optional.CrossRider.Asuccess2f10bf6b2b5064d22da17f114cb7748c HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.Sandbox.1PUP.Optional.CrossRider.Asuccess51ee89a1f38874c2ede1840c12f1a858 HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\27058PUP.Optional.CrossRider.Asuccess80bffa3098e3df57ecceda92dd252cd4 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8success6ed1c664f28996a0dcd4950648bbcb35 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Re-markitPUP.Optional.ReMarkit.Asuccess47f847e396e5191d266fb0bd62a0ad53 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8PUP.Optional.HQVid.Asuccess17289793116a360062207fea30d27090 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplusPUP.Optional.MediaPlayerplus.Asuccess46f925054b30fe38a322541735cdc739 HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.comPUP.Optional.MySearchDial.Asuccess9ea1f238e695be78c227dcb4dc27ad53 HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CrossriderPUP.Optional.CrossRider.Asuccess3b0444e6daa1e0562e4b3e6641c28f71 HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8PUP.Optional.HQVid.Asuccessee5168c2df9c7abcf48e6207f210ac54 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MySearchDialPUP.Optional.MySearchDial.Asuccess94ab7cae6c0fe3535098731dbb488a76 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.comPUP.Optional.MySearchDial.Asuccess0c336fbb83f8a29472778e02cb385fa1 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CrossriderPUP.Optional.CrossRider.Asuccess60df57d3bcbf03332158dbc9cb38916f HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8PUP.Optional.HQVid.Asuccessfc43be6c413a142286fc0564b34f6898 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1SPUP.Optional.InstallCore.Asuccessbe8156d4bac13501beeb5623e1216f91 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCOREPUP.Optional.InstallCore.Asuccess89b6200acfacfd39fde749462fd49f61 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058PUP.Optional.CrossRider.Asuccess1728e2480477cd697a417eee18ea7b85 HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\High-QualityV8PUP.Optional.CrossRider.Asuccess8db2c16982f98da9c6a20662758d53ad HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8success1e21a6844b3054e2e9c683188f7435cb HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}\INPROCSERVER32PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511311172}PUP.Optional.HQVid.Asuccess073893973546f640810475efcc36c33d HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}PUP.Optional.VShareRedirsuccess |
16.04.2014, 13:36 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung Das ist keine XML-Datei. Öffne die XML-Datei mit einem Editor wie Notepad++ und poste den Inhalt des Logs 1:1 hier in CODE-Tags.
__________________ --> Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung |
16.04.2014, 13:52 | #7 |
| Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung Bitte entschuldige. Das Log ist zu lang, ich bekam die Meldung, ich soll es bitte als zip anhängen. |
16.04.2014, 14:09 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbungLesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
16.04.2014, 14:15 | #9 |
| Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung Tut mir leid, aber über all in den Anleitungen steht, dass man es zippen soll wenns zu groß ist und da mir die Foren Software dies auch mitteielte habe ich es so gemacht. Wenn ihr das nicht wollt, wieso steht es denn da? Das erschwert mir auch die Arbeit! So weiter: Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2014/04/14 22:17:09 +0200</date> <log>mbam-log-2014-04-14 (21-56-12).xml</log> <isadmin>yes</isadmin> </header> <engine> <version>2.00.1.1004</version> <rules-database>v2014.04.14.07</rules-database> <swissarmy-database>v2014.03.27.01</swissarmy-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>ICH</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>266519</objects> <time>1254</time> <processes>5</processes> <modules>2</modules> <keys>60</keys> <values>10</values> <datas>16</datas> <folders>54</folders> <files>447</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <shuriken>enabled</shuriken> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <process><path>C:\ProgramData\IePluginService\PluginService.exe</path><vendor>PUP.Optional.IePluginService.A</vendor><action>delete-on-reboot</action><pid>1192</pid><hash>5ae571b9daa162d4dbd82f218d742ed2</hash></process> <process><path>C:\ProgramData\WPM\wprotectmanager.exe</path><vendor>PUP.Optional.WpManager</vendor><action>delete-on-reboot</action><pid>1292</pid><hash>44fb9595c6b5989eb553dd7eb74ab749</hash></process> <process><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe</path><vendor>PUP.Optional.ReMarkit.A</vendor><action>delete-on-reboot</action><pid>1708</pid><hash>47f847e396e5191d266fb0bd62a0ad53</hash></process> <process><path>C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>delete-on-reboot</action><pid>2072</pid><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></process> <process><path>C:\Program Files (x86)\HQVid8\HQVid8-bg.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>delete-on-reboot</action><pid>17768</pid><hash>073893973546f640810475efcc36c33d</hash></process> <module><path>C:\Program Files (x86)\SupTab\DpInterface32.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>delete-on-reboot</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></module> <module><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.dll</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>delete-on-reboot</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></module> <key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService</path><vendor>PUP.Optional.IePluginService.A</vendor><action>success</action><hash>5ae571b9daa162d4dbd82f218d742ed2</hash></key> <key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm</path><vendor>PUP.Optional.WpManager</vendor><action>success</action><hash>44fb9595c6b5989eb553dd7eb74ab749</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}</path><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><hash>2a15a3872e4db87e6e08e343e61cb24e</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}</path><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><hash>b9862802f6856ec845305ec855ad43bd</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>93ac31f9502b0e280cd59cac27db966a</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>152ab07a215a1125fde485c3e61cc43c</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>152ab07a215a1125fde485c3e61cc43c</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>152ab07a215a1125fde485c3e61cc43c</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.BHO</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>1c23c86233480135f1ddd0c0788b1ce4</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.BHO.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>4ef11d0db8c31a1c844a2f610ff47987</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.Sandbox</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>ca7564c62f4cbb7b507e1080a261db25</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.Sandbox.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>b68907233a41bf778747f29e9c677b85</hash></key> <key><path>HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>3f005ecc324968ce13a7bfad33cf956b</hash></key> <key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>51ee01292457c17506aa3c5fba49867a</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\HQVid8</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>91ae50da75069d998103b3b646bccc34</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>b78864c6542786b0cccfe3893cc6e31d</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.BHO</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>f04f35f506754ceaab23f59be91a5aa6</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.BHO.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>d36c52d8027966d01ab4b4dc08fb9a66</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.Sandbox</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>2f10bf6b2b5064d22da17f114cb7748c</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.Sandbox.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>51ee89a1f38874c2ede1840c12f1a858</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\27058</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>80bffa3098e3df57ecceda92dd252cd4</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>6ed1c664f28996a0dcd4950648bbcb35</hash></key> <key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Re-markit</path><vendor>PUP.Optional.ReMarkit.A</vendor><action>success</action><hash>47f847e396e5191d266fb0bd62a0ad53</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>17289793116a360062207fea30d27090</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus</path><vendor>PUP.Optional.MediaPlayerplus.A</vendor><action>success</action><hash>46f925054b30fe38a322541735cdc739</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9ea1f238e695be78c227dcb4dc27ad53</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>3b0444e6daa1e0562e4b3e6641c28f71</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>ee5168c2df9c7abcf48e6207f210ac54</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MySearchDial</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>94ab7cae6c0fe3535098731dbb488a76</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>0c336fbb83f8a29472778e02cb385fa1</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>60df57d3bcbf03332158dbc9cb38916f</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>fc43be6c413a142286fc0564b34f6898</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>be8156d4bac13501beeb5623e1216f91</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>89b6200acfacfd39fde749462fd49f61</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>1728e2480477cd697a417eee18ea7b85</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\High-QualityV8</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>8db2c16982f98da9c6a20662758d53ad</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>1e21a6844b3054e2e9c683188f7435cb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}\INPROCSERVER32</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <key><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511311172}</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></key> <value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}</valuename><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><valuedata>;áÃzÊ;XA³0öm»Áµ</valuedata><hash>b9862802f6856ec845305ec855ad43bd</hash></value> <value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}</valuename><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><valuedata>;áÃzÊ;XA³0öm»Áµ</valuedata><hash>b9862802f6856ec845305ec855ad43bd</hash></value> <value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}</path><valuename></valuename><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><valuedata></valuedata><hash>132c2703126986b05520f92da65c7c84</hash></value> <value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}</path><valuename></valuename><vendor>PUP.Optional.VShareRedir</vendor><action>success</action><valuedata></valuedata><hash>89b643e7116a2e08afc643e343bf1ee2</hash></value> <value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>quick_start@gmail.com</valuename><vendor>PUP.Optional.QuickStart.A</vendor><action>success</action><valuedata>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\extensions\quick_start@gmail.com</valuedata><hash>e05f002a6d0ec571fe5a73fadf230ff1</hash></value> <value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM</path><valuename>ImagePath</valuename><vendor>PUP.Optional.WpManager.A</vendor><action>success</action><valuedata>C:\ProgramData\WPM\wprotectmanager.exe -service</valuedata><hash>b98634f6e4972610305e2f7128db24dc</hash></value> <value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path><valuename>ProxyServer</valuename><vendor>PUM.Bad.Proxy</vendor><action>success</action><valuedata>http=127.0.0.1:13828</valuedata><hash>97a836f42f4c1323d6fec8e040c35aa6</hash></value> <value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0A2O1C1R1H2Z1S1G1M1F</valuedata><hash>89b6200acfacfd39fde749462fd49f61</hash></value> <value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path><valuename>ProxyServer</valuename><vendor>PUM.Bad.Proxy</vendor><action>success</action><valuedata>http=127.0.0.1:13828</valuedata><hash>4af5a387dba08caafed67d2bcf34c838</hash></value> <value><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>{5ae66703-77f8-4623-8c81-9ba769053c03}</valuename><vendor>PUP.Optional.ReMarkIT.A</vendor><action>success</action><valuedata>C:\Program Files (x86)\Re-markit Corp\158.xpi</valuedata><hash>91ae1d0de6955adc42aee485f40e6a96</hash></value> <data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path><valuename>AppInit_DLLs</valuename><vendor>PUP.Optional.SupTab.A</vendor><action>replaced</action><valuedata>C:\PROGRA~2\SupTab\SEARCH~1.DLL</valuedata><baddata>C:\PROGRA~2\SupTab\SEARCH~1.DLL</baddata><gooddata></gooddata><hash>72cda585fa812e08e67a2551b74b0cf4</hash></data> <data><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path><valuename>AppInit_DLLs</valuename><vendor>PUP.Optional.SupTab.A</vendor><action>replaced</action><valuedata>C:\PROGRA~2\SupTab\SEARCH~2.DLL</valuedata><baddata>C:\PROGRA~2\SupTab\SEARCH~2.DLL</baddata><gooddata></gooddata><hash>72cda585fa812e08e67a2551b74b0cf4</hash></data> <data><path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>firefox.exe</gooddata><hash>1f2086a435462412e7e22aee976d59a7</hash></data> <data><path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>iexplore.exe</gooddata><hash>310e61c97ffc21159931948433d136ca</hash></data> <data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/web/?type=ds&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&q={searchTerms}</valuedata><baddata>hxxp://istart.webssearches.com/web/?type=ds&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>65daee3cfd7e7db9b21b50c8966e3bc5</hash></data> <data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Page_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>hxxp://istart.webssearches.com/?type=hp&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>www.google.com</gooddata><hash>043bcb5f6e0d66d08547fb1d15eff808</hash></data> <data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><valuedata>hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=</valuedata><baddata>hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>e25dc06af4874de94bd8de4450b43ec2</hash></data> <data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>58e770bab8c39f976555938f73919c64</hash></data> <data><path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>firefox.exe</gooddata><hash>9aa548e286f51a1c3594a67254b0c43c</hash></data> <data><path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>iexplore.exe</gooddata><hash>bc83c06a4a31f73f3694c35512f260a0</hash></data> <data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/web/?type=ds&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&q={searchTerms}</valuedata><baddata>hxxp://istart.webssearches.com/web/?type=ds&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639&q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>c877e842106b9e98933a75a3ce368977</hash></data> <data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Page_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</valuedata><baddata>hxxp://istart.webssearches.com/?type=hp&ts=1396190897&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639</baddata><gooddata>www.google.com</gooddata><hash>1e212406a8d3d95da428bf59db2908f8</hash></data> <data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><valuedata>hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=</valuedata><baddata>hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>b48ba783d1aabe7869bafa28b64e7090</hash></data> <data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>320d260497e44beb8d2d70b2f311cc34</hash></data> <data><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>Hijack.StartPage</vendor><action>replaced</action><valuedata>hxxp://startsear.ch/?aff=1</valuedata><baddata>hxxp://startsear.ch/?aff=1</baddata><gooddata>hxxp://www.google.com</gooddata><hash>19260921a1da93a3b61a71aa36ce629e</hash></data> <data><path>HKU\S-1-5-21-3090529953-2460283286-818632398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><valuedata>hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=</valuedata><baddata>hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>102f76b42b5077bf47db82a0cf35ae52</hash></data> <folder><path>C:\Program Files (x86)\SupTab</path><vendor>PUP.Optional.SupTab.A</vendor><action>delete-on-reboot</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\img</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\img\weather</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\en-US</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\es-419</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\es-ES</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-BE</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CA</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CH</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-FR</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-LU</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\it-CH</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\it-IT</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\pl</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\pt</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\pt-BR</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\ru</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\ru-MO</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\tr-TR</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\vi-VI</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\zh-CN</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Program Files (x86)\SupTab\web\_locales\zh-TW</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></folder> <folder><path>C:\Users\ICH\AppData\Local\Lollipop</path><vendor>Adware.LolliPop.IT</vendor><action>success</action><hash>59e60c1e8dee64d2342520583cc71ae6</hash></folder> <folder><path>C:\Users\ICH\AppData\Roaming\mysearchdial</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></folder> <folder><path>C:\Users\ICH\AppData\Roaming\mysearchdial\icons_2.18.2.0</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></folder> <folder><path>C:\Users\ICH\AppData\Roaming\mysearchdial\UpdateProc</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></folder> <folder><path>C:\ProgramData\IePluginService</path><vendor>PUP.Optional.IePluginService.A</vendor><action>delete-on-reboot</action><hash>e25d42e8a7d43ef82459a9b550b2fe02</hash></folder> <folder><path>C:\ProgramData\IePluginService\update</path><vendor>PUP.Optional.IePluginService.A</vendor><action>success</action><hash>e25d42e8a7d43ef82459a9b550b2fe02</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\defaults</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\defaults\preferences</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\userCode</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\locale</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\locale\en-US</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\components</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder> <folder><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\META-INF</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></folder> <folder><path>C:\Program Files (x86)\Re-markit Corp</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>delete-on-reboot</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></folder> <folder><path>C:\Users\ICH\AppData\Roaming\webssearches</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></folder> <folder><path>C:\Users\ICH\AppData\Roaming\webssearches\images</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></folder> <folder><path>C:\Program Files (x86)\HQVid8</path><vendor>PUP.Optional.HQVid.A</vendor><action>delete-on-reboot</action><hash>073893973546f640810475efcc36c33d</hash></folder> <file><path>C:\ProgramData\IePluginService\PluginService.exe</path><vendor>PUP.Optional.IePluginService.A</vendor><action>delete-on-reboot</action><hash>5ae571b9daa162d4dbd82f218d742ed2</hash></file> <file><path>C:\ProgramData\WPM\wprotectmanager.exe</path><vendor>PUP.Optional.WpManager</vendor><action>delete-on-reboot</action><hash>44fb9595c6b5989eb553dd7eb74ab749</hash></file> <file><path>C:\Program Files (x86)\SupTab\SupTab.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff53d765169e9819cf848f50b28f71</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\SupTab\SupTab.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>40ff72b8b7c4350194b6a1948878ed13</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>d26d002a6912c2747149610656ac4cb4</hash></file> <file><path>C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>1e217ab00873181e240f0269966cc13f</hash></file> <file><path>C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>94ab002a2259ff37c76cda91cc3625db</hash></file> <file><path>C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>eb5498921b609b9ba58e1259a35fe31d</hash></file> <file><path>C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>221d4fdb700b3cfac2710d5e7e84728e</hash></file> <file><path>C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>7ac5fe2c5d1e191d8fa4006bbb47d32d</hash></file> <file><path>C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>c7782cfe126956e05f3eb1bb2fd3f808</hash></file> <file><path>C:\Windows\Tasks\Re-markit Update.job</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>49f63ded2754d165dcba8be22bd760a0</hash></file> <file><path>C:\Windows\Tasks\Re-markit_wd.job</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>7bc46bbfb3c861d5d6c0dc915fa3a15f</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\searchplugins\Mysearchdial.xml</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>1a25bf6b85f6d85e6a8cb7b73bc7629e</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\searchplugins\Mysearchdial.xml</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>b58a002ad5a67bbb728491ddcd3557a9</hash></file> <file><path>C:\Program Files (x86)\SupTab\install.data</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\DpInterface32.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>delete-on-reboot</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\DpInterface64.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\DpInterfacef32.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\ient.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\RSHP.exe</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\SearchProtect32.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\SearchProtect64.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\SpAPPSv32.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\SpAPPSv64.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\uninstall.exe</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\data.html</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\indexIE.html</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\indexIE8.html</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\main.css</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\style.css</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\ver.txt</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\arrow.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\default_add_logo.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\default_logo.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\googlelogo.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\googlelogo2.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\google_trends.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\icon128.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\icon16.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\icon48.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\loading.gif</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\logo32.ico</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\27.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\0.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\1.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\10.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\11.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\12.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\13.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\14.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\15.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\16.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\17.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\18.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\19.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\2.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\20.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\21.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\22.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\23.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\24.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\25.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\26.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\28.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\29.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\3.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\30.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\31.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\32.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\33.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\34.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\35.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\36.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\37.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\38.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\39.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\4.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\40.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\41.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\42.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\43.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\44.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\45.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\46.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\47.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\5.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\6.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\7.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\8.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\img\weather\9.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\js\background.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\js\common.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\js\ga.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\js\ie8.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\js\jquery-base.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\js\js.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\js\library.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\js\xagainit.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>72cda585fa812e08e67a2551b74b0cf4</hash></file> <file><path>C:\Users\ICH\AppData\Local\Lollipop\lollipop.bat</path><vendor>Adware.LolliPop.IT</vendor><action>success</action><hash>59e60c1e8dee64d2342520583cc71ae6</hash></file> <file><path>C:\Users\ICH\AppData\Local\Lollipop\Lollipop.exe</path><vendor>Adware.LolliPop.IT</vendor><action>success</action><hash>59e60c1e8dee64d2342520583cc71ae6</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe</path><vendor>PUP.Optional.ReMarkit.A</vendor><action>delete-on-reboot</action><hash>47f847e396e5191d266fb0bd62a0ad53</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\mysearchdial\UpdateProc\config.dat</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\mysearchdial\UpdateProc\info.dat</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\mysearchdial\UpdateProc\STTL.DAT</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9da2101a96e5cb6b148cb9a230d22bd5</hash></file> <file><path>C:\ProgramData\IePluginService\update\conf</path><vendor>PUP.Optional.IePluginService.A</vendor><action>success</action><hash>e25d42e8a7d43ef82459a9b550b2fe02</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome.manifest</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\install.rdf</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\background.html</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\baseObject.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\browser.xul</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\dialog.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\ffCoreFilesIndex.txt</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\main.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\options.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\options.xul</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\platformVersion.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\search_dialog.xul</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\asyncDB.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\background.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\browserAction.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\contextMenu.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\dbManager.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\dom_bg.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\fileManager.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\firefox.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\firefoxNotifications.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\firefoxOmnibox.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\message.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\pageAction.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\request.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\tabs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\webRequest.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\api\windowsMessagingHandler.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\addressBarChangeObserver.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\console.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\consts.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\delegate.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\extensionDataStore.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\folderIOWrapper.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\httpObserver.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\IDBWrapper.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\installer.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\logFile.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\progressListenerObserver.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\registry.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\reloadObserver.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\reports.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\requestObject.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\searchSettings.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\uninstallObserver.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\updateManager.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\utils.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\chrome\content\core\xhr.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\defaults\preferences\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\manifest.xml</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins.json</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\1.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\102.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\103.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\104.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\119.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\13.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\14.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\16.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\17.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\177.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\178.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\179.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\180.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\182.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\183.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\184.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\191.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\207.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\21.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\22.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\223.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\231.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\232.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\242.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\246.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\28.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\4.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\47.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\64.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\72.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\78.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\91.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\93.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\98.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\userCode\background.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\userCode\extension.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\locale\en-US\translations.dtd</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\button1.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> |
16.04.2014, 14:16 | #10 |
| Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbungCode:
ATTFilter <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\button2.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\button3.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\button4.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\button5.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\crossrider_statusbar.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\icon128.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\icon16.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\icon24.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\icon48.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\panelarrow-up.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\popup.html</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\skin.css</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\skin\update.css</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc632802b4c7e84e00859bc68979a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\chrome.manifest</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\install.rdf</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\components\FFDisp.dll</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\dpk.htm</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\hlprs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\loader.xul</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\mtstart.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\mysearchdial.css</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\mysearchdial.xul</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\serp.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\tmplt.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\arwDwn.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\closeo.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\help_16.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\home.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\icon_seperator.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\logo.PNG</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\privecy_16_hot.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\sign.jpg</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\specialoffer.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\tellafriend.gif</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ae.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\bg.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ch.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\cn.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\cz.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\de.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\eg.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\en.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\es.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\fr.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\gr.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\he.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\il.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\it.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ja.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\jp.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\nl.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\no.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\pl.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\pt.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ro.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ru.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\sa.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\se.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\sv.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\tr.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ua.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\us.png</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\META-INF\manifest.mf</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\META-INF\zigbert.rsa</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\extensions\ffxtlbr@mysearchdial.com\META-INF\zigbert.sf</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>9fa0aa80f18a3bfbbcfe322f699922de</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\158.crx</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\158.dat</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\158.xpi</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\a.db</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\b.db</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.bin</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.dll</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>delete-on-reboot</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\Re-markit158.ini</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>delete-on-reboot</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\ReMar.exe</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\Sqlite3.dll</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Program Files (x86)\Re-markit Corp\Uninstall.exe</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action>success</action><hash>be81de4cd9a2db5be73c88daf80a9a66</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\webssearches\92.json</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\webssearches\uninstallDlg.xml</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\webssearches\UninstallManager.exe</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\bg1.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\button1.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\checked.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\close.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\min.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\Thumbs.db</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\webssearches\images\unchecked.png</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>4bf468c26c0f64d23c79c59d34ce728e</hash></file> <file><path>C:\Program Files (x86)\HQVid8\53172.crx</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\53172.xpi</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\background.html</path><vendor>PUP.Optional.HQVid.A</vendor><action>delete-on-reboot</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\HQVid8-bg.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>delete-on-reboot</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\HQVid8-bho.dll</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\HQVid8-bho64.dll</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\HQVid8-codedownloader.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\HQVid8.ico</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\Uninstall.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Program Files (x86)\HQVid8\utils.exe</path><vendor>PUP.Optional.HQVid.A</vendor><action>success</action><hash>073893973546f640810475efcc36c33d</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>replaced</action><baddata>user_pref("extensions.crossrider.bic", "14513781b1beed9302e71ba40939acf5");</baddata><gooddata></gooddata><hash>221dd753bbc0a591ee879cb11be9be42</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.AL", 2);</baddata><gooddata></gooddata><hash>09364fdb2b508da9f983113c15efd52b</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.aflt", "cmi_14_13_ff");</baddata><gooddata></gooddata><hash>2e1169c183f8e94d027a65e842c28878</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");</baddata><gooddata></gooddata><hash>320df2383c3f0d299ddf004d15ef13ed</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q");</baddata><gooddata></gooddata><hash>1a259694d2a9bd79205c56f7ac5803fd</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.cntry", "DE");</baddata><gooddata></gooddata><hash>88b7dd4d9cdff6408cf04efffa0a4bb5</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.cr", "960138954");</baddata><gooddata></gooddata><hash>9aa51515403b999d126a3c1159ab5ca4</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dfltLng", "");</baddata><gooddata></gooddata><hash>0d3279b1374453e34a32f5580df7629e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dfltSrch", true);</baddata><gooddata></gooddata><hash>2718ea40572474c282fadb7251b33cc4</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dnsErr", true);</baddata><gooddata></gooddata><hash>49f635f59ae15bdb9ae2b19c9a6a03fd</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");</baddata><gooddata></gooddata><hash>ee5114160972db5b17658fbea064748c</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.excTlbr", false);</baddata><gooddata></gooddata><hash>86b9e743e39852e4d7a5fa539a6aa35d</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hdrMd5", "1DC32EA1E2A85726847780FB73701EDB");</baddata><gooddata></gooddata><hash>bc8372b8fd7ee155d1ab6be23fc59c64</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hmpg", true);</baddata><gooddata></gooddata><hash>211e77b37b0074c2106c59f4c4406a96</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=");</baddata><gooddata></gooddata><hash>97a8cc5e8bf033031765103dc63e8779</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hpFFXOld", "hxxp://istart.webssearches.com/?type=hp&ts=1396191910&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639");</baddata><gooddata></gooddata><hash>bf808f9b88f3cc6aef8dd37a5ba98d73</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.id", "70F395542C236460");</baddata><gooddata></gooddata><hash>59e62307b6c5ee48304c4b02818354ac</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.instlDay", "16159");</baddata><gooddata></gooddata><hash>c679052599e2c2740b711c31f90b50b0</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.instlRef", "140305_b");</baddata><gooddata></gooddata><hash>17289c8edf9c4beb7309df6e669e916f</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.lastB", "hxxp://istart.webssearches.com/?type=hp&ts=1396191910&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639");</baddata><gooddata></gooddata><hash>5ee148e2057689addba1aca1758f936d</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.017:5:3");</baddata><gooddata></gooddata><hash>bd82cf5b1e5dce68adcf4a03d43043bd</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=");</baddata><gooddata></gooddata><hash>8fb0b872d0abc373cfadf05d2bd935cb</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"94\",\"lastVrsn\":\"94\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");</baddata><gooddata></gooddata><hash>7ac55eccb7c49a9c1666e06d8b799967</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.prdct", "mysearchdial");</baddata><gooddata></gooddata><hash>a29da9811a61b1856c10fb522ed6f709</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");</baddata><gooddata></gooddata><hash>bd82ed3dc0bb3402f98393ba51b3f50b</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.sg", "none");</baddata><gooddata></gooddata><hash>5de2e644413a1e18106cb994fd07e917</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");</baddata><gooddata></gooddata><hash>37085dcd7506181e7efeb994a460e020</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.tlbrId", "base");</baddata><gooddata></gooddata><hash>6dd267c3bac1d5613d3f73dad2328b75</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=&q=");</baddata><gooddata></gooddata><hash>1b249a9004770f275824d37adf25cd33</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");</baddata><gooddata></gooddata><hash>0639d555ff7cbd7947357ecf5ea69c64</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");</baddata><gooddata></gooddata><hash>46f9ed3d3f3c6fc78af2a8a5ba4a0ef2</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.newTab", false);</baddata><gooddata></gooddata><hash>3c03ad7d5c1fb97d700cf85530d44ab6</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.smplGrp", "none");</baddata><gooddata></gooddata><hash>e15e89a1a4d7f73fabd11b327b89d030</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.017:5:3");</baddata><gooddata></gooddata><hash>f34c79b19ae121150874004d52b2e51b</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref("extensions.irmysearch.aflt", "cmi_14_13_ff");</baddata><gooddata></gooddata><hash>49f64fdb79020b2b730115380004748c</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref("extensions.irmysearch.instlRef", "140305_b");</baddata><gooddata></gooddata><hash>ac9370ba62197db988ec6ce1f1138977</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref("extensions.irmysearch.cr", "960138954");</baddata><gooddata></gooddata><hash>d56a50daa8d384b2294bba931ee6966a</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q");</baddata><gooddata></gooddata><hash>c77886a4d5a60f275c180449e02402fe</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hmpg", true);</baddata><gooddata></gooddata><hash>6fd01a10a2d91e18aecf35188e7610f0</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=");</baddata><gooddata></gooddata><hash>f9467ab0e09bab8b403d1835a55f23dd</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dfltSrch", true);</baddata><gooddata></gooddata><hash>f44b64c6d3a8a98d5a23f55808fcc43c</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");</baddata><gooddata></gooddata><hash>4cf3b3773c3f9e988cf1ada0b64e6b95</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dnsErr", true);</baddata><gooddata></gooddata><hash>52ed84a6a3d88fa7126b4508cf356898</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.newTab", false);</baddata><gooddata></gooddata><hash>9da2a08a6813cd69d4a945088d77bc44</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=");</baddata><gooddata></gooddata><hash>86b91911106b3006dca1d8750ff55fa1</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=&q=");</baddata><gooddata></gooddata><hash>82bd4ddda9d257df1964b59815efe11f</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.id", "70F395542C236460");</baddata><gooddata></gooddata><hash>6ad5b674cab1ce68f58894b95ca8ce32</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.instlDay", "16159");</baddata><gooddata></gooddata><hash>0a35cc5e99e2ad89e994b796768ebd43</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");</baddata><gooddata></gooddata><hash>a69942e8d9a2df576c11eb6237cda957</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");</baddata><gooddata></gooddata><hash>ba852901a8d3df5797e6c48940c442be</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.017:5:3");</baddata><gooddata></gooddata><hash>2916f2383a41072f6914a3aa30d43fc1</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");</baddata><gooddata></gooddata><hash>340b14163546f93d84f956f7cb3915eb</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.prdct", "mysearchdial");</baddata><gooddata></gooddata><hash>2d12b674aad1e84e552814396c980af6</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.aflt", "cmi_14_13_ff");</baddata><gooddata></gooddata><hash>bd8266c4057677bf5d2059f4b054c23e</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.smplGrp", "none");</baddata><gooddata></gooddata><hash>211e2a007ffcda5c86f7cc81bd47b050</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.tlbrId", "base");</baddata><gooddata></gooddata><hash>e05f6dbd3a4179bd9fde420ba85c2ad6</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.instlRef", "140305_b");</baddata><gooddata></gooddata><hash>7fc0909af48778be473661ec4cb816ea</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dfltLng", "");</baddata><gooddata></gooddata><hash>74cb32f8ed8e33031667e766a75d817f</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");</baddata><gooddata></gooddata><hash>78c7bf6bf18aee48502d3716aa5afe02</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.excTlbr", false);</baddata><gooddata></gooddata><hash>c47bfb2fe8932511a6d7381543c1817f</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.cr", "960138954");</baddata><gooddata></gooddata><hash>55ea7eac017a41f5770634191ce8be42</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q");</baddata><gooddata></gooddata><hash>8ab58aa0e19ae74fe994460745bfa55b</hash></file> <file><path>C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.AL", 2);</baddata><gooddata></gooddata><hash>71ceb07a67140630403d3518d62ed729</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>replaced</action><baddata>user_pref("extensions.crossrider.bic", "1451809b8d78d55f14606bfc06d18eaa");</baddata><gooddata></gooddata><hash>023d4edcfa8113230570ed60d33125db</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.AL", 2);</baddata><gooddata></gooddata><hash>1d2237f3e4972a0c97e57fce996b1ee2</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.aflt", "cmi_14_13_ff");</baddata><gooddata></gooddata><hash>06399199ef8c132387f52726cd37ed13</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");</baddata><gooddata></gooddata><hash>f54a4ddd681373c3c5b73815d331867a</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q");</baddata><gooddata></gooddata><hash>de616ac0fe7dba7c2a521538ba4a7c84</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.cntry", "DE");</baddata><gooddata></gooddata><hash>70cfb872413abc7a9edebe8fa064d828</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.cr", "960138954");</baddata><gooddata></gooddata><hash>5ae5a783c3b8ff3787f59db0bd478e72</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dfltLng", "");</baddata><gooddata></gooddata><hash>f9467dad15660e2884f80d4023e1a957</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dfltSrch", true);</baddata><gooddata></gooddata><hash>57e8ab7fc0bb7eb8f686c78661a326da</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dnsErr", true);</baddata><gooddata></gooddata><hash>ee5163c7bfbce6502953fa53eb198b75</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");</baddata><gooddata></gooddata><hash>92ad11196f0c1125f7852825b450c43c</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.excTlbr", false);</baddata><gooddata></gooddata><hash>9ba486a45724d363c4b8c8854eb646ba</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hdrMd5", "F598D13A9F556AA7FFCF5F546A7F6D42");</baddata><gooddata></gooddata><hash>54eb53d7c3b8af87fb818dc0d03416ea</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hmpg", true);</baddata><gooddata></gooddata><hash>d966d951eb9086b0a9d3b6978c78936d</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=");</baddata><gooddata></gooddata><hash>9ea14fdbd1aaa195c8b45df0fd074cb4</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.id", "70F395542C236460");</baddata><gooddata></gooddata><hash>54eb1e0c6e0d3cfa55273815877d16ea</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.instlDay", "16159");</baddata><gooddata></gooddata><hash>cb744bdf5e1d8babeb912f1e966e8c74</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.instlRef", "140305_b");</baddata><gooddata></gooddata><hash>102f55d52b50a492aad2c38aaa5a8e72</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=");</baddata><gooddata></gooddata><hash>be81c56595e6c571592358f553b1758b</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.lastVrsnTs", "");</baddata><gooddata></gooddata><hash>340bb67490eb6acca0dc9eaf8e76d729</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=");</baddata><gooddata></gooddata><hash>5ae50921f08b61d50f6def5ea064ff01</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"95\",\"lastVrsn\":\"95\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");</baddata><gooddata></gooddata><hash>c679cd5d3744a6900874311c966ea060</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.prdct", "mysearchdial");</baddata><gooddata></gooddata><hash>9aa54ae05f1c092d2a52bf8e2ed637c9</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");</baddata><gooddata></gooddata><hash>5be40426aecdbf77e696ea637292b848</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.sg", "{smplGrp}");</baddata><gooddata></gooddata><hash>1b24f4368cef52e481fbc28b927208f8</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");</baddata><gooddata></gooddata><hash>f14e1218b9c2a393621a3d1024e0847c</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.tlbrId", "base");</baddata><gooddata></gooddata><hash>083736f45328ee48e795d17c40c440c0</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=&q=");</baddata><gooddata></gooddata><hash>9fa0cf5bd0abc6708cf03f0e7f85af51</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");</baddata><gooddata></gooddata><hash>053a1a1091ea79bd2458ae9f60a42bd5</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");</baddata><gooddata></gooddata><hash>cc73f238c9b2d066acd0c4892cd8b44c</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.newTab", false);</baddata><gooddata></gooddata><hash>83bc39f1f6854ee8ec90252872927e82</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.smplGrp", "none");</baddata><gooddata></gooddata><hash>d966c763c1ba84b2fc80212c5ea6db25</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.017:5:3");</baddata><gooddata></gooddata><hash>45fa53d73447fa3ccdaff954e91b0cf4</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=");</baddata><gooddata></gooddata><hash>be8181a96912d6607f3359f40df7659b</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref("extensions.irmysearch.aflt", "cmi_14_13_ff");</baddata><gooddata></gooddata><hash>eb540f1bef8c93a3e2923e0f9d6705fb</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref("extensions.irmysearch.instlRef", "140305_b");</baddata><gooddata></gooddata><hash>40ff1c0ee39875c1c1b3ba934aba8d73</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref("extensions.irmysearch.cr", "960138954");</baddata><gooddata></gooddata><hash>fd42b278dc9f60d6a0d42a23ee16eb15</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearch.A</vendor><action>replaced</action><baddata>user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q");</baddata><gooddata></gooddata><hash>79c6c6643c3f2313d89ccc81e222817f</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hmpg", true);</baddata><gooddata></gooddata><hash>eb549d8dd6a5b48296e7ae9fee16b24e</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=");</baddata><gooddata></gooddata><hash>ed52ee3c4b307fb7eb9283ca06fedf21</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dfltSrch", true);</baddata><gooddata></gooddata><hash>1d2233f7afcca78f83fa74d9f80cff01</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");</baddata><gooddata></gooddata><hash>95aad4560e6d979f7508400d41c3e917</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dnsErr", true);</baddata><gooddata></gooddata><hash>f7482efcec8f2016a7d6aaa38084a060</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.newTab", false);</baddata><gooddata></gooddata><hash>8db284a6d0ab1125c2bb2f1eb94bc23e</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=");</baddata><gooddata></gooddata><hash>bf80999186f5f640a2db4ffe2bd90cf4</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q&cr=960138954&ir=&q=");</baddata><gooddata></gooddata><hash>1c230426bcbfbf776d1085c8e91b9e62</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.id", "70F395542C236460");</baddata><gooddata></gooddata><hash>a39c0129ccaf3afceb928cc1d52f59a7</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.instlDay", "16159");</baddata><gooddata></gooddata><hash>54ebc26892e9db5b04797ecf12f20bf5</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");</baddata><gooddata></gooddata><hash>5de253d7ccaf122409741a33b94bff01</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");</baddata><gooddata></gooddata><hash>6ad5df4b1d5ea88e2756fd5019eb4db3</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.017:5:3");</baddata><gooddata></gooddata><hash>f34cf3377a0151e569145df071933ec2</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");</baddata><gooddata></gooddata><hash>bf80b575bfbcaa8c8eef4c0106fe9a66</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.prdct", "mysearchdial");</baddata><gooddata></gooddata><hash>52edf2386219e94dbcc15bf20004f907</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.aflt", "cmi_14_13_ff");</baddata><gooddata></gooddata><hash>2718e04aed8eae886c11e36a94701fe1</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial_i.smplGrp", "none");</baddata><gooddata></gooddata><hash>f24df93192e9ac8ab3ca0a431be9bc44</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.tlbrId", "base");</baddata><gooddata></gooddata><hash>a798a9814e2d7eb8d5a8d776fd07c739</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.instlRef", "140305_b");</baddata><gooddata></gooddata><hash>39064ae0ea9185b15d20034ad1339d63</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.dfltLng", "");</baddata><gooddata></gooddata><hash>152a1119c1bae2544b3295b8dd27a759</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");</baddata><gooddata></gooddata><hash>7bc4e545235885b1b3cad17ca85c27d9</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.excTlbr", false);</baddata><gooddata></gooddata><hash>211e52d8c1ba7fb7cab38bc2bb49eb15</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.cr", "960138954");</baddata><gooddata></gooddata><hash>b28d0723ceadf442522b0746f70db44c</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAzytGyDzyzy0CtGyBtB0C0EtGyEtDyD0F0FyC0B0D0C0EtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyBtCzyzy0Ezy0CtGtAyEyC0AtGtAtD0EtCtGyDyE0E0FtGyDtC0FyB0EtB0DtBtA0A0DtD2Q");</baddata><gooddata></gooddata><hash>26198aa0592247efea93d875fa0a867a</hash></file> <file><path>C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>replaced</action><baddata>user_pref("extensions.mysearchdial.AL", 2);</baddata><gooddata></gooddata><hash>3d02c8621566211576076de01fe58a76</hash></file> </items> </mbam-log> |
16.04.2014, 14:33 | #11 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbungZitat:
Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
16.04.2014, 15:15 | #12 |
| Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung Ich finde es ziehmlich verwirrend in einer Anleitung für "neue" etwas vorzuschreiben, wenn es nicht alle Mitglieder öffnen können/dürfen/wollen. Und entschuldige bitte, ich hatte es im ersten Lesestoff überlesen! AdwCleaner: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 15:42:39 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzername : ICH - SVENI-PC # Gestartet von : C:\Users\ICH\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\WPM Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer Ordner Gelöscht : C:\Program Files (x86)\uniblue Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin Ordner Gelöscht : C:\Users\ICH\AppData\Local\SearchProtect Ordner Gelöscht : C:\Users\ICH\AppData\Local\Tuguu_SL Ordner Gelöscht : C:\Users\ICH\AppData\Roaming\SupTab Ordner Gelöscht : C:\Users\ICH\AppData\Roaming\uniblue Datei Gelöscht : C:\END Datei Gelöscht : C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\searchplugins\Startsear.xml Datei Gelöscht : C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\user.js Datei Gelöscht : C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\user.js Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial Datei Gelöscht : C:\Windows\Tasks\SpeedUpMyPC Maintenance.job Datei Gelöscht : C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance Datei Gelöscht : C:\Windows\Tasks\SpeedUpMyPC Startup.job Datei Gelöscht : C:\Windows\System32\Tasks\SpeedUpMyPC Startup ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\Users\ICH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Verknüpfung Desinfiziert : C:\Users\ICH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions Schlüssel Gelöscht : HKCU\Software\lollipop Schlüssel Gelöscht : HKLM\Software\IePlugin Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions Schlüssel Gelöscht : HKLM\Software\supTab Schlüssel Gelöscht : HKLM\Software\supWPM Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v23.0.1 (de) [ Datei : C:\Users\sveni\AppData\Roaming\Mozilla\Firefox\Profiles\ubgyvdud.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search"); Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial"); Zeile gelöscht : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.previous_page.value", "%22hxxp%3A//start.mysearchdial.com/%3Ff%3D1%26a%3Dcmi_14_13_ff%26cd%[...] Zeile gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr%40mysearchdial.com:1.6.0,ee5ad154-f909-4cc0-aa51-d7e94e3fb0af%4036204afd-f43e-4917-9c71-8384e2e4d3ad.com:0.94.33,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%[...] Zeile gelöscht : user_pref("keyword.URL", "hxxp://startsear.ch/?aff=1&src=sp&cf=6496af50-ff38-11e0-ba7b-70f395542c23&q="); [ Datei : C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial"); Zeile gelöscht : user_pref("extensions.crossrider.bic", "14513781b1beed9302e71ba40939acf5"); Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2); Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "cmi_14_13_ff"); Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0AtD0BzztG0DtAtAz[...] Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE"); Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "960138954"); Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", ""); Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true); Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true); Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...] Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false); Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "1DC32EA1E2A85726847780FB73701EDB"); Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true); Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEt[...] Zeile gelöscht : user_pref("extensions.mysearchdial.hpFFXOld", "hxxp://istart.webssearches.com/?type=hp&ts=1396191910&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639"); Zeile gelöscht : user_pref("extensions.mysearchdial.id", "70F395542C236460"); Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16159"); Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "140305_b"); Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://istart.webssearches.com/?type=hp&ts=1396191910&from=tugs&uid=WDCXWD1600BEVS-00VAT0_WD-WXH70837063970639"); Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.017:5:3"); Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCy[...] Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"94\",\"lastVrsn\":\"94\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}"); Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial"); Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none"); Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=cmi_14_13_ff&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDyEtB0CtBtAyCyEyCtDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1Czut[...] Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0"); Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0"); Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false); Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.017:5:3"); ************************* AdwCleaner[R0].txt - [10029 octets] - [16/04/2014 15:41:26] AdwCleaner[S0].txt - [8758 octets] - [16/04/2014 15:42:39] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8818 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Ultimate x64 Ran by ICH on 16.04.2014 at 15:46:22,79 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Users\ICH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk" ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\ICH\AppData\Roaming\mozilla\firefox\profiles\iqsjhmlr.default\minidumps [6 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.04.2014 at 16:01:49,64 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by ICH (administrator) on SVENI-PC on 16-04-2014 16:09:53 Running from C:\Users\ICH\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-29] (Synaptics Incorporated) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [165912 2009-09-23] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [385560 2009-09-23] (Intel Corporation) HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [363544 2009-09-23] (Intel Corporation) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) Startup: C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A51FD27CE3CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - iexplore.exe BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default FF NewTab: chrome://quick_start/content/index.html FF Homepage: hxxp://google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF StartMenuInternet: FIREFOX.EXE - firefox.exe ==================== Services (Whitelisted) ================= R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 16:09 - 2014-04-16 16:09 - 00007551 _____ () C:\Users\ICH\Desktop\FRST.txt 2014-04-16 16:01 - 2014-04-16 16:01 - 00000868 _____ () C:\Users\ICH\Desktop\JRT.txt 2014-04-16 15:46 - 2014-04-16 15:46 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 15:45 - 2014-04-16 15:45 - 00008910 _____ () C:\Users\ICH\Desktop\AdwCleaner[S0].txt 2014-04-16 15:40 - 2014-04-16 15:42 - 00000000 ____D () C:\AdwCleaner 2014-04-16 15:40 - 2014-04-16 15:39 - 01426178 _____ () C:\Users\ICH\Desktop\adwcleaner.exe 2014-04-16 15:40 - 2014-04-16 15:39 - 01016261 _____ (Thisisu) C:\Users\ICH\Desktop\JRT.exe 2014-04-16 14:43 - 2014-04-16 14:45 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Notepad++ 2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-04-16 13:07 - 2014-04-16 16:09 - 00000000 ____D () C:\FRST 2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable 2014-04-16 13:06 - 2014-04-16 13:05 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe 2014-04-16 13:06 - 2014-04-16 13:05 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe 2014-04-16 13:06 - 2014-04-16 13:04 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe 2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog 2014-04-15 18:39 - 2014-04-15 18:40 - 00000000 ____D () C:\03463972d690932c2a4980ba 2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log 2014-04-14 23:54 - 2014-02-17 21:55 - 00000426 _____ () C:\AVScanner.ini 2014-04-14 23:49 - 2014-04-16 15:44 - 00001002 _____ () C:\Windows\setupact.log 2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-14 21:46 - 2014-04-16 15:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-14 21:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-14 21:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-14 21:38 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-14 21:26 - 2014-04-14 21:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe 2014-04-14 21:26 - 2014-04-14 21:27 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part 2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg 2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe 2014-04-10 12:14 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-10 12:14 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-10 12:14 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-10 12:14 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-10 12:14 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-10 12:14 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-10 12:14 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-10 12:14 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-10 12:14 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-10 12:14 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-10 12:14 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-10 12:14 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-10 12:14 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-10 12:14 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-10 12:14 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-10 12:14 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat 2014-03-30 17:21 - 2014-03-30 20:09 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe 2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-30 17:05 - 2014-04-14 20:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG 2014-03-30 17:05 - 2014-03-28 16:38 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe 2014-03-30 16:54 - 2014-03-31 17:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-03-30 16:54 - 2014-03-30 20:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-03-30 16:54 - 2014-03-30 17:26 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-03-30 16:54 - 2014-03-30 17:06 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-03-30 16:54 - 2014-03-30 17:06 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results 2014-03-30 16:53 - 2014-04-16 15:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-30 16:50 - 2014-03-30 16:49 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp 2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn 2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac ==================== One Month Modified Files and Folders ======= 2014-04-16 16:10 - 2014-04-16 16:09 - 00007551 _____ () C:\Users\ICH\Desktop\FRST.txt 2014-04-16 16:09 - 2014-04-16 13:07 - 00000000 ____D () C:\FRST 2014-04-16 16:01 - 2014-04-16 16:01 - 00000868 _____ () C:\Users\ICH\Desktop\JRT.txt 2014-04-16 15:52 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 15:52 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 15:51 - 2014-03-30 16:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 15:46 - 2014-04-16 15:46 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 15:45 - 2014-04-16 15:45 - 00008910 _____ () C:\Users\ICH\Desktop\AdwCleaner[S0].txt 2014-04-16 15:45 - 2014-04-14 21:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 15:45 - 2013-06-01 20:02 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn Hamachi 2014-04-16 15:44 - 2014-04-14 23:49 - 00001002 _____ () C:\Windows\setupact.log 2014-04-16 15:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 15:43 - 2011-09-07 19:27 - 01412264 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 15:42 - 2014-04-16 15:40 - 00000000 ____D () C:\AdwCleaner 2014-04-16 15:39 - 2014-04-16 15:40 - 01426178 _____ () C:\Users\ICH\Desktop\adwcleaner.exe 2014-04-16 15:39 - 2014-04-16 15:40 - 01016261 _____ (Thisisu) C:\Users\ICH\Desktop\JRT.exe 2014-04-16 14:45 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Notepad++ 2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-04-16 14:14 - 2013-02-04 15:09 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA.job 2014-04-16 14:14 - 2013-02-04 15:09 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core.job 2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable 2014-04-16 13:06 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH 2014-04-16 13:05 - 2014-04-16 13:06 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe 2014-04-16 13:05 - 2014-04-16 13:06 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe 2014-04-16 13:04 - 2014-04-16 13:06 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe 2014-04-16 12:48 - 2009-07-14 19:58 - 00699712 _____ () C:\Windows\system32\perfh007.dat 2014-04-16 12:48 - 2009-07-14 19:58 - 00149820 _____ () C:\Windows\system32\perfc007.dat 2014-04-16 12:48 - 2009-07-14 07:13 - 01620812 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-16 12:47 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH\AppData\Local\VirtualStore 2014-04-16 12:45 - 2014-03-10 20:23 - 01595092 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog 2014-04-16 12:44 - 2011-10-27 20:28 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-04-15 18:40 - 2014-04-15 18:39 - 00000000 ____D () C:\03463972d690932c2a4980ba 2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log 2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-14 23:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-14 23:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-14 21:28 - 2014-04-14 21:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe 2014-04-14 21:27 - 2014-04-14 21:26 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part 2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg 2014-04-14 20:05 - 2014-03-30 17:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG 2014-04-14 19:25 - 2013-11-23 21:31 - 00000000 ____D () C:\Windows\Minidump 2014-04-14 19:25 - 2011-09-07 20:23 - 00000000 ____D () C:\Windows\Panther 2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe 2014-04-13 17:43 - 2013-03-23 10:36 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Spotify 2014-04-13 17:43 - 2013-03-16 13:59 - 00000000 ____D () C:\Users\sveni\AppData\Local\LogMeIn Hamachi 2014-04-13 17:30 - 2013-01-10 19:51 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Skype 2014-04-11 11:49 - 2013-08-15 02:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 11:46 - 2012-02-12 12:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 12:04 - 2013-03-23 10:39 - 00000000 ____D () C:\Users\sveni\AppData\Local\Spotify 2014-04-03 09:51 - 2014-04-14 21:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-14 21:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-14 21:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 17:06 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-03-31 14:52 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-31 03:16 - 2014-04-10 12:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-10 12:14 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe 2014-03-30 20:09 - 2014-03-30 17:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-30 20:01 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-03-30 18:54 - 2013-01-19 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 17:36 - 2013-03-23 10:39 - 00002022 _____ () C:\Users\sveni\Desktop\Spotify.lnk 2014-03-30 17:36 - 2013-03-23 10:39 - 00002008 _____ () C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2014-03-30 17:26 - 2014-03-30 16:54 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe 2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-30 17:06 - 2014-03-30 16:54 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-03-30 17:06 - 2014-03-30 16:54 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results 2014-03-30 16:57 - 2013-01-30 22:23 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-30 16:53 - 2013-09-01 20:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-30 16:53 - 2011-09-17 11:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-30 16:49 - 2014-03-30 16:50 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp 2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn 2014-03-29 13:44 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-03-28 16:38 - 2014-03-30 17:05 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe 2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac 2014-03-17 16:18 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT Some content of TEMP: ==================== C:\Users\ICH\AppData\Local\Temp\Quarantine.exe C:\Users\ICH\AppData\Local\Temp\xmlUpdater.exe C:\Users\sveni\AppData\Local\Temp\AskSLib.dll C:\Users\sveni\AppData\Local\Temp\chutil.dll C:\Users\sveni\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\sveni\AppData\Local\Temp\i4jdel0.exe C:\Users\sveni\AppData\Local\Temp\install_flashplayer10_chra_aih.exe C:\Users\sveni\AppData\Local\Temp\ptk4gcrl.dll C:\Users\sveni\AppData\Local\Temp\ResetDevice.exe C:\Users\sveni\AppData\Local\Temp\SkypeSetup.exe C:\Users\sveni\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-14 22:50 ==================== End Of Log ============================ --- --- --- Vielen Dank für deine Hilfe! Eine Addition.txt gabs diesmal nicht! |
16.04.2014, 20:59 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung DHaken setzen bei addition.txt dann auf Scan klicken. Sonst wird keine neue addition erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.04.2014, 11:38 | #14 |
| Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung okay, das wusste ich nicht, FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by ICH (administrator) on SVENI-PC on 17-04-2014 10:57:24 Running from C:\Users\ICH\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-29] (Synaptics Incorporated) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [165912 2009-09-23] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [385560 2009-09-23] (Intel Corporation) HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [363544 2009-09-23] (Intel Corporation) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) Startup: C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A51FD27CE3CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - iexplore.exe BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\ICH\AppData\Roaming\Mozilla\Firefox\Profiles\iqsjhmlr.default FF NewTab: chrome://quick_start/content/index.html FF Homepage: hxxp://google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF StartMenuInternet: FIREFOX.EXE - firefox.exe ==================== Services (Whitelisted) ================= R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 16:09 - 2014-04-17 10:57 - 00007622 _____ () C:\Users\ICH\Desktop\FRST.txt 2014-04-16 16:01 - 2014-04-16 16:01 - 00000868 _____ () C:\Users\ICH\Desktop\JRT.txt 2014-04-16 15:46 - 2014-04-16 15:46 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 15:45 - 2014-04-16 15:45 - 00008910 _____ () C:\Users\ICH\Desktop\AdwCleaner[S0].txt 2014-04-16 15:40 - 2014-04-16 15:42 - 00000000 ____D () C:\AdwCleaner 2014-04-16 15:40 - 2014-04-16 15:39 - 01426178 _____ () C:\Users\ICH\Desktop\adwcleaner.exe 2014-04-16 15:40 - 2014-04-16 15:39 - 01016261 _____ (Thisisu) C:\Users\ICH\Desktop\JRT.exe 2014-04-16 14:43 - 2014-04-16 14:45 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Notepad++ 2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-04-16 13:07 - 2014-04-17 10:57 - 00000000 ____D () C:\FRST 2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable 2014-04-16 13:06 - 2014-04-16 13:05 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe 2014-04-16 13:06 - 2014-04-16 13:05 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe 2014-04-16 13:06 - 2014-04-16 13:04 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe 2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog 2014-04-15 18:39 - 2014-04-15 18:40 - 00000000 ____D () C:\03463972d690932c2a4980ba 2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log 2014-04-14 23:54 - 2014-02-17 21:55 - 00000426 _____ () C:\AVScanner.ini 2014-04-14 23:49 - 2014-04-17 10:56 - 00001058 _____ () C:\Windows\setupact.log 2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-14 21:46 - 2014-04-17 10:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-14 21:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-14 21:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-14 21:38 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-14 21:26 - 2014-04-14 21:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe 2014-04-14 21:26 - 2014-04-14 21:27 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part 2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg 2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe 2014-04-10 12:14 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-10 12:14 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-10 12:14 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-10 12:14 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-10 12:14 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-10 12:14 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-10 12:14 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-10 12:14 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-10 12:14 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-10 12:14 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-10 12:14 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-10 12:14 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-10 12:14 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-10 12:14 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-10 12:14 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-10 12:14 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-10 12:14 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat 2014-03-30 17:21 - 2014-03-30 20:09 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe 2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-30 17:05 - 2014-04-14 20:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG 2014-03-30 17:05 - 2014-03-28 16:38 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe 2014-03-30 16:54 - 2014-03-31 17:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-03-30 16:54 - 2014-03-30 20:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-03-30 16:54 - 2014-03-30 17:26 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-03-30 16:54 - 2014-03-30 17:06 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-03-30 16:54 - 2014-03-30 17:06 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-03-30 16:54 - 2014-03-30 17:06 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results 2014-03-30 16:53 - 2014-04-16 17:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-30 16:50 - 2014-03-30 16:49 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp 2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn 2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac ==================== One Month Modified Files and Folders ======= 2014-04-17 10:57 - 2014-04-16 16:09 - 00007622 _____ () C:\Users\ICH\Desktop\FRST.txt 2014-04-17 10:57 - 2014-04-16 13:07 - 00000000 ____D () C:\FRST 2014-04-17 10:56 - 2014-04-14 23:49 - 00001058 _____ () C:\Windows\setupact.log 2014-04-17 10:56 - 2014-04-14 21:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-17 10:56 - 2013-06-01 20:02 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn Hamachi 2014-04-17 10:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 18:08 - 2011-09-07 19:27 - 01413095 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 17:51 - 2014-03-30 16:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 17:14 - 2013-02-04 15:09 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA.job 2014-04-16 16:01 - 2014-04-16 16:01 - 00000868 _____ () C:\Users\ICH\Desktop\JRT.txt 2014-04-16 15:52 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 15:52 - 2009-07-14 06:45 - 00016176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 15:46 - 2014-04-16 15:46 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 15:45 - 2014-04-16 15:45 - 00008910 _____ () C:\Users\ICH\Desktop\AdwCleaner[S0].txt 2014-04-16 15:42 - 2014-04-16 15:40 - 00000000 ____D () C:\AdwCleaner 2014-04-16 15:39 - 2014-04-16 15:40 - 01426178 _____ () C:\Users\ICH\Desktop\adwcleaner.exe 2014-04-16 15:39 - 2014-04-16 15:40 - 01016261 _____ (Thisisu) C:\Users\ICH\Desktop\JRT.exe 2014-04-16 14:45 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Notepad++ 2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-04-16 14:43 - 2014-04-16 14:43 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-04-16 14:14 - 2013-02-04 15:09 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core.job 2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 _____ () C:\Users\ICH\defogger_reenable 2014-04-16 13:06 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH 2014-04-16 13:05 - 2014-04-16 13:06 - 02054144 _____ (Farbar) C:\Users\ICH\Desktop\FRST64.exe 2014-04-16 13:05 - 2014-04-16 13:06 - 00380416 _____ () C:\Users\ICH\Desktop\Gmer-19357.exe 2014-04-16 13:04 - 2014-04-16 13:06 - 00050477 _____ () C:\Users\ICH\Desktop\Defogger.exe 2014-04-16 12:48 - 2009-07-14 19:58 - 00699712 _____ () C:\Windows\system32\perfh007.dat 2014-04-16 12:48 - 2009-07-14 19:58 - 00149820 _____ () C:\Windows\system32\perfc007.dat 2014-04-16 12:48 - 2009-07-14 07:13 - 01620812 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-16 12:47 - 2012-12-24 13:37 - 00000000 ____D () C:\Users\ICH\AppData\Local\VirtualStore 2014-04-16 12:45 - 2014-03-10 20:23 - 01595092 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-16 12:44 - 2014-04-16 12:44 - 00000000 ____D () C:\Users\ICH\AppData\Roaming\hpqLog 2014-04-16 12:44 - 2011-10-27 20:28 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-04-15 18:40 - 2014-04-15 18:39 - 00000000 ____D () C:\03463972d690932c2a4980ba 2014-04-15 18:32 - 2014-04-15 18:32 - 00000566 _____ () C:\Windows\PFRO.log 2014-04-14 23:49 - 2014-04-14 23:49 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-14 23:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-14 23:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-14 21:38 - 2014-04-14 21:38 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-14 21:28 - 2014-04-14 21:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004(1).exe 2014-04-14 21:27 - 2014-04-14 21:26 - 05888117 _____ (Malwarebytes Corporation ) C:\Users\ICH\Downloads\mbam-setup-2.0.1.1004.exe.part 2014-04-14 20:49 - 2014-04-14 20:49 - 00011280 _____ () C:\Users\ICH\Documents\cc_20140414_204909 04.2014 sicherung.reg 2014-04-14 20:05 - 2014-03-30 17:05 - 00000088 _____ () C:\Users\ICH\AppData\Roaming\WB.CFG 2014-04-14 19:25 - 2013-11-23 21:31 - 00000000 ____D () C:\Windows\Minidump 2014-04-14 19:25 - 2011-09-07 20:23 - 00000000 ____D () C:\Windows\Panther 2014-04-14 19:23 - 2014-04-14 19:23 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-14 19:23 - 2014-04-14 19:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-14 19:23 - 2014-04-14 19:23 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-14 19:18 - 2014-04-14 19:18 - 03710504 _____ (Piriform Ltd) C:\Users\ICH\Downloads\ccsetup412_slim.exe 2014-04-13 17:43 - 2013-03-23 10:36 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Spotify 2014-04-13 17:43 - 2013-03-16 13:59 - 00000000 ____D () C:\Users\sveni\AppData\Local\LogMeIn Hamachi 2014-04-13 17:30 - 2013-01-10 19:51 - 00000000 ____D () C:\Users\sveni\AppData\Roaming\Skype 2014-04-11 11:49 - 2013-08-15 02:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 11:46 - 2012-02-12 12:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 12:04 - 2013-03-23 10:39 - 00000000 ____D () C:\Users\sveni\AppData\Local\Spotify 2014-04-03 09:51 - 2014-04-14 21:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-14 21:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-14 21:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 17:06 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-03-31 14:52 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-31 03:16 - 2014-04-10 12:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-10 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-10 12:14 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-30 20:20 - 2014-03-30 20:20 - 02209056 _____ () C:\Users\ICH\Downloads\avira-eu-cleaner_de.exe 2014-03-30 20:09 - 2014-03-30 17:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-30 20:01 - 2014-03-30 16:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-03-30 18:54 - 2013-01-19 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 17:36 - 2013-03-23 10:39 - 00002022 _____ () C:\Users\sveni\Desktop\Spotify.lnk 2014-03-30 17:36 - 2013-03-23 10:39 - 00002008 _____ () C:\Users\sveni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2014-03-30 17:26 - 2014-03-30 16:54 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-30 17:22 - 2014-03-30 17:22 - 00000000 _____ () C:\autoexec.bat 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer.exe 2014-03-30 17:18 - 2014-03-30 17:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe 2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\ICH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-30 17:06 - 2014-03-30 16:54 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-03-30 17:06 - 2014-03-30 16:54 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-03-30 17:06 - 2014-03-30 16:54 - 00000312 _____ () C:\Users\ICH\AppData\Roaming\aps.uninstall.scan.results 2014-03-30 16:57 - 2013-01-30 22:23 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-03-30 16:53 - 2014-03-30 16:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-30 16:53 - 2013-09-01 20:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-30 16:53 - 2011-09-17 11:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-30 16:49 - 2014-03-30 16:50 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\nsc9E15.tmp 2014-03-30 16:46 - 2014-03-30 16:46 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-03-30 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-03-29 13:44 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\ICH\AppData\Local\LogMeIn 2014-03-29 13:44 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-03-28 16:38 - 2014-03-30 17:05 - 01172776 _____ (AnyProtect.com) C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe 2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\5b852adafe4e7cb5bb6d92ac Some content of TEMP: ==================== C:\Users\ICH\AppData\Local\Temp\Quarantine.exe C:\Users\ICH\AppData\Local\Temp\xmlUpdater.exe C:\Users\sveni\AppData\Local\Temp\AskSLib.dll C:\Users\sveni\AppData\Local\Temp\chutil.dll C:\Users\sveni\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\sveni\AppData\Local\Temp\i4jdel0.exe C:\Users\sveni\AppData\Local\Temp\install_flashplayer10_chra_aih.exe C:\Users\sveni\AppData\Local\Temp\ptk4gcrl.dll C:\Users\sveni\AppData\Local\Temp\ResetDevice.exe C:\Users\sveni\AppData\Local\Temp\SkypeSetup.exe C:\Users\sveni\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-14 22:50 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014 Ran by ICH at 2014-04-17 10:58:23 Running from C:\Users\ICH\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{B0BF4E84-0EE3-4E47-B90E-27B40348E022}) (Version: 25.0.571.0 - Hewlett-Packard Co.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.2 - Synaptics Incorporated) ==================== Restore Points ========================= 07-04-2014 17:39:13 Windows Update 10-04-2014 18:05:52 Windows Update 11-04-2014 09:44:35 Windows Update 14-04-2014 21:27:47 Windows Update 15-04-2014 16:38:54 Windows Update 16-04-2014 10:43:27 Removed QLBCASL ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {16BB62E6-A89B-4DFB-BCE3-F75A23F8B3A9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-04] (Facebook Inc.) Task: {2A543878-7A91-4DA1-81D5-2753F4AC716B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {4410127F-8756-45D4-9BEF-5CD9D0DCEEE0} - \SpeedUpMyPC Startup ATTENTION ====> No Task File Task: {61F9AC68-036A-41BA-98A3-3FF4A95D4229} - \SpeedUpMyPC Maintenance ATTENTION ====> No Task File Task: {7795566C-0694-4F2D-A6C4-CF2722F6E4BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30] (Adobe Systems Incorporated) Task: {8320BD4E-28C7-426D-9570-5B8A61A14071} - \MySearchDial ATTENTION ====> No Task File Task: {9572EB78-6F60-4F78-A026-97A81A454122} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: {C6441921-8992-4C53-B66F-7E7DC726A46C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {CC969808-F2C1-4491-9195-E2856F0816C3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-04] (Facebook Inc.) Task: {DE11AFC9-B9B4-46CA-A7F2-E3B3C8909E9C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {DFDE54CF-55E7-4A27-AD5D-1F4AF4433B76} - System32\Tasks\{F826A647-66EC-4707-99FD-F9875470C78A} => C:\Program Files (x86)\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000Core.job => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090529953-2460283286-818632398-1000UA.job => C:\Users\sveni\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-08 23:49 - 2011-06-08 23:49 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3070_B611.dll 2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (04/17/2014 10:57:46 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (04/17/2014 10:57:17 AM) (Source: ACPI) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (04/16/2014 04:10:02 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 2039.3 MB Available physical RAM: 1093.55 MB Total Pagefile: 4078.61 MB Available Pagefile: 3004.54 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.05 GB) (Free:106.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (KONBOOT) (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1DDD9228) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 962 MB) (Disk ID: 000D01D4) Partition: GPT Partition Type. ==================== End Of Log ============================ |
17.04.2014, 12:01 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] C:\Users\ICH\AppData\Local\AnyProtectScannerSetup.exe C:\Windows\Tasks\APSnotifierPP2.job C:\Windows\Tasks\APSnotifierPP3.job C:\Windows\Tasks\APSnotifierPP1.job C:\Windows\System32\Tasks\APSnotifierPP1 C:\Windows\System32\Tasks\APSnotifierPP3 C:\Windows\System32\Tasks\APSnotifierPP2 C:\Users\ICH\Downloads\SpyHunter-Installer.exe C:\Users\ICH\Downloads\SpyHunter-Installer(1).exe C:\Users\ICH\AppData\Roaming\WB.CFG C:\Program Files\Enigma Software Group C:\Program Files (x86)\AnyProtectEx Task: {4410127F-8756-45D4-9BEF-5CD9D0DCEEE0} - \SpeedUpMyPC Startup ATTENTION ====> No Task File Task: {61F9AC68-036A-41BA-98A3-3FF4A95D4229} - \SpeedUpMyPC Maintenance ATTENTION ====> No Task File Task: {8320BD4E-28C7-426D-9570-5B8A61A14071} - \MySearchDial ATTENTION ====> No Task File Task: {C6441921-8992-4C53-B66F-7E7DC726A46C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {DE11AFC9-B9B4-46CA-A7F2-E3B3C8909E9C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung |
adobe, browser, ccsetup, defender, device driver, explorer, falsche startseite, fehlermeldung, firefox, flash player, homepage, iexplore.exe, internet, internet explorer, launch, mozilla, netzwerk, neustart, newtab, problem, proxy-server, registry, security, services.exe, software, svchost.exe, system, temp, tunnel, viel werbung, werbung, windows, winlogon.exe |