| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.05.2014, 17:32
| #1 |
 |  Windows 7: Webseiten werden auf Werbung umgeleitet Hallo, auf meinem Rechner (windows 7-64bit) hat mich die ständige Umleitung auf Werbeseiten stuzig gemacht. Eine Überprüfung mit Malwarebytes hat einige Infektionen gefunden. Die Scans aus eurer Anleitung habe ich bereits gemacht. Ist aber zu gross, um alles auf einmal zu posten. Von daher erstmal nur die Ergebnisse von Malwarebytes. Malwarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 09.05.2014 Scan Time: 07:07:49 Logfile: Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.09.04 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Admin-***** Scan Type: Threat Scan Result: Completed Objects Scanned: 344471 Time Elapsed: 6 min, 21 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe, 3988, , [a7b1b09fc5b688aeaa72dfa61ee440c0] Modules: 1 PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], Registry Keys: 160 PUP.Optional.ValueApps.A, HKLM\SOFTWARE\CLASSES\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4A36AF02-3E2F-47DD-A102-784D22E8C2B8}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B71BC738-1C95-4784-B6AF-5B0964B895D9}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B71BC738-1C95-4784-B6AF-5B0964B895D9}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4A36AF02-3E2F-47DD-A102-784D22E8C2B8}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\CLASSES\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}\INPROCSERVER32, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [a3b5bb946c0f8ea8cd39859f7e84e51b], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [a3b5bb946c0f8ea8cd39859f7e84e51b], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\CLASSES\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}, , [7fd971debac183b332bfdb490ff32bd5], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C9A54DFE-051F-49C5-9FC7-ECB81DC6C69F}, , [7fd971debac183b332bfdb490ff32bd5], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8050556E-4AD3-40BD-B338-7DBB0D5C10C8}, , [7fd971debac183b332bfdb490ff32bd5], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9011F634-B91C-400D-8CA2-E9E9A1FCC725}, , [7fd971debac183b332bfdb490ff32bd5], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E171D5FB-6763-4100-87CD-5F918979FBEA}, , [7fd971debac183b332bfdb490ff32bd5], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8050556E-4AD3-40BD-B338-7DBB0D5C10C8}, , [7fd971debac183b332bfdb490ff32bd5], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9011F634-B91C-400D-8CA2-E9E9A1FCC725}, , [7fd971debac183b332bfdb490ff32bd5], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E171D5FB-6763-4100-87CD-5F918979FBEA}, , [7fd971debac183b332bfdb490ff32bd5], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C9A54DFE-051F-49C5-9FC7-ECB81DC6C69F}, , [7fd971debac183b332bfdb490ff32bd5], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}, , [7fd971debac183b332bfdb490ff32bd5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, , [d385ef60413ae0564f1ba8b00ef44db3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, , [d385ef60413ae0564f1ba8b00ef44db3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, , [d385ef60413ae0564f1ba8b00ef44db3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, , [d385ef60413ae0564f1ba8b00ef44db3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, , [d385ef60413ae0564f1ba8b00ef44db3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, , [d385ef60413ae0564f1ba8b00ef44db3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, , [d385ef60413ae0564f1ba8b00ef44db3], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [ba9e9fb01a61d165d748f36507fb0000], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [ba9e9fb01a61d165d748f36507fb0000], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [ba9e9fb01a61d165d748f36507fb0000], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [ba9e9fb01a61d165d748f36507fb0000], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [ba9e9fb01a61d165d748f36507fb0000], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [ba9e9fb01a61d165d748f36507fb0000], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [3622b39ce69559dd2cf220388d75e21e], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [3622b39ce69559dd2cf220388d75e21e], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [3622b39ce69559dd2cf220388d75e21e], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [3622b39ce69559dd2cf220388d75e21e], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [3622b39ce69559dd2cf220388d75e21e], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [3622b39ce69559dd2cf220388d75e21e], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.BHO, , [30288dc2b1cacc6ad0d214956c97cd33], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.BHO.1, , [fc5c410ed2a96bcb871b456418eb8779], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.Sandbox, , [4e0ac689a3d837ffc4de208923e0f20e], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0053172.Sandbox.1, , [2038301f4536f442851d7d2c6f94ac54], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9, , [1b3d74dbef8cb185a07f5c29f30fad53], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine, , [f068dc735f1c33038b943451c141c838], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0, , [550356f92655132378a7c3c256ac6898], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3, , [61f73619106bce689886a9dc9969dc24], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync, , [9cbc9db24c2f82b40e1195f0709221df], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0, , [8ace56f9b1ca1c1a74ab8afb0af803fd], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass, , [f66250ff3d3e73c34bd43b4a16ec55ab], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1, , [0a4e63ecccaf66d038e7b3d20002629e], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass, , [2830da75d0ab37ff56c90580c33f53ad], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1, , [1e3ac38c3e3d37ffdf4044417f8338c8], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine, , [77e12a2544372e08e13eb1d4f90901ff], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0, , [7bdda2ad423975c1ba653154c939cd33], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine, , [da7eb09f8cef0d29041b5f26c53d58a8], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0, , [c98fcc8344375ed88b94642146bcd52b], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback, , [0850a1ae493222145bc42a5bca38728e], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, , [c98f173894e747ef1b047c091be7f30d], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc, , [0b4d85ca9cdf9e98031cf39208fa649c], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0, , [391f0847de9df244e03fceb7907259a7], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher, , [78e0c9866417bb7b001f5b2a7c86e719], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0, , [60f895baeb90a88e2df20c79966cb848], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService, , [b5a32e21bdbece682bf4ceb733cf8080], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0, , [27310946304bab8ba57a4d388c765fa1], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine, , [9cbcb89797e48aacc659770e8082f709], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0, , [dd7b311e2e4d6dc9bb64b0d5fc06a65a], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback, , [b4a4a1ae7a0183b3ea351e6742c022de], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0, , [2b2dc68962199f976bb4780d5aa86799], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc, , [62f6133c5922dc5adc435e275ba7d12f], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0, , [f95f094616653ef88e91dea739c941bf], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, , [3028bd923f3c8caa9a1ca9dc3ac8738d], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [292f7dd2bbc057dfc2c1f0c41de6966a], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, , [cd8b183784f7d95d2cf00b9f83800000], PUP.Optional.HQVid.A, HKLM\SOFTWARE\WOW6432NODE\HQVid8, , [a4b4a0afcead72c4d2b891f14bb728d8], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\SmartSaver+ 8, , [e57367e8b8c373c3d5982e5e6e9423dd], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, , [f860b59ac0bb5bdb1285fa8b9c668a76], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.BHO, , [c09881cecdae330330723f6ac63dcc34], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.BHO.1, , [25331f30146770c6445e525731d29c64], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.Sandbox, , [98c08cc315660c2aa00259506d96718f], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0053172.Sandbox.1, , [1048e26d6f0c80b6d9c9e4c51ee5b44c], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9, , [5afee7683249280e08176c19c83a52ae], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine, , [91c7c887ee8dc76fc55a2f5607fb5ca4], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0, , [38204c03651684b20e111c69f909a55b], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3, , [53053c13512a94a250cec4c121e110f0], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync, , [441453fca6d5122448d7fd88d42e748c], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0, , [75e3a0af097286b0fd22a6df867cd729], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass, , [24347ad56a11b77ff52a5e27b052b947], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1, , [312765ea3b40c2748f90790c8a787d83], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass, , [e3751f301b60f83ea17e6520d72b6d93], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1, , [fa5e5ff007743204cc533550f012c33d], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine, , [391f0c43502bf6404cd36322738f44bc], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0, , [a1b7f956067594a27aa5aed7fe04f60a], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine, , [322669e6afcc1d19b26d6b1a29d9d42c], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0, , [6bed0a45e398ed49120d99eca55dbd43], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback, , [14445ef1cbb0221428f76025b64cb44c], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, , [75e3470888f30e284dd24540d52d867a], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc, , [eb6d7dd26f0c979f2df22c59a161c13f], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0, , [3b1d0b44512aa88e1708a1e457abe11f], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher, , [4e0a420d8cef47efcd521f666b97cd33], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0, , [e96fb897116aeb4b908f8afb10f2e31d], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService, , [3f1988c7ee8dd06653cc572e7f83b947], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0, , [16421d32106bd0668e915530e81a26da], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine, , [99bfb39ce794c76feb343c49df23d52b], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0, , [aaaea4ab5b20d066e7387d083bc7847c], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback, , [4d0b5ff0bdbebb7b69b6364fc83a817f], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0, , [2335331c9ae1ff3764bb9de8ef13cc34], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc, , [ec6c3a15a4d7e05636e995f0dd25a858], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0, , [a0b8ef604338f4425cc3dda87b877b85], PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, , [0c4c044bd9a2ed494b08d8ae47bb966a], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\27058, , [7fd956f9215a92a45a5cccb90200bd43], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [de7af45bb4c755e13e45e2d2b54e827e], PUP.Optional.PCPerformer.A, HKLM\SOFTWARE\WOW6432NODE\PERFORMERSOFT\PC Performer, , [dd7b3b14e596c472ddd54f5a54afc33d], PUP.Optional.PriceMeter.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pricemeterliveUpdate, , [a7b1b09fc5b688aeaa72dfa61ee440c0], PUP.Optional.PriceMeter.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pricemeterliveUpdatem, , [a7b1b09fc5b688aeaa72dfa61ee440c0], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRICEMETERLIVEUPDATE.EXE, , [a7b1b09fc5b688aeaa72dfa61ee440c0], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRICEMETERLIVEUPDATE.EXE, , [a7b1b09fc5b688aeaa72dfa61ee440c0], PUP.Optional.BestMarkIt.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\best_markit, , [e17789c6e79467cf3ec9fd8869996d93], PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, , [2a2e4807a6d5b383ab1695ef788a1fe1], PUP.Optional.BestMarkIt.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\best_markit, , [85d39ab5285373c30601176e29d924dc], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [85d355fa3d3ede588bbfd7e622e13ac6], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [411769e6017aff37d872bc01e02303fd], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [4c0cf35cb7c42c0a75d5e1dc7f8409f7], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [dd7b71de611aaf875beffebf25dea060], PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-1673328631-1222144369-1283111628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, , [db7d4a0528539c9a269b34505da5ab55], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SmartSaver+ 8, , [b99fcb840c6f9a9c0f3cbab53ac87f81], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89449F37-4AB2-46ED-A566-BB3A7797701B}, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{89449F37-4AB2-46ED-A566-BB3A7797701B}, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F509ADC2-B40E-470F-A7B7-45191486B5CB}, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F509ADC2-B40E-470F-A7B7-45191486B5CB}, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.HQVid.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HQVid8, , [c296a6a917641f175bc57004c0423fc1], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511311172}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511311172}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKU\S-1-5-21-1673328631-1222144369-1283111628-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511311172}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511311172}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511311172}, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.M, HKU\S-1-5-21-1673328631-1222144369-1283111628-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511311172}, , [83d582cdc7b4a98ddcfbf25041c3d828], Registry Values: 4 PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [2632e867e39893a3ac3fd94b887a07f9], PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [2632e867e39893a3ac3fd94b887a07f9] PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [2632e867e39893a3ac3fd94b887a07f9] PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [2d2bcf80ccaf3afc7c6fe242cf33748c], Registry Data: 10 PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532),,[50088dc20774f73f80608ea7cb3931cf] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532&q={searchTerms}),,[5701e966afccf3437760df56f80c7e82] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532),,[81d7014e57242b0b05d095a00202d52b] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtA0F0FzzzzzytCtGyB0D0FzytG0BtBtAyBtGtAyEyCtAtGtBtCyDyEtBtC0Fzz0ByB0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1815429630&ir=, Good: (hxxp://www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtA0F0FzzzzzytCtGyB0D0FzytG0BtBtAyBtGtAyEyCtAtGtBtCyDyEtBtC0Fzz0ByB0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1815429630&ir=),,[2830f65913688bab0f64142bb15316ea] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[7ddb232c2f4c5dd99078a99748bce31d] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532),,[ca8e75da8cef2b0b865a2411778db749] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532&q={searchTerms}),,[f266ec637a0185b18f482d08b35152ae] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532),,[94c4b69991ea3df912c3290c1fe5be42] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtA0F0FzzzzzytCtGyB0D0FzytG0BtBtAyBtGtAyEyCtAtGtBtCyDyEtBtC0Fzz0ByB0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1815429630&ir=, Good: (hxxp://www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtA0F0FzzzzzytCtGyB0D0FzytG0BtBtAyBtGtAyEyCtAtGtBtCyDyEtBtC0Fzz0ByB0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1815429630&ir=),,[93c5331c7506989e492afa456e96d62a] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[5afec18eb4c7a59157b198a8d82c7a86] Folders: 38 PUP.Optional.ValueAppsplugin.A, C:\Program Files\Conduit\ValueApps, , [7ddb59f6b8c3c274e969f17c8979c23e], PUP.Optional.ValueAppsplugin.A, C:\Program Files\Conduit\ValueApps\IE, , [7ddb59f6b8c3c274e969f17c8979c23e], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 8, , [b99fcb840c6f9a9c0f3cbab53ac87f81], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\defaults, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\defaults\preferences, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\userCode, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\locale, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\locale\en-US, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\defaults, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\defaults\preferences, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\userCode, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\locale, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\locale\en-US, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\CrashReports, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Download, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Install, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Offline, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Offline\{02DCBC86-F320-4E9D-AB70-FA4E3275A813}, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.HQVid.A, C:\Program Files (x86)\HQVid8, , [c296a6a917641f175bc57004c0423fc1], Files: 297 PUP.Optional.ValueApps.A, C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll, , [e17785ca0f6caa8c833b2e1248b959a7], PUP.Optional.SearchProtect.A, C:\Users\Admin-*****\AppData\Local\Temp\nsy38B0.exe, , [10487fd07b001f174a51ae79b44d45bb], PUP.Optional.Conduit.A, C:\Users\Admin-*****\AppData\Local\Temp\~nsu.tmp\Au_.exe, , [d38564eb3c3fb97dd5b6b8643fc2857b], PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job, , [84d4fd52b7c4999d1d19dca81ce6d42c], PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job, , [5cfc39165a2133037bbba7dd8e74c739], PUP.Optional.CrossRider.A, C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-1.job, , [e96f74db1962d3639e984f35c83ac739], PUP.Optional.CrossRider.A, C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-3.job, , [4117143b94e791a54ee8f391867c758b], PUP.Optional.CrossRider.A, C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job, , [1f39e46b7dfef541c670a6def70bf907], PUP.Optional.CrossRider.A, C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job, , [b3a52e2125561d1955e10d77a9598878], PUP.Optional.CrossRider.A, C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job, , [a1b7fd526219280eb6806a1a8a788977], PUP.Optional.CrossRider.A, C:\Windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job, , [12468ec11c5fff3713236a1ada2842be], PUP.Optional.CrossRider.A, C:\Windows\Tasks\9f982d3a-dea4-4ac1-a6a7-8d3fd3d4b924-3.job, , [fb5dd679760554e2cd6998ec48babd43], PUP.Optional.CrossRider.A, C:\Windows\Tasks\9f982d3a-dea4-4ac1-a6a7-8d3fd3d4b924-4.job, , [c8900946215ae74f3204255f7290ee12], PUP.Optional.PriceMeter.A, C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job, , [a0b80a45e19a4bebae72d8addc268878], PUP.Optional.PriceMeter.A, C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job, , [13457bd40477270f80a04e37847e0ef2], PUP.Optional.PriceMeter.A, C:\Windows\Tasks\PriceMeterUpdater.job, , [2533202f39427cbae8392065818143bd], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [a5b3d57aea9172c4024cbfcdd72b7b85], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe, , [a7b1b09fc5b688aeaa72dfa61ee440c0], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 8\48926.crx, , [b99fcb840c6f9a9c0f3cbab53ac87f81], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 8\48926.xpi, , [b99fcb840c6f9a9c0f3cbab53ac87f81], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 8\9f982d3a-dea4-4ac1-a6a7-8d3fd3d4b924-3.exe, , [b99fcb840c6f9a9c0f3cbab53ac87f81], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 8\9f982d3a-dea4-4ac1-a6a7-8d3fd3d4b924-4.exe, , [b99fcb840c6f9a9c0f3cbab53ac87f81], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 8\Uninstall.exe, , [b99fcb840c6f9a9c0f3cbab53ac87f81], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome.manifest, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\install.rdf, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\background.html, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\baseObject.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\browser.xul, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\dialog.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\ffCoreFilesIndex.txt, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\main.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\options.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\options.xul, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\platformVersion.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\search_dialog.xul, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\asyncDB.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\background.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\browserAction.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\contextMenu.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\dbManager.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\dom_bg.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\fileManager.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\firefox.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\firefoxNotifications.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\firefoxOmnibox.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\message.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\pageAction.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\request.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\tabs.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\webRequest.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\windowsMessagingHandler.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\addressBarChangeObserver.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\console.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\consts.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\delegate.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\extensionDataStore.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\folderIOWrapper.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\httpObserver.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\IDBWrapper.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\installer.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\logFile.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\prefs.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\progressListenerObserver.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\registry.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\reloadObserver.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\reports.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\requestObject.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\searchSettings.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\uninstallObserver.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\updateManager.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\utils.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\xhr.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\defaults\preferences\prefs.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\manifest.xml, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins.json, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\1.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\102.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\104.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\13.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\14.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\16.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\17.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\177.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\180.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\182.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\183.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\191.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\193.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\207.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\21.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\211.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\22.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\223.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\244.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\246.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\28.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\4.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\47.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\64.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\72.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\78.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\91.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\93.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\98.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\userCode\background.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\userCode\extension.js, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\locale\en-US\translations.dtd, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\button1.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\button2.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\button3.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\button4.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\button5.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\crossrider_statusbar.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\icon128.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\icon16.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\icon24.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\icon48.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\panelarrow-up.png, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\popup.html, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\skin.css, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\update.css, , [421677d8532838fe51d786eb9a68dd23], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome.manifest, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\install.rdf, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\background.html, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\baseObject.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\browser.xul, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\dialog.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\ffCoreFilesIndex.txt, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\main.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\options.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\options.xul, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\platformVersion.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\search_dialog.xul, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\asyncDB.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\background.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\browserAction.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\contextMenu.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\dbManager.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\dom_bg.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\fileManager.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\firefox.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\firefoxNotifications.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\firefoxOmnibox.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\message.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\pageAction.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\request.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\tabs.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\webRequest.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\api\windowsMessagingHandler.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\addressBarChangeObserver.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\console.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\consts.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\delegate.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\extensionDataStore.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\folderIOWrapper.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\httpObserver.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\IDBWrapper.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\installer.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\logFile.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\prefs.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\progressListenerObserver.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\registry.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\reloadObserver.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\reports.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\requestObject.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\searchSettings.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\uninstallObserver.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\updateManager.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\utils.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\chrome\content\core\xhr.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\defaults\preferences\prefs.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\manifest.xml, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins.json, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\1.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\102.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\104.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\13.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\14.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\16.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\17.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\177.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\180.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\182.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\183.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\191.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\193.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\207.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\21.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\211.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\22.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\223.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\246.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\28.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\4.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\47.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\64.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\72.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\78.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\91.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\93.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\98.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\userCode\background.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\userCode\extension.js, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\locale\en-US\translations.dtd, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\button1.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\button2.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\button3.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\button4.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\button5.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\crossrider_statusbar.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\icon128.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\icon16.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\icon24.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\icon48.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\panelarrow-up.png, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\popup.html, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\skin.css, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\skin\update.css, , [05537cd3d9a264d29c8c601105fdd32d], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_de.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_el.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_en-GB.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_en.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_es-419.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_es.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_et.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fa.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fi.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fil.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fr.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_gu.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hi.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hr.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hu.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_id.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_it.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_iw.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ja.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_kn.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ko.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_lt.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_lv.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ml.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_mr.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ms.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_nl.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_no.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pl.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pt-BR.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pt-PT.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ro.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_am.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ar.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_bg.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_bn.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ca.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_cs.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sk.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sl.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sr.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sv.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sw.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ta.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_te.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_th.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_tr.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_uk.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ur.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_vi.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_zh-CN.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_zh-TW.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdate.exe, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateBroker.exe, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateHandler.exe, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateHelper.msi, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateOnDemand.exe, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\psmachine.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\psuser.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_da.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_is.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ru.dll, , [c098a5aa5724dc5a2b56b1c108fa7e82], PUP.Optional.HQVid.A, C:\Program Files (x86)\HQVid8\53172.crx, , [c296a6a917641f175bc57004c0423fc1], PUP.Optional.HQVid.A, C:\Program Files (x86)\HQVid8\53172.xpi, , [c296a6a917641f175bc57004c0423fc1], PUP.Optional.HQVid.A, C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.exe, , [c296a6a917641f175bc57004c0423fc1], PUP.Optional.HQVid.A, C:\Program Files (x86)\HQVid8\background.html, , [c296a6a917641f175bc57004c0423fc1], PUP.Optional.HQVid.A, C:\Program Files (x86)\HQVid8\HQVid8-bg.exe, , [c296a6a917641f175bc57004c0423fc1], PUP.Optional.HQVid.A, C:\Program Files (x86)\HQVid8\HQVid8-bho.dll, , [c296a6a917641f175bc57004c0423fc1], PUP.Optional.HQVid.A, C:\Program Files (x86)\HQVid8\HQVid8-bho64.dll, , [c296a6a917641f175bc57004c0423fc1], PUP.Optional.HQVid.A, C:\Program Files (x86)\HQVid8\HQVid8.ico, , [c296a6a917641f175bc57004c0423fc1], PUP.Optional.HQVid.A, C:\Program Files (x86)\HQVid8\Uninstall.exe, , [c296a6a917641f175bc57004c0423fc1], PUP.Optional.CrossRider.M, C:\Program Files (x86)\HQVid8.1\HQVid8.1-bho.dll, , [83d582cdc7b4a98ddcfbf25041c3d828], PUP.Optional.CrossRider.A, C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "145922b46fdfd4de0464c893ff7c4608");), ,[3d1b8fc0e29985b1d80be685f90b6c94] PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\prefs.js, Good: (), Bad: (user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.pluginsurl", "hxxp://js.clientdataservice.com/plugin/apps/48926/plugins/094/ff/plugins.json");), ,[1e3aea654e2d0d2911cfcf9c46be916f] PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "1459e36ccd5389c0926e01dab602d867");), ,[2c2cb59a6813d066c320fe6d838115eb] Physical Sectors: 0 (No malicious items detected) (end) |
|
09.05.2014, 17:51
| #2 |
| /// TB-Ausbilder   | Windows 7: Webseiten werden auf Werbung umgeleitet Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
09.05.2014, 18:41
| #3 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet FRST:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01
Ran by Admin-***** (administrator) on USER-PC on 09-05-2014 17:27:03
Running from C:\Users\Admin-*****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
() C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-12-03] (Acronis)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-16] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622104 2007-12-03] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [911184 2007-12-03] (Acronis)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-04-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1673328631-1222144369-1283111628-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1673328631-1222144369-1283111628-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1673328631-1222144369-1283111628-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1673328631-1222144369-1283111628-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1673328631-1222144369-1283111628-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1673328631-1222144369-1283111628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
Lsa: [Authentication Packages] msv1_0 relog_ap
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE5CDF5CA466BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtA0F0FzzzzzytCtGyB0D0FzytG0BtBtAyBtGtAyEyCtAtGtBtCyDyEtBtC0Fzz0ByB0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1815429630&ir=
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.206 80.69.100.182
FireFox:
========
FF ProfilePath: C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [125008 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company)
R3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
R2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4979992 2013-11-25] (INCA Internet Co., Ltd.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-04-06] ()
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498792 2007-12-03] ()
R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-02-11] (Ericsson AB)
S2 vosr; C:\Users\Tim Jäger\AppData\Roaming\VOPackage\VOsrv.exe [X]
==================== Drivers (Whitelisted) ====================
U0 ammpce; C:\Windows\System32\drivers\rqlbgbjq.sys [79064 2014-05-09] (Malwarebytes Corporation)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-03-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
S3 h36wgps; C:\Windows\system32\drivers\h36wgps64.sys [101416 2010-12-02] (Ericsson AB)
R0 johci; C:\Windows\System32\drivers\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-03-28] ()
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-09] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 SL4Usb; C:\Windows\System32\Drivers\SL4Usb.sys [49144 2013-07-09] (Cristalink Ltd)
S3 SL4UsbNoSSL; C:\Windows\System32\Drivers\SL4UsbNoSSL.sys [49144 2013-07-09] (Cristalink Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
S3 strmdrvk; C:\Windows\System32\Drivers\strmdrvk.sys [35912 2011-05-30] (Rane Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-03-27] (StdLib)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
S3 SzCCID; system32\DRIVERS\SzCCID.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-09 17:27 - 2014-05-09 17:27 - 00022315 _____ () C:\Users\Admin-*****\Desktop\FRST.txt
2014-05-09 17:26 - 2014-05-09 17:27 - 00000000 ____D () C:\FRST
2014-05-09 17:26 - 2014-05-09 17:26 - 02064384 _____ (Farbar) C:\Users\Admin-*****\Desktop\FRST64.exe
2014-05-09 17:23 - 2014-05-09 17:23 - 00000484 _____ () C:\Users\Admin-*****\Desktop\defogger_disable.log
2014-05-09 17:23 - 2014-05-09 17:23 - 00000000 _____ () C:\Users\Admin-*****\defogger_reenable
2014-05-09 17:22 - 2014-05-09 17:21 - 00050477 _____ () C:\Users\Admin-*****\Desktop\Defogger.exe
2014-05-09 17:03 - 2014-05-09 17:03 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\rqlbgbjq.sys
2014-05-09 16:54 - 2014-05-09 16:54 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard_Developme
2014-05-09 07:37 - 2014-04-29 18:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-09 07:37 - 2014-04-29 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-09 07:37 - 2014-04-29 16:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-09 07:37 - 2014-04-29 16:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-09 06:59 - 2014-05-09 06:59 - 00003144 _____ () C:\Windows\System32\Tasks\{4958827E-B60F-4C00-852B-75509BCB7158}
2014-05-09 06:59 - 2014-05-09 06:59 - 00003140 _____ () C:\Windows\System32\Tasks\{B497F898-4C90-4039-9B47-4CEB2970DBA9}
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-09 06:57 - 2014-05-09 06:57 - 00003154 _____ () C:\Windows\System32\Tasks\{E34B49F4-1CA8-43F0-8875-63915DD163F4}
2014-05-09 06:52 - 2014-05-09 16:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 06:52 - 2014-05-09 06:52 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 06:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 06:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 06:51 - 2014-05-09 06:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-09 06:50 - 2014-05-09 06:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-01 11:49 - 2014-05-01 11:50 - 00000000 ____D () C:\Users\User\Desktop\Scratch Live 2.5.0
2014-04-26 17:30 - 2014-04-26 17:30 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_strmdrvk_01007.Wdf
2014-04-26 17:27 - 2014-04-26 17:27 - 00000000 ____D () C:\Program Files\Rane
2014-04-26 17:27 - 2013-07-09 12:28 - 00049144 _____ (Cristalink Ltd) C:\Windows\system32\Drivers\SL4Usb.sys
2014-04-26 17:27 - 2011-05-30 11:13 - 00611400 _____ () C:\Windows\system32\RaneAsioSL4.dll
2014-04-26 17:27 - 2011-05-30 11:12 - 00035912 _____ (Rane Corporation) C:\Windows\system32\Drivers\strmdrvk.sys
2014-04-26 17:27 - 2011-05-30 11:09 - 00540672 _____ () C:\Windows\SysWOW64\RaneAsioSL4.dll
2014-04-26 17:26 - 2013-07-09 12:28 - 00049144 _____ (Cristalink Ltd) C:\Windows\system32\Drivers\SL4UsbNoSSL.sys
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-04-25 07:29 - 2014-04-26 17:26 - 00002158 _____ () C:\Users\Admin-*****\Desktop\Scratch Live.lnk
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-04-25 07:19 - 2014-04-25 07:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-04-25 04:33 - 2014-04-25 04:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-24 07:47 - 2014-04-24 07:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-24 07:29 - 2014-04-24 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Avira
2014-04-24 07:28 - 2014-05-09 07:19 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\CrashDumps
2014-04-24 07:20 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-24 07:20 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-24 07:20 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-24 07:19 - 2014-04-24 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-24 07:19 - 2014-04-24 07:20 - 00000000 ____D () C:\ProgramData\Avira
2014-04-24 07:19 - 2014-04-24 07:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-24 07:19 - 2014-04-24 07:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-24 07:19 - 2014-04-24 07:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-24 07:16 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-24 07:16 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-24 07:11 - 2014-04-24 07:17 - 00004128 _____ () C:\Windows\IE11_main.log
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-04-24 07:11 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-24 07:11 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-24 07:11 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-24 07:11 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-24 07:11 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-24 07:11 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-24 07:11 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-24 07:11 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-24 07:11 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-24 07:11 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-24 07:11 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-24 07:11 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-24 07:11 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-24 07:11 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-24 07:11 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-24 07:11 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-24 07:10 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-24 07:10 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-24 07:10 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-24 07:10 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-24 06:53 - 2014-04-24 06:53 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-24 06:50 - 2014-04-24 06:50 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Macromedia
2014-04-24 06:43 - 2014-04-24 06:43 - 00000677 _____ () C:\Users\Admin-*****\Desktop\000_INSTALL - Verknüpfung.lnk
2014-04-24 06:35 - 2014-05-09 17:23 - 00000000 ____D () C:\Users\Admin-*****
2014-04-24 06:35 - 2014-04-24 06:35 - 00058408 _____ () C:\Users\Admin-*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 06:35 - 2014-04-24 06:35 - 00001425 _____ () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00000020 ___SH () C:\Users\Admin-*****\ntuser.ini
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Vorlagen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Startmenü
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Netzwerkumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Lokale Einstellungen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Eigene Dateien
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Druckumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Musik
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Bilder
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Verlauf
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Synaptics
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Intel Corporation
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Infineon
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\hpqLog
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\DigitalPersona
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Adobe
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\VirtualStore
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\PDFC
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\DigitalPersona
2014-04-24 06:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-24 06:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-22 22:53 - 2014-04-22 22:53 - 00000000 ____D () C:\Users\User\AppData\Local\Hewlett-Packard_Developme
2014-04-22 22:08 - 2014-04-25 06:08 - 00000000 ____D () C:\ProgramData\Acronis
2014-04-22 22:08 - 2014-04-22 22:08 - 00711712 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-04-22 22:08 - 2014-04-22 22:08 - 00081952 _____ (Acronis) C:\Windows\system32\Drivers\tifsfilt.sys
2014-04-22 22:08 - 2007-02-16 16:40 - 00011264 _____ (Acronis) C:\Windows\system32\relog_ap.dll
2014-04-22 22:07 - 2014-04-22 22:07 - 00593952 _____ (Acronis) C:\Windows\system32\Drivers\tdrpman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00229408 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00001099 _____ () C:\Users\Public\Desktop\Acronis*True*Image*Home 11.0.lnk
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-04-17 11:14 - 2014-04-26 15:35 - 00000000 ____D () C:\Users\User\AppData\Local\PDFC
2014-04-17 11:14 - 2014-04-17 11:14 - 00058408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 11:14 - 2014-04-17 11:14 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-17 11:14 - 2014-04-17 11:14 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Vorlagen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Startmenü
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Netzwerkumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Lokale Einstellungen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Eigene Dateien
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Druckumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Musik
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Bilder
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Verlauf
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Synaptics
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Intel Corporation
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Infineon
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\hpqLog
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DigitalPersona
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\DigitalPersona
2014-04-17 11:14 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-17 11:14 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-10 14:44 - 2014-04-10 14:44 - 00000253 _____ () C:\Windows\DtcInstall.log
2014-04-10 14:29 - 2014-04-10 14:33 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Roxio Log Files
2014-04-10 14:29 - 2014-04-10 14:29 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Roxio
2014-04-10 14:26 - 2014-04-10 14:26 - 00003122 _____ () C:\Windows\System32\Tasks\{C40AA631-E4A7-4922-95F7-B1B317743B85}
2014-04-10 14:25 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 14:25 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 14:25 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 14:25 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 14:25 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 14:25 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 14:25 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 14:25 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 14:25 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 14:25 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 14:25 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 14:25 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 14:25 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 14:25 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 14:25 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 14:25 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 14:25 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 14:14 - 2014-04-23 05:34 - 00001425 _____ () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-10 14:14 - 2014-04-10 14:40 - 00058408 _____ () C:\Users\Hp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-10 14:14 - 2014-04-10 14:14 - 00002251 _____ () C:\Users\Hp\Desktop\Google Chrome.lnk
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ___RD () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ___RD () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Synaptics
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Intel Corporation
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Infineon
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\hpqLog
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\DigitalPersona
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Adobe
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Local\PDFC
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Local\DigitalPersona
2014-04-10 14:13 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp
2014-04-10 14:13 - 2014-04-10 14:13 - 00000020 ___SH () C:\Users\Hp\ntuser.ini
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Vorlagen
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Startmenü
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Netzwerkumgebung
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Lokale Einstellungen
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Eigene Dateien
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Druckumgebung
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Documents\Eigene Musik
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Documents\Eigene Bilder
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\AppData\Local\Verlauf
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\AppData\Local\Anwendungsdaten
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Anwendungsdaten
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 ____D () C:\Users\Hp\AppData\Local\VirtualStore
2014-04-10 14:13 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-10 14:13 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
2014-05-09 17:27 - 2014-05-09 17:27 - 00022315 _____ () C:\Users\Admin-*****\Desktop\FRST.txt
2014-05-09 17:27 - 2014-05-09 17:26 - 00000000 ____D () C:\FRST
2014-05-09 17:26 - 2014-05-09 17:26 - 02064384 _____ (Farbar) C:\Users\Admin-*****\Desktop\FRST64.exe
2014-05-09 17:26 - 2014-04-03 22:49 - 00665150 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 17:25 - 2009-08-30 07:25 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-09 17:25 - 2009-08-30 07:25 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-09 17:25 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 17:23 - 2014-05-09 17:23 - 00000484 _____ () C:\Users\Admin-*****\Desktop\defogger_disable.log
2014-05-09 17:23 - 2014-05-09 17:23 - 00000000 _____ () C:\Users\Admin-*****\defogger_reenable
2014-05-09 17:23 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****
2014-05-09 17:21 - 2014-05-09 17:22 - 00050477 _____ () C:\Users\Admin-*****\Desktop\Defogger.exe
2014-05-09 17:12 - 2014-03-27 17:02 - 00000306 _____ () C:\Windows\Tasks\MySearchDial.job
2014-05-09 17:11 - 2014-04-05 10:11 - 00000290 _____ () C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job
2014-05-09 17:03 - 2014-05-09 17:03 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\rqlbgbjq.sys
2014-05-09 17:03 - 2014-03-31 21:20 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1
2014-05-09 17:03 - 2014-03-28 23:01 - 00000000 ____D () C:\Program Files\Conduit
2014-05-09 17:03 - 2014-03-27 21:51 - 00000000 ____D () C:\Program Files (x86)\PriceMeterLiveUpdate
2014-05-09 16:54 - 2014-05-09 16:54 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard_Developme
2014-05-09 16:50 - 2009-07-14 06:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 16:50 - 2009-07-14 06:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 16:45 - 2014-05-09 06:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 16:43 - 2012-05-02 15:37 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-09 16:43 - 2012-05-02 15:37 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-05-09 16:42 - 2014-04-04 06:58 - 00005772 _____ () C:\Windows\setupact.log
2014-05-09 16:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-09 07:34 - 2014-04-03 20:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-09 07:19 - 2014-04-24 07:28 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\CrashDumps
2014-05-09 07:00 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 06:59 - 2014-05-09 06:59 - 00003144 _____ () C:\Windows\System32\Tasks\{4958827E-B60F-4C00-852B-75509BCB7158}
2014-05-09 06:59 - 2014-05-09 06:59 - 00003140 _____ () C:\Windows\System32\Tasks\{B497F898-4C90-4039-9B47-4CEB2970DBA9}
2014-05-09 06:59 - 2014-04-04 11:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-09 06:57 - 2014-05-09 06:57 - 00003154 _____ () C:\Windows\System32\Tasks\{E34B49F4-1CA8-43F0-8875-63915DD163F4}
2014-05-09 06:52 - 2014-05-09 06:52 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-03-28 23:02 - 00004208 _____ () C:\Windows\System32\Tasks\Software Updater
2014-05-09 06:51 - 2014-05-09 06:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-09 06:50 - 2014-05-09 06:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-01 11:50 - 2014-05-01 11:49 - 00000000 ____D () C:\Users\User\Desktop\Scratch Live 2.5.0
2014-04-29 18:00 - 2014-05-09 07:37 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 17:24 - 2014-05-09 07:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 16:47 - 2014-05-09 07:37 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 16:14 - 2014-05-09 07:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 17:30 - 2014-04-26 17:30 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_strmdrvk_01007.Wdf
2014-04-26 17:27 - 2014-04-26 17:27 - 00000000 ____D () C:\Program Files\Rane
2014-04-26 17:26 - 2014-04-25 07:29 - 00002158 _____ () C:\Users\Admin-*****\Desktop\Scratch Live.lnk
2014-04-26 15:35 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\PDFC
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-04-25 07:19 - 2014-04-25 07:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-04-25 06:08 - 2014-04-22 22:08 - 00000000 ____D () C:\ProgramData\Acronis
2014-04-25 04:33 - 2014-04-25 04:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-25 04:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-24 07:47 - 2014-04-24 07:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-24 07:29 - 2014-04-24 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Avira
2014-04-24 07:26 - 2014-04-04 18:45 - 00355214 _____ () C:\Windows\PFRO.log
2014-04-24 07:26 - 2014-03-26 21:57 - 00000000 ____D () C:\ProgramData\Norton
2014-04-24 07:20 - 2014-04-24 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-24 07:20 - 2014-04-24 07:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-24 07:20 - 2014-04-24 07:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-24 07:19 - 2014-04-24 07:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-24 07:19 - 2014-04-24 07:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-24 07:17 - 2014-04-24 07:11 - 00004128 _____ () C:\Windows\IE11_main.log
2014-04-24 07:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-04-24 07:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-04-24 07:11 - 2012-05-02 15:02 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-24 06:54 - 2014-03-26 21:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-24 06:53 - 2014-04-24 06:53 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-24 06:50 - 2014-04-24 06:50 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Macromedia
2014-04-24 06:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-24 06:43 - 2014-04-24 06:43 - 00000677 _____ () C:\Users\Admin-*****\Desktop\000_INSTALL - Verknüpfung.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00058408 _____ () C:\Users\Admin-*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 06:35 - 2014-04-24 06:35 - 00001425 _____ () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00000020 ___SH () C:\Users\Admin-*****\ntuser.ini
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Vorlagen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Startmenü
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Netzwerkumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Lokale Einstellungen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Eigene Dateien
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Druckumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Musik
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Bilder
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Verlauf
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Synaptics
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Intel Corporation
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Infineon
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\hpqLog
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\DigitalPersona
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Adobe
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\VirtualStore
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\PDFC
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\DigitalPersona
2014-04-23 05:34 - 2014-04-10 14:14 - 00001425 _____ () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-22 22:53 - 2014-04-22 22:53 - 00000000 ____D () C:\Users\User\AppData\Local\Hewlett-Packard_Developme
2014-04-22 22:08 - 2014-04-22 22:08 - 00711712 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-04-22 22:08 - 2014-04-22 22:08 - 00081952 _____ (Acronis) C:\Windows\system32\Drivers\tifsfilt.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00593952 _____ (Acronis) C:\Windows\system32\Drivers\tdrpman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00229408 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00001099 _____ () C:\Users\Public\Desktop\Acronis*True*Image*Home 11.0.lnk
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-04-17 11:15 - 2014-03-30 16:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-17 11:14 - 2014-04-17 11:14 - 00058408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 11:14 - 2014-04-17 11:14 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-17 11:14 - 2014-04-17 11:14 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Vorlagen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Startmenü
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Netzwerkumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Lokale Einstellungen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Eigene Dateien
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Druckumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Musik
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Bilder
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Verlauf
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Synaptics
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Intel Corporation
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Infineon
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\hpqLog
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DigitalPersona
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\DigitalPersona
2014-04-17 11:14 - 2012-12-10 11:33 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-14 04:24 - 2014-04-24 07:10 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-24 07:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-10 14:45 - 2012-05-02 06:30 - 00000000 ____D () C:\Windows\Panther
2014-04-10 14:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-10 14:44 - 2014-04-10 14:44 - 00000253 _____ () C:\Windows\DtcInstall.log
2014-04-10 14:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-10 14:40 - 2014-04-10 14:14 - 00058408 _____ () C:\Users\Hp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-10 14:39 - 2012-05-02 15:40 - 00000000 ____D () C:\ProgramData\Uninstall
2014-04-10 14:39 - 2009-07-14 06:45 - 00276584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 14:36 - 2014-03-30 21:22 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-10 14:35 - 2012-05-02 15:41 - 00000000 ____D () C:\ProgramData\Sonic
2014-04-10 14:34 - 2012-05-02 15:40 - 00000000 ____D () C:\ProgramData\Roxio
2014-04-10 14:33 - 2014-04-10 14:29 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Roxio Log Files
2014-04-10 14:30 - 2012-05-02 15:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-10 14:29 - 2014-04-10 14:29 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Roxio
2014-04-10 14:28 - 2014-03-30 21:09 - 00000000 ____D () C:\ProgramData\WPM
2014-04-10 14:27 - 2014-03-26 22:09 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-04-10 14:26 - 2014-04-10 14:26 - 00003122 _____ () C:\Windows\System32\Tasks\{C40AA631-E4A7-4922-95F7-B1B317743B85}
2014-04-10 14:24 - 2014-03-28 23:00 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-10 14:14 - 2014-04-10 14:14 - 00002251 _____ () C:\Users\Hp\Desktop\Google Chrome.lnk
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ___RD () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ___RD () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Synaptics
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Intel Corporation
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Infineon
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\hpqLog
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\DigitalPersona
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Adobe
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Local\PDFC
2014-04-10 14:14 - 2014-04-10 14:14 - 00000000 ____D () C:\Users\Hp\AppData\Local\DigitalPersona
2014-04-10 14:14 - 2014-04-10 14:13 - 00000000 ____D () C:\Users\Hp
2014-04-10 14:13 - 2014-04-10 14:13 - 00000020 ___SH () C:\Users\Hp\ntuser.ini
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Vorlagen
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Startmenü
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Netzwerkumgebung
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Lokale Einstellungen
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Eigene Dateien
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Druckumgebung
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Documents\Eigene Musik
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Documents\Eigene Bilder
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\AppData\Local\Verlauf
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\AppData\Local\Anwendungsdaten
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 _SHDL () C:\Users\Hp\Anwendungsdaten
2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 ____D () C:\Users\Hp\AppData\Local\VirtualStore
Some content of TEMP:
====================
C:\Users\Admin-*****\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 08:04
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2014 01
Ran by Admin-***** at 2014-05-09 17:27:23
Running from C:\Users\Admin-*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acronis*True*Image*Home (HKLM-x32\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8064 - Acronis)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{D5526B83-25C4-88A8-A984-98F871DA1415}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{f470942e-6237-4c78-ba45-7e9b17a95709}) (Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0206.1335.24298 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help English (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help French (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help German (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
ccc-utility64 (Version: 2011.0206.1335.24298 - ATI) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Embedded Security for HP ProtectTools (HKLM\...\{87821717-5688-4AE6-887A-6B11571D0CD7}) (Version: 6.0.100.2572 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Client Automation Agent Preload (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.3.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.00.888 - Hewlett-Packard Company) Hidden
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HQVid8.1 (HKLM-x32\...\HQVid8.1) (Version: 1.34.3.28 - High-QualityV9) <==== ATTENTION
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.20.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.56.1 - JMicron Technology Corp.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rane SL 4 (ver. 1.0.1f4) (HKLM\...\RaneAsioSL4_is1) (Version: - Rane Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Scratch Live 2.5.0 (11) (HKLM-x32\...\{EA21EB55-073F-4CF5-A964-0412E755955A}) (Version: 2.5.0 - Serato Inc LP)
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Shopping Helper Smartbar (HKLM-x32\...\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1BC22A45-F2A8-4EC0-AC70-2C35A54E4CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1D4FE741-660B-4181-A426-46ED0AA15869} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {22A065E0-AF10-4381-AC16-3C282751EBDE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {28F1AAE3-F8EE-4535-A31D-AB053F5F4160} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)
Task: {351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} - System32\Tasks\Freemium1ClickMaint => C:\Program Files (x86)\Covus Freemium\Free System Utilities\1Click.exe
Task: {461B3278-D291-4145-AC48-736CBC027E5A} - System32\Tasks\pricemetertask => C:\Users\Tim Jäger\AppData\Local\PriceMeter\pricemeter.exe <==== ATTENTION
Task: {4FA62DF8-9D65-4D8E-A714-2CCE6D3F3A95} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {50CCEF51-92A2-4ADC-AEA4-5525FD59A58A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {59822E90-B4D5-4FB3-951B-F6C986C7B3B2} - System32\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => C:\Program Files\V-bates\PrefHelper.exe
Task: {5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} - System32\Tasks\pricemeterwatcher => C:\Users\Tim Jäger\AppData\Local\PriceMeter\pricemeterw.exe <==== ATTENTION
Task: {7882B8C7-28A6-4837-83C3-BC1F6826A8DA} - System32\Tasks\MySearchDial => C:\Users\TIMJGE~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {798496F1-23F1-4B3E-9353-4B32AD0C79A8} - System32\Tasks\AppCloudUpdater => C:\Users\TIMJGE~1\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2014-02-12] ()
Task: {9DC2B816-2301-4175-BE94-3B85A2E8A195} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B1815EC6-14FB-4624-87D8-5A350CAA44F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-03] (Adobe Systems Incorporated)
Task: {D9C29D9B-34AF-4FE0-AB52-17B8FF42999E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E118032A-D576-4A50-A416-D76DED81F3D4} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2014-03-28] ()
Task: {E285CBD6-5A6D-4E9B-80FE-4F161265D318} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F5154549-3FBE-40C3-A9A3-021B6EE81AEC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} - System32\Tasks\pricemeterdownloader => C:\Users\Tim Jäger\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\TIMJGE~1\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\TIMJGE~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-01-31 20:54 - 2011-01-31 20:54 - 00107008 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 13:04 - 2011-02-09 13:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-12-07 07:17 - 2010-12-07 07:17 - 00204112 _____ () C:\Windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\Windows\system32\LIBEAY32.dll
2011-02-09 12:28 - 2011-02-09 12:28 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2007-12-03 11:26 - 2007-12-03 11:26 - 00498792 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2014-03-27 21:51 - 2014-03-27 21:51 - 00150504 _____ () C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
2011-02-09 12:51 - 2011-02-09 12:51 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-01-27 03:14 - 2011-01-27 03:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2012-05-02 15:35 - 2011-01-27 02:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00080440 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00047160 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2010-06-24 11:21 - 2010-06-24 11:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-04-24 07:20 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-02-09 12:48 - 2011-02-09 12:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 12:27 - 2011-02-09 12:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 12:51 - 2011-02-09 12:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 12:29 - 2011-02-09 12:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 12:30 - 2011-02-09 12:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2012-05-02 15:10 - 2010-02-17 20:20 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2014-04-15 19:00 - 2014-04-15 19:00 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-04-15 18:59 - 2014-04-15 18:59 - 00064592 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-27 21:51 - 2014-03-27 21:51 - 00819688 _____ () C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2007-12-03 10:58 - 2007-12-03 10:58 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2014-04-24 07:21 - 2014-04-15 18:59 - 00049744 _____ () C:\Users\Admin-*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-04-04 18:38 - 2014-04-04 18:38 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-05-02 15:08 - 2011-01-13 03:56 - 00058880 ____R () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-06-24 11:19 - 2010-06-24 11:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-04-24 06:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00C" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00A" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "006" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "001" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
System errors:
=============
Error: (05/09/2014 04:42:42 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Service Component of VO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/09/2014 04:42:41 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/09/2014 04:42:41 PM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/09/2014 07:37:29 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Service Component of VO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/09/2014 07:37:27 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/09/2014 07:37:27 AM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/09/2014 07:28:37 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Service Component of VO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/09/2014 07:28:36 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/09/2014 07:28:36 AM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/09/2014 07:11:25 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Service Component of VO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 08168020000002D010000
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0138020000002D010000
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0108020000002D010000
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 00C8020000002D010000
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 00A8020000002D010000
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0068020000002D010000
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0018020000002D010000
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0816120200000000000000AF000000
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 013120200000000000000AF000000
Error: (05/09/2014 05:25:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 010120200000000000000AF000000
==================== Memory info ===========================
Percentage of memory in use: 65%
Total physical RAM: 4046.36 MB
Available physical RAM: 1383.04 MB
Total Pagefile: 8090.9 MB
Available Pagefile: 5029.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:115.23 GB) (Free:79.95 GB) NTFS
Drive d: (HP_TOOLS) (Fixed) (Total:9.99 GB) (Free:9.99 GB) FAT32
Drive e: (MUSIK) (Fixed) (Total:113.14 GB) (Free:2.07 GB) NTFS
Drive i: (PHONE CARD) (Removable) (Total:1.86 GB) (Free:1.75 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: B71EBFEC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=115 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=113 GB) - (Type=05)
Partition 4: (Not Active) - (Size=10 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
10.05.2014, 08:50
| #4 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 5 Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan. FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt). Poste mir beide Logdateien mit deiner nächsten Antwort. Bitte poste mit deiner nächsten Antwort
|
|
11.05.2014, 12:27
| #5 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet Hallo Matthias, hier die entsprechenden Logfiles: ADW-Cleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.207 - Bericht erstellt am 11/05/2014 um 12:19:14
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Admin-***** - USER-PC
# Gestartet von : C:\Users\Admin-*****\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SystemStoreService
[#] Dienst Gelöscht : vosr
Dienst Gelöscht : wStLibG64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\PriceMeterLiveUpdate
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\VOPackage
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\Tasks\AppCloudUpdater.job
Datei Gelöscht : C:\Windows\System32\Tasks\AppCloudUpdater
Datei Gelöscht : C:\Windows\System32\Tasks\Freemium1ClickMaint
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial
Datei Gelöscht : C:\Windows\System32\Tasks\pricemeterdownloader
Datei Gelöscht : C:\Windows\System32\Tasks\pricemetertask
Datei Gelöscht : C:\Windows\System32\Tasks\pricemeterwatcher
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLivid.torrent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\SoftwareUpdater
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\mysearchdial
Schlüssel Gelöscht : HKLM\Software\PerformerSoft
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [6946 octets] - [11/05/2014 12:17:42]
AdwCleaner[S0].txt - [6409 octets] - [11/05/2014 12:19:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6469 octets] ##########
JUnkware Removal Tool: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Admin-***** on 11.05.2014 at 12:27:37,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricemeterd_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricemeterd_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricemeterd_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricemeterd_RASMANCS
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\user.js
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.05.2014 at 12:32:08,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.05.2014 Suchlauf-Zeit: 12:51:45 Logdatei: 140511_1253_MBAM_ber.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.11.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Admin-***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 346355 Verstrichene Zeit: 10 Min, 14 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) hier weitere Logfiles: zoek: Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Admin-***** on 11.05.2014 at 12:58:28,42.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Admin-*****\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11.05.2014 12:59:25 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\ADMIN-~1\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\prefs.js:
Added to C:\Users\ADMIN-~1\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\prefs.js:
Added to C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\ADMIN-~1\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default
user.js not found
---- Lines a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926 removed from prefs.js ----
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.a16eede4812e94c79bd54c82622138533630d8a3473af4e0
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.a16eede4812e94c79bd54c82622138533630d8a3473af4e0
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.active", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.addressbar", "NA");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.addressbarenhanced", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb.was_copied", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb_dbWasSet", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb.was_copied", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.backgroundver", 1);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.certdomaininstaller", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.changeprevious", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallationTime.value", "%221396531389%2
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.description", "We give superior shopping experie
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.domain", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.enablesearch", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.homepage", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.iframe", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.InstallationThankYouPage", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.InstallationTime", 1396531389);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_appVer.value", "28");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_nextCheck.expiration", "Fri
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.lastDailyReport", "1399647318133");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.lastUpdate", "1399647317331");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.manifesturl", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.name", "SmartSaver+ 8");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.newtab", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.opensearch", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.pluginsurl", "hxxp://js.clientdemostack.com/plug
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.pluginsversion", 22);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.publisher", "smart-saverplus");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.searchstatus", 0);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.setnewtab", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.thankyou", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.updateinterval", 360);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.ver", 28);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.apps", "48926");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.bic", "145922b46fdfd4de0464c893ff7c4608");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.cid", 48926);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.FilesValidatorDueTime", "1399647376590");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.firstrun", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.hadappinstalled", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.installationdate", 1399647317);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.modetype", "production");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.reportInstall", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----
prefs__1306_.backup
ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default
user.js not found
---- Lines a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926 removed from prefs.js ----
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.a16eede4812e94c79bd54c82622138533630d8a3473af4e0
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.a16eede4812e94c79bd54c82622138533630d8a3473af4e0
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.active", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.addressbar", "NA");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.addressbarenhanced", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb.was_copied", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb_dbWasSet", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb.was_copied", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.backgroundver", 1);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.certdomaininstaller", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.changeprevious", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallationTime.value", "%221396531389%2
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.description", "We give superior shopping experie
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.domain", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.enablesearch", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.homepage", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.iframe", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.InstallationThankYouPage", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.InstallationTime", 1396531389);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledUrls.value
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_appVer.value", "27");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_nextCheck.expiration", "Thu
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.lastDailyReport", "1398937313883");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.lastUpdate", "1398937349248");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.manifesturl", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.name", "SmartSaver+ 8");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.newtab", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.opensearch", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.pluginsversion", 21);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.publisher", "smart-saverplus");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.searchstatus", 0);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.setnewtab", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.thankyou", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.updateinterval", 360);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.ver", 27);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.apps", "48926");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.bic", "1459e36ccd5389c0926e01dab602d867");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.cid", 48926);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.FilesValidatorDueTime", "1398937373242");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.firstrun", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.hadappinstalled", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.installationdate", 1398518763);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.modetype", "production");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.reportInstall", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.statsDailyCounter", 2);
---- FireFox user.js and prefs.js backups ----
prefs__1306_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Covus Freemium deleted
C:\PROGRA~3\Package Cache deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"otis@digitalpersona.com"="C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt" [02.05.2012 15:37]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03.03.2014 10:53]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on Users Desktops ======================
C:\Users\Admin-*****\Desktop\000_INSTALL - Verknüpfung.lnk -
C:\Users\Admin-*****\Desktop\Scratch Live.lnk - C:\Program Files (x86)\Serato\ScratchLIVE\ScratchLive.exe
C:\Users\Gast\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Hp\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\Desktop\Scratch Live 2.5.0\asio_installer - Verknüpfung.lnk -
C:\Users\User\Desktop\Scratch Live 2.5.0\driver_updater - Verknüpfung.lnk -
C:\Users\User\Desktop\Scratch Live 2.5.0\remove_all_drivers - Verknüpfung.lnk -
C:\Users\User\Desktop\Scratch Live 2.5.0\ScratchLive - Verknüpfung.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Acronis*True*Image*Home 11.0.lnk -
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\HP Connection Manager.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe -FromDesktop
C:\Users\Public\Desktop\HP Software Setup.lnk - C:\swsetup\appinstl\hpsoftwaresetup.exe
C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato\Scratch LIVE\Install ASIO Drivers.lnk - C:\Program Files (x86)\Serato\asio_installer.bat
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato\Scratch LIVE\Scratch Live.lnk - C:\Program Files (x86)\Serato\ScratchLIVE\ScratchLive.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato\Scratch LIVE\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /x{EA21EB55-073F-4CF5-A964-0412E755955A}
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato\Scratch LIVE\Update Drivers.lnk - C:\Program Files (x86)\Serato\driver_updater.bat -noasio
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis*True*Image*Home\Acronis*True*Image*Home.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis*True*Image*Home\Rescue Media Builder.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira im Internet.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\My Avira\Avira.lnk - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://istart.webssearches.com/?type=sc&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://istart.webssearches.com/?type=sc&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer (2).lnk - C:\Windows\explorer.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player (2).lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ScratchLive - Verknüpfung.lnk -
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
==== shortcuts After Repair ======================
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin-*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin-*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\0ktiq9js.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== Reset WMI ======================
Die folgenden Dienste h„ngen vom Dienst Windows-Verwaltungsinstrumentation ab.
Das Beenden des Dienstes Windows-Verwaltungsinstrumentation beendet auch diese Dienste.
Sicherheitscenter
IP-Hilfsdienst
Intel(R) Rapid Storage Technology
HP Power Assistant Service
Avira Service Host
Sicherheitscenter wird beendet.
Sicherheitscenter wurde erfolgreich beendet.
IP-Hilfsdienst wird beendet.
IP-Hilfsdienst wurde erfolgreich beendet.
Intel(R) Rapid Storage Technology wird beendet.
Intel(R) Rapid Storage Technology wurde erfolgreich beendet.
HP Power Assistant Service wurde erfolgreich beendet.
Avira Service Host wird beendet.
Avira Service Host wurde erfolgreich beendet.
Windows-Verwaltungsinstrumentation wird beendet.
Windows-Verwaltungsinstrumentation wurde erfolgreich beendet.
C:\Windows\system32\wbem\repository renamed to repository.old
C:\Windows\syswow64\wbem\repository renamed to repository.old
==== C:\zoek_backup content ======================
C:\zoek_backup (files=16 folders=7 5012733 bytes)
==== Empty Temp Folders ======================
C:\Users\Admin-*****\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gast\AppData\Local\Temp emptied successfully
C:\Users\Hp\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\ADMIN-~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on 11.05.2014 at 13:09:39,61 ======================
Code:
ATTFilter
LastRegBack: 2014-05-09 08:04
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2014 01
Ran by Admin-***** at 2014-05-11 13:15:37
Running from C:\Users\Admin-*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acronis*True*Image*Home (HKLM-x32\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8064 - Acronis)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{D5526B83-25C4-88A8-A984-98F871DA1415}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{f470942e-6237-4c78-ba45-7e9b17a95709}) (Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0206.1335.24298 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help English (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help French (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help German (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
ccc-utility64 (Version: 2011.0206.1335.24298 - ATI) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Embedded Security for HP ProtectTools (HKLM\...\{87821717-5688-4AE6-887A-6B11571D0CD7}) (Version: 6.0.100.2572 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Client Automation Agent Preload (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.3.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.00.888 - Hewlett-Packard Company) Hidden
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HQVid8.1 (HKLM-x32\...\HQVid8.1) (Version: 1.34.3.28 - High-QualityV9) <==== ATTENTION
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.20.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.56.1 - JMicron Technology Corp.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rane SL 4 (ver. 1.0.1f4) (HKLM\...\RaneAsioSL4_is1) (Version: - Rane Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Scratch Live 2.5.0 (11) (HKLM-x32\...\{EA21EB55-073F-4CF5-A964-0412E755955A}) (Version: 2.5.0 - Serato Inc LP)
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
==================== Restore Points =========================
11-05-2014 10:59:20 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-05-11 12:59 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1BC22A45-F2A8-4EC0-AC70-2C35A54E4CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1D4FE741-660B-4181-A426-46ED0AA15869} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {22A065E0-AF10-4381-AC16-3C282751EBDE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {28F1AAE3-F8EE-4535-A31D-AB053F5F4160} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)
Task: {351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {461B3278-D291-4145-AC48-736CBC027E5A} - \pricemetertask No Task File <==== ATTENTION
Task: {4FA62DF8-9D65-4D8E-A714-2CCE6D3F3A95} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {50CCEF51-92A2-4ADC-AEA4-5525FD59A58A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {59822E90-B4D5-4FB3-951B-F6C986C7B3B2} - System32\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => C:\Program Files\V-bates\PrefHelper.exe
Task: {5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {7882B8C7-28A6-4837-83C3-BC1F6826A8DA} - \MySearchDial No Task File <==== ATTENTION
Task: {798496F1-23F1-4B3E-9353-4B32AD0C79A8} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} - \Software Updater No Task File <==== ATTENTION
Task: {9DC2B816-2301-4175-BE94-3B85A2E8A195} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B1815EC6-14FB-4624-87D8-5A350CAA44F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-03] (Adobe Systems Incorporated)
Task: {D9C29D9B-34AF-4FE0-AB52-17B8FF42999E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E118032A-D576-4A50-A416-D76DED81F3D4} - \Software Updater Ui No Task File <==== ATTENTION
Task: {E285CBD6-5A6D-4E9B-80FE-4F161265D318} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F5154549-3FBE-40C3-A9A3-021B6EE81AEC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} - \pricemeterdownloader No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job => C:\Program Files\V-bates\PrefHelper.exe
==================== Loaded Modules (whitelisted) =============
2011-01-31 20:54 - 2011-01-31 20:54 - 00107008 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 13:04 - 2011-02-09 13:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-12-07 07:17 - 2010-12-07 07:17 - 00204112 _____ () C:\Windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\Windows\system32\LIBEAY32.dll
2011-02-09 12:28 - 2011-02-09 12:28 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2007-12-03 11:26 - 2007-12-03 11:26 - 00498792 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2011-02-09 12:51 - 2011-02-09 12:51 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-01-27 03:14 - 2011-01-27 03:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2012-05-02 15:35 - 2011-01-27 02:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00080440 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00047160 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2010-06-24 11:21 - 2010-06-24 11:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-04-24 07:20 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-02-09 12:48 - 2011-02-09 12:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 12:27 - 2011-02-09 12:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 12:51 - 2011-02-09 12:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 12:29 - 2011-02-09 12:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 12:30 - 2011-02-09 12:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2012-05-02 15:10 - 2010-02-17 20:20 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2014-04-15 19:00 - 2014-04-15 19:00 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-04-15 18:59 - 2014-04-15 18:59 - 00064592 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2007-12-03 10:58 - 2007-12-03 10:58 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2014-05-11 13:09 - 2014-04-15 18:59 - 00049744 _____ () C:\Users\Admin-*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-04-04 18:38 - 2014-04-04 18:38 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-05-02 15:08 - 2011-01-13 03:56 - 00058880 ____R () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-06-24 11:19 - 2010-06-24 11:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00C" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00A" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "006" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "001" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
System errors:
=============
Error: (05/11/2014 01:09:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2014 01:09:17 PM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 00:36:08 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2014 00:36:08 PM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Microsoft Office Sessions:
=========================
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 08168020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0138020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0108020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 00C8020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 00A8020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0068020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0018020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0816120200000000000000AF000000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 013120200000000000000AF000000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 010120200000000000000AF000000
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 4046.36 MB
Available physical RAM: 1751.31 MB
Total Pagefile: 8090.9 MB
Available Pagefile: 5327.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:115.23 GB) (Free:78.84 GB) NTFS
Drive d: (HP_TOOLS) (Fixed) (Total:9.99 GB) (Free:9.99 GB) FAT32
Drive e: (MUSIK) (Fixed) (Total:113.14 GB) (Free:2.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: B71EBFEC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=115 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=113 GB) - (Type=05)
Partition 4: (Not Active) - (Size=10 GB) - (Type=0C)
==================== End Of Log ============================
|
|
11.05.2014, 12:27
| #6 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet FRST.txt ist unvollständig, bitte nachreichen, dann kann es weitergehen.  |
|
11.05.2014, 13:54
| #7 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet Hallo Matthias, sorry da war was schiefgelaufen. Ich habe die FRST und Addition neu erstellt. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01
Ran by Admin-***** (administrator) on USER-PC on 11-05-2014 14:45:25
Running from C:\Users\Admin-*****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPUsageTrack.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-12-03] (Acronis)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-16] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622104 2007-12-03] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [911184 2007-12-03] (Acronis)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-04-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1673328631-1222144369-1283111628-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
Lsa: [Authentication Packages] msv1_0 relog_ap
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE5CDF5CA466BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.206 80.69.100.182
FireFox:
========
FF ProfilePath: C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [125008 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company)
R3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
R2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4979992 2013-11-25] (INCA Internet Co., Ltd.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498792 2007-12-03] ()
R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-02-11] (Ericsson AB)
==================== Drivers (Whitelisted) ====================
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-03-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
S3 h36wgps; C:\Windows\system32\drivers\h36wgps64.sys [101416 2010-12-02] (Ericsson AB)
R0 johci; C:\Windows\System32\drivers\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-03-28] ()
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 SL4Usb; C:\Windows\System32\Drivers\SL4Usb.sys [49144 2013-07-09] (Cristalink Ltd)
S3 SL4UsbNoSSL; C:\Windows\System32\Drivers\SL4UsbNoSSL.sys [49144 2013-07-09] (Cristalink Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
S3 strmdrvk; C:\Windows\System32\Drivers\strmdrvk.sys [35912 2011-05-30] (Rane Corporation)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
S3 SzCCID; system32\DRIVERS\SzCCID.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-11 14:45 - 2014-05-11 14:45 - 00019138 _____ () C:\Users\Admin-*****\Desktop\FRST.txt
2014-05-11 14:44 - 2014-05-09 17:26 - 02064384 _____ (Farbar) C:\Users\Admin-*****\Desktop\FRST64.exe
2014-05-11 13:14 - 2014-05-11 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 13:08 - 2014-05-11 13:08 - 53986158 _____ () C:\Windows\repository.backup
2014-05-11 13:08 - 2014-05-11 12:58 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-11 12:59 - 2014-05-11 13:09 - 00043212 _____ () C:\zoek-results.log
2014-05-11 12:58 - 2014-05-11 13:09 - 00000000 ____D () C:\zoek_backup
2014-05-11 12:27 - 2014-05-11 12:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 12:17 - 2014-05-11 12:19 - 00000000 ____D () C:\AdwCleaner
2014-05-09 18:03 - 2014-05-09 18:03 - 541496818 _____ () C:\Windows\MEMORY.DMP
2014-05-09 18:03 - 2014-05-09 18:03 - 00457144 _____ () C:\Windows\Minidump\050914-6614-01.dmp
2014-05-09 17:26 - 2014-05-11 14:45 - 00000000 ____D () C:\FRST
2014-05-09 17:23 - 2014-05-09 17:23 - 00000000 _____ () C:\Users\Admin-*****\defogger_reenable
2014-05-09 16:54 - 2014-05-09 16:54 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard_Developme
2014-05-09 07:37 - 2014-04-29 18:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-09 07:37 - 2014-04-29 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-09 07:37 - 2014-04-29 16:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-09 07:37 - 2014-04-29 16:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-09 06:59 - 2014-05-09 06:59 - 00003144 _____ () C:\Windows\System32\Tasks\{4958827E-B60F-4C00-852B-75509BCB7158}
2014-05-09 06:59 - 2014-05-09 06:59 - 00003140 _____ () C:\Windows\System32\Tasks\{B497F898-4C90-4039-9B47-4CEB2970DBA9}
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-09 06:57 - 2014-05-09 06:57 - 00003154 _____ () C:\Windows\System32\Tasks\{E34B49F4-1CA8-43F0-8875-63915DD163F4}
2014-05-09 06:52 - 2014-05-11 12:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 06:52 - 2014-05-09 06:52 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 06:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 06:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 06:51 - 2014-05-09 06:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-09 06:50 - 2014-05-09 06:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-01 11:49 - 2014-05-01 11:50 - 00000000 ____D () C:\Users\User\Desktop\Scratch Live 2.5.0
2014-04-26 17:30 - 2014-04-26 17:30 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_strmdrvk_01007.Wdf
2014-04-26 17:27 - 2014-04-26 17:27 - 00000000 ____D () C:\Program Files\Rane
2014-04-26 17:27 - 2013-07-09 12:28 - 00049144 _____ (Cristalink Ltd) C:\Windows\system32\Drivers\SL4Usb.sys
2014-04-26 17:27 - 2011-05-30 11:13 - 00611400 _____ () C:\Windows\system32\RaneAsioSL4.dll
2014-04-26 17:27 - 2011-05-30 11:12 - 00035912 _____ (Rane Corporation) C:\Windows\system32\Drivers\strmdrvk.sys
2014-04-26 17:27 - 2011-05-30 11:09 - 00540672 _____ () C:\Windows\SysWOW64\RaneAsioSL4.dll
2014-04-26 17:26 - 2013-07-09 12:28 - 00049144 _____ (Cristalink Ltd) C:\Windows\system32\Drivers\SL4UsbNoSSL.sys
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-04-25 07:29 - 2014-04-26 17:26 - 00002158 _____ () C:\Users\Admin-*****\Desktop\Scratch Live.lnk
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-04-25 07:19 - 2014-04-25 07:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-04-25 04:33 - 2014-04-25 04:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-24 07:47 - 2014-04-24 07:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-24 07:29 - 2014-04-24 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Avira
2014-04-24 07:28 - 2014-05-11 13:08 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\CrashDumps
2014-04-24 07:20 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-24 07:20 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-24 07:20 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-24 07:19 - 2014-04-24 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-24 07:19 - 2014-04-24 07:20 - 00000000 ____D () C:\ProgramData\Avira
2014-04-24 07:19 - 2014-04-24 07:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-24 07:19 - 2014-04-24 07:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-24 07:16 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-24 07:16 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-24 07:11 - 2014-04-24 07:17 - 00004128 _____ () C:\Windows\IE11_main.log
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-04-24 07:11 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-24 07:11 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-24 07:11 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-24 07:11 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-24 07:11 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-24 07:11 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-24 07:11 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-24 07:11 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-24 07:11 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-24 07:11 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-24 07:11 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-24 07:11 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-24 07:11 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-24 07:11 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-24 07:11 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-24 07:11 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-24 07:10 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-24 07:10 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-24 07:10 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-24 07:10 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-24 06:53 - 2014-05-11 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-24 06:53 - 2014-04-24 06:53 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-24 06:50 - 2014-04-24 06:50 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Macromedia
2014-04-24 06:43 - 2014-04-24 06:43 - 00000677 _____ () C:\Users\Admin-*****\Desktop\000_INSTALL - Verknüpfung.lnk
2014-04-24 06:35 - 2014-05-09 17:23 - 00000000 ____D () C:\Users\Admin-*****
2014-04-24 06:35 - 2014-04-24 06:35 - 00058408 _____ () C:\Users\Admin-*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 06:35 - 2014-04-24 06:35 - 00001425 _____ () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00000020 ___SH () C:\Users\Admin-*****\ntuser.ini
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Vorlagen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Startmenü
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Netzwerkumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Lokale Einstellungen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Eigene Dateien
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Druckumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Musik
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Bilder
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Verlauf
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Synaptics
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Intel Corporation
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Infineon
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\hpqLog
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\DigitalPersona
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Adobe
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\VirtualStore
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\PDFC
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\DigitalPersona
2014-04-24 06:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-24 06:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-22 22:53 - 2014-04-22 22:53 - 00000000 ____D () C:\Users\User\AppData\Local\Hewlett-Packard_Developme
2014-04-22 22:08 - 2014-04-25 06:08 - 00000000 ____D () C:\ProgramData\Acronis
2014-04-22 22:08 - 2014-04-22 22:08 - 00711712 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-04-22 22:08 - 2014-04-22 22:08 - 00081952 _____ (Acronis) C:\Windows\system32\Drivers\tifsfilt.sys
2014-04-22 22:08 - 2007-02-16 16:40 - 00011264 _____ (Acronis) C:\Windows\system32\relog_ap.dll
2014-04-22 22:07 - 2014-04-22 22:07 - 00593952 _____ (Acronis) C:\Windows\system32\Drivers\tdrpman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00229408 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00001099 _____ () C:\Users\Public\Desktop\Acronis*True*Image*Home 11.0.lnk
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-04-17 11:14 - 2014-04-26 15:35 - 00000000 ____D () C:\Users\User\AppData\Local\PDFC
2014-04-17 11:14 - 2014-04-17 11:14 - 00058408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 11:14 - 2014-04-17 11:14 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-17 11:14 - 2014-04-17 11:14 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Vorlagen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Startmenü
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Netzwerkumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Lokale Einstellungen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Eigene Dateien
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Druckumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Musik
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Bilder
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Verlauf
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Synaptics
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Intel Corporation
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Infineon
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\hpqLog
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DigitalPersona
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\DigitalPersona
2014-04-17 11:14 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-17 11:14 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
2014-05-11 14:45 - 2014-05-11 14:45 - 00019138 _____ () C:\Users\Admin-*****\Desktop\FRST.txt
2014-05-11 14:45 - 2014-05-09 17:26 - 00000000 ____D () C:\FRST
2014-05-11 14:44 - 2014-04-05 10:11 - 00000290 _____ () C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job
2014-05-11 14:44 - 2014-04-03 22:49 - 00733084 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 14:34 - 2014-04-03 20:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 13:52 - 2009-07-14 06:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 13:52 - 2009-07-14 06:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 13:48 - 2009-08-30 07:25 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-11 13:48 - 2009-08-30 07:25 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-11 13:48 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 13:45 - 2012-05-02 15:37 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-11 13:45 - 2012-05-02 15:37 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-05-11 13:44 - 2014-04-24 06:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 13:44 - 2014-04-04 06:58 - 00006220 _____ () C:\Windows\setupact.log
2014-05-11 13:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 13:14 - 2014-05-11 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 13:09 - 2014-05-11 12:59 - 00043212 _____ () C:\zoek-results.log
2014-05-11 13:09 - 2014-05-11 12:58 - 00000000 ____D () C:\zoek_backup
2014-05-11 13:09 - 2014-04-04 18:45 - 00422128 _____ () C:\Windows\PFRO.log
2014-05-11 13:08 - 2014-05-11 13:08 - 53986158 _____ () C:\Windows\repository.backup
2014-05-11 13:08 - 2014-04-24 07:28 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\CrashDumps
2014-05-11 12:58 - 2014-05-11 13:08 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-11 12:38 - 2014-05-09 06:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 12:27 - 2014-05-11 12:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 12:19 - 2014-05-11 12:17 - 00000000 ____D () C:\AdwCleaner
2014-05-09 18:03 - 2014-05-09 18:03 - 541496818 _____ () C:\Windows\MEMORY.DMP
2014-05-09 18:03 - 2014-05-09 18:03 - 00457144 _____ () C:\Windows\Minidump\050914-6614-01.dmp
2014-05-09 18:03 - 2012-05-02 15:07 - 00000000 ____D () C:\Windows\Minidump
2014-05-09 17:26 - 2014-05-11 14:44 - 02064384 _____ (Farbar) C:\Users\Admin-*****\Desktop\FRST64.exe
2014-05-09 17:23 - 2014-05-09 17:23 - 00000000 _____ () C:\Users\Admin-*****\defogger_reenable
2014-05-09 17:23 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****
2014-05-09 17:03 - 2014-03-31 21:20 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1
2014-05-09 16:54 - 2014-05-09 16:54 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard_Developme
2014-05-09 07:00 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 06:59 - 2014-05-09 06:59 - 00003144 _____ () C:\Windows\System32\Tasks\{4958827E-B60F-4C00-852B-75509BCB7158}
2014-05-09 06:59 - 2014-05-09 06:59 - 00003140 _____ () C:\Windows\System32\Tasks\{B497F898-4C90-4039-9B47-4CEB2970DBA9}
2014-05-09 06:59 - 2014-04-04 11:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-09 06:57 - 2014-05-09 06:57 - 00003154 _____ () C:\Windows\System32\Tasks\{E34B49F4-1CA8-43F0-8875-63915DD163F4}
2014-05-09 06:52 - 2014-05-09 06:52 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-09 06:51 - 2014-05-09 06:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-09 06:50 - 2014-05-09 06:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-01 11:50 - 2014-05-01 11:49 - 00000000 ____D () C:\Users\User\Desktop\Scratch Live 2.5.0
2014-04-29 18:00 - 2014-05-09 07:37 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 17:24 - 2014-05-09 07:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 16:47 - 2014-05-09 07:37 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 16:14 - 2014-05-09 07:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 17:30 - 2014-04-26 17:30 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_strmdrvk_01007.Wdf
2014-04-26 17:27 - 2014-04-26 17:27 - 00000000 ____D () C:\Program Files\Rane
2014-04-26 17:26 - 2014-04-25 07:29 - 00002158 _____ () C:\Users\Admin-*****\Desktop\Scratch Live.lnk
2014-04-26 15:35 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\PDFC
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-04-25 07:19 - 2014-04-25 07:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-04-25 06:08 - 2014-04-22 22:08 - 00000000 ____D () C:\ProgramData\Acronis
2014-04-25 04:33 - 2014-04-25 04:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-25 04:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-24 07:47 - 2014-04-24 07:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-24 07:29 - 2014-04-24 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Avira
2014-04-24 07:26 - 2014-03-26 21:57 - 00000000 ____D () C:\ProgramData\Norton
2014-04-24 07:20 - 2014-04-24 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-24 07:20 - 2014-04-24 07:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-24 07:20 - 2014-04-24 07:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-24 07:19 - 2014-04-24 07:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-24 07:17 - 2014-04-24 07:11 - 00004128 _____ () C:\Windows\IE11_main.log
2014-04-24 07:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-04-24 07:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-04-24 07:11 - 2012-05-02 15:02 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-24 06:54 - 2014-03-26 21:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-24 06:53 - 2014-04-24 06:53 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-24 06:50 - 2014-04-24 06:50 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Macromedia
2014-04-24 06:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-24 06:43 - 2014-04-24 06:43 - 00000677 _____ () C:\Users\Admin-*****\Desktop\000_INSTALL - Verknüpfung.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00058408 _____ () C:\Users\Admin-*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 06:35 - 2014-04-24 06:35 - 00001425 _____ () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00000020 ___SH () C:\Users\Admin-*****\ntuser.ini
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Vorlagen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Startmenü
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Netzwerkumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Lokale Einstellungen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Eigene Dateien
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Druckumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Musik
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Bilder
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Verlauf
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Synaptics
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Intel Corporation
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Infineon
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\hpqLog
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\DigitalPersona
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Adobe
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\VirtualStore
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\PDFC
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\DigitalPersona
2014-04-23 05:34 - 2014-04-10 14:14 - 00001425 _____ () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-22 22:53 - 2014-04-22 22:53 - 00000000 ____D () C:\Users\User\AppData\Local\Hewlett-Packard_Developme
2014-04-22 22:08 - 2014-04-22 22:08 - 00711712 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-04-22 22:08 - 2014-04-22 22:08 - 00081952 _____ (Acronis) C:\Windows\system32\Drivers\tifsfilt.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00593952 _____ (Acronis) C:\Windows\system32\Drivers\tdrpman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00229408 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00001099 _____ () C:\Users\Public\Desktop\Acronis*True*Image*Home 11.0.lnk
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-04-17 11:15 - 2014-03-30 16:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-17 11:14 - 2014-04-17 11:14 - 00058408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 11:14 - 2014-04-17 11:14 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-17 11:14 - 2014-04-17 11:14 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Vorlagen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Startmenü
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Netzwerkumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Lokale Einstellungen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Eigene Dateien
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Druckumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Musik
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Bilder
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Verlauf
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Synaptics
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Intel Corporation
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Infineon
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\hpqLog
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DigitalPersona
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\DigitalPersona
2014-04-17 11:14 - 2012-12-10 11:33 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-14 04:24 - 2014-04-24 07:10 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-24 07:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\Admin-*****\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 08:04
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2014 01
Ran by Admin-***** at 2014-05-11 14:45:41
Running from C:\Users\Admin-*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acronis*True*Image*Home (HKLM-x32\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8064 - Acronis)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{D5526B83-25C4-88A8-A984-98F871DA1415}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{f470942e-6237-4c78-ba45-7e9b17a95709}) (Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0206.1335.24298 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help English (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help French (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help German (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
ccc-utility64 (Version: 2011.0206.1335.24298 - ATI) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Embedded Security for HP ProtectTools (HKLM\...\{87821717-5688-4AE6-887A-6B11571D0CD7}) (Version: 6.0.100.2572 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Client Automation Agent Preload (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.3.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.00.888 - Hewlett-Packard Company) Hidden
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HQVid8.1 (HKLM-x32\...\HQVid8.1) (Version: 1.34.3.28 - High-QualityV9) <==== ATTENTION
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.20.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.56.1 - JMicron Technology Corp.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rane SL 4 (ver. 1.0.1f4) (HKLM\...\RaneAsioSL4_is1) (Version: - Rane Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Scratch Live 2.5.0 (11) (HKLM-x32\...\{EA21EB55-073F-4CF5-A964-0412E755955A}) (Version: 2.5.0 - Serato Inc LP)
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
==================== Restore Points =========================
11-05-2014 10:59:20 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-05-11 12:59 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1BC22A45-F2A8-4EC0-AC70-2C35A54E4CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1D4FE741-660B-4181-A426-46ED0AA15869} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {22A065E0-AF10-4381-AC16-3C282751EBDE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {28F1AAE3-F8EE-4535-A31D-AB053F5F4160} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)
Task: {351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {461B3278-D291-4145-AC48-736CBC027E5A} - \pricemetertask No Task File <==== ATTENTION
Task: {4FA62DF8-9D65-4D8E-A714-2CCE6D3F3A95} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {50CCEF51-92A2-4ADC-AEA4-5525FD59A58A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {59822E90-B4D5-4FB3-951B-F6C986C7B3B2} - System32\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => C:\Program Files\V-bates\PrefHelper.exe
Task: {5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {7882B8C7-28A6-4837-83C3-BC1F6826A8DA} - \MySearchDial No Task File <==== ATTENTION
Task: {798496F1-23F1-4B3E-9353-4B32AD0C79A8} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} - \Software Updater No Task File <==== ATTENTION
Task: {9DC2B816-2301-4175-BE94-3B85A2E8A195} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B1815EC6-14FB-4624-87D8-5A350CAA44F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-03] (Adobe Systems Incorporated)
Task: {D9C29D9B-34AF-4FE0-AB52-17B8FF42999E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E118032A-D576-4A50-A416-D76DED81F3D4} - \Software Updater Ui No Task File <==== ATTENTION
Task: {E285CBD6-5A6D-4E9B-80FE-4F161265D318} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F5154549-3FBE-40C3-A9A3-021B6EE81AEC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} - \pricemeterdownloader No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job => C:\Program Files\V-bates\PrefHelper.exe
==================== Loaded Modules (whitelisted) =============
2011-01-31 20:54 - 2011-01-31 20:54 - 00107008 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 13:04 - 2011-02-09 13:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-12-07 07:17 - 2010-12-07 07:17 - 00204112 _____ () C:\Windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\Windows\system32\LIBEAY32.dll
2011-02-09 12:28 - 2011-02-09 12:28 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2007-12-03 11:26 - 2007-12-03 11:26 - 00498792 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2012-05-02 15:35 - 2011-01-27 02:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-27 03:14 - 2011-01-27 03:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2011-01-27 03:10 - 2011-01-27 03:10 - 00013880 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe
2011-02-09 12:51 - 2011-02-09 12:51 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2010-06-24 11:21 - 2010-06-24 11:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-04-24 07:20 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-02-09 12:48 - 2011-02-09 12:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 12:27 - 2011-02-09 12:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 12:51 - 2011-02-09 12:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 12:29 - 2011-02-09 12:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 12:30 - 2011-02-09 12:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2012-05-02 15:10 - 2010-02-17 20:20 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2014-04-15 19:00 - 2014-04-15 19:00 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-04-15 18:59 - 2014-04-15 18:59 - 00064592 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-06-24 11:19 - 2010-06-24 11:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-04-04 18:38 - 2014-04-04 18:38 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-05-02 15:08 - 2011-01-13 03:56 - 00058880 ____R () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2007-12-03 10:58 - 2007-12-03 10:58 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2014-05-11 13:09 - 2014-04-15 18:59 - 00049744 _____ () C:\Users\Admin-*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00C" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00A" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "006" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "001" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
System errors:
=============
Error: (05/11/2014 01:44:48 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2014 01:44:48 PM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/11/2014 01:09:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2014 01:09:17 PM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 00:36:08 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Microsoft Office Sessions:
=========================
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 08168020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0138020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0108020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 00C8020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 00A8020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0068020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0018020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0816120200000000000000AF000000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 013120200000000000000AF000000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 010120200000000000000AF000000
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 4046.36 MB
Available physical RAM: 2254.5 MB
Total Pagefile: 8090.9 MB
Available Pagefile: 5798.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:115.23 GB) (Free:78.67 GB) NTFS
Drive d: (HP_TOOLS) (Fixed) (Total:9.99 GB) (Free:9.99 GB) FAT32
Drive e: (MUSIK) (Fixed) (Total:113.14 GB) (Free:2.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: B71EBFEC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=115 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=113 GB) - (Type=05)
Partition 4: (Not Active) - (Size=10 GB) - (Type=0C)
==================== End Of Log ============================
|
|
11.05.2014, 20:10
| #8 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: {351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {461B3278-D291-4145-AC48-736CBC027E5A} - \pricemetertask No Task File <==== ATTENTION
Task: {59822E90-B4D5-4FB3-951B-F6C986C7B3B2} - System32\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => C:\Program Files\V-bates\PrefHelper.exe
Task: {5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {7882B8C7-28A6-4837-83C3-BC1F6826A8DA} - \MySearchDial No Task File <==== ATTENTION
Task: {798496F1-23F1-4B3E-9353-4B32AD0C79A8} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} - \Software Updater No Task File <==== ATTENTION
Task: {E118032A-D576-4A50-A416-D76DED81F3D4} - \Software Updater Ui No Task File <==== ATTENTION
Task: {FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} - \pricemeterdownloader No Task File <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job => C:\Program Files\V-bates\PrefHelper.exe
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
14.05.2014, 06:13
| #9 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet Hallo Matthias, sorry dass es so lange gedauert hat. Hier die Logfiles. Drei verdächtige Dinge sind mir noch aufgefallen: 1.)Obwohl Avira Antivir installiert und aktualisiert ist, meldet mir das Windows Sicherheitscenter seit den letzten Schritten, es solle online nach einem Virenschutz gesucht werden. 2.) Firefox kann manchmal nicht neu gestartet werden, da noch dem Schliessen von Firefox noch Firefox-Prozesse weiterlaufen. 3.) ESET habe ich über Nacht laufen lassen. Morgens war der Rechner neu gebootet. Ist ESET komplett durchgelaufen? War der Neustart wegen einem Update? Nun zu den Logs: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2014 01
Ran by Admin-***** at 2014-05-13 19:39:20 Run:1
Running from C:\Users\Admin-*****\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: {351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {461B3278-D291-4145-AC48-736CBC027E5A} - \pricemetertask No Task File <==== ATTENTION
Task: {59822E90-B4D5-4FB3-951B-F6C986C7B3B2} - System32\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => C:\Program Files\V-bates\PrefHelper.exe
Task: {5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {7882B8C7-28A6-4837-83C3-BC1F6826A8DA} - \MySearchDial No Task File <==== ATTENTION
Task: {798496F1-23F1-4B3E-9353-4B32AD0C79A8} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} - \Software Updater No Task File <==== ATTENTION
Task: {E118032A-D576-4A50-A416-D76DED81F3D4} - \Software Updater Ui No Task File <==== ATTENTION
Task: {FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} - \pricemeterdownloader No Task File <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job => C:\Program Files\V-bates\PrefHelper.exe
end
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Freemium1ClickMaint => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{461B3278-D291-4145-AC48-736CBC027E5A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{461B3278-D291-4145-AC48-736CBC027E5A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemetertask => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59822E90-B4D5-4FB3-951B-F6C986C7B3B2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59822E90-B4D5-4FB3-951B-F6C986C7B3B2} => Key deleted successfully.
C:\Windows\System32\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterwatcher => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7882B8C7-28A6-4837-83C3-BC1F6826A8DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7882B8C7-28A6-4837-83C3-BC1F6826A8DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{798496F1-23F1-4B3E-9353-4B32AD0C79A8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{798496F1-23F1-4B3E-9353-4B32AD0C79A8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AppCloudUpdater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E118032A-D576-4A50-A416-D76DED81F3D4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E118032A-D576-4A50-A416-D76DED81F3D4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterdownloader => Key deleted successfully.
C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5adaf8bdd048584aa0ab3bcf174081eb
# engine=18249
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-13 07:46:05
# local_time=2014-05-13 09:46:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 358955 6692701 355818 0
# compatibility_mode=5893 16776573 100 94 6694 151640215 0 0
# scanned=178191
# found=5
# cleaned=0
# scan_time=1021
sh=899E491061E1CCB206825E33B5FB88FEEFC4BBDD ft=1 fh=b2989eccae0e3316 vn="Variante von Win32/VOPackage.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=AF4D935A409D77A8BBB1EEB39261043A5DC5EB2D ft=1 fh=3a4703d3780aad2d vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-bg.exe"
sh=A8B9FF7CA32721ADCBC5713986BA6F9B0F65994C ft=1 fh=cb4f981183719470 vn="Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-codedownloader.exe"
sh=FAB0D76B42D555C26B383CD0AE80D169F1C0461A ft=1 fh=5fed45c248d4392b vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber.exe"
sh=33C25EC1CB2766E31D1DD191F5E4DAE42F3127D3 ft=1 fh=653a61e4e3d0f8f7 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber_mp3_plugin.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5adaf8bdd048584aa0ab3bcf174081eb
# engine=18249
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-13 09:37:40
# local_time=2014-05-13 11:37:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 365650 6699396 362513 0
# compatibility_mode=5893 16776573 100 94 13389 151646910 0 0
# scanned=178191
# found=7
# cleaned=0
# scan_time=6581
sh=899E491061E1CCB206825E33B5FB88FEEFC4BBDD ft=1 fh=b2989eccae0e3316 vn="Variante von Win32/VOPackage.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=9A2F4FB4725ABE42A650A6EDE1F111A86F5FC167 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\53172.crx"
sh=C402C2CF6A893EFB1FA4DA4AB15F5B821D0306CB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\53172.xpi"
sh=AF4D935A409D77A8BBB1EEB39261043A5DC5EB2D ft=1 fh=3a4703d3780aad2d vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-bg.exe"
sh=A8B9FF7CA32721ADCBC5713986BA6F9B0F65994C ft=1 fh=cb4f981183719470 vn="Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-codedownloader.exe"
sh=FAB0D76B42D555C26B383CD0AE80D169F1C0461A ft=1 fh=5fed45c248d4392b vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber.exe"
sh=33C25EC1CB2766E31D1DD191F5E4DAE42F3127D3 ft=1 fh=653a61e4e3d0f8f7 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber_mp3_plugin.exe"
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 06:51 on 14/05/2014 by Admin-*****
Administrator - Elevation successful
========== regfind ==========
Searching for "HQVid8.1"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\HQVid8.1]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}]
"AppName"="HQVid8.1-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}]
"AppPath"="C:\Program Files (x86)\HQVid8.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}]
"AppName"="HQVid8.1-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}]
"AppPath"="C:\Program Files (x86)\HQVid8.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\HQVid8.1\Uninstall.exe"="VISTARTM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HQVid8.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}]
"AppName"="HQVid8.1-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}]
"AppPath"="C:\Program Files (x86)\HQVid8.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}]
"AppName"="HQVid8.1-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}]
"AppPath"="C:\Program Files (x86)\HQVid8.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1]
"DisplayName"="HQVid8.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1]
"DisplayIcon"="C:\Program Files (x86)\HQVid8.1\utils.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1]
"UninstallString"="C:\Program Files (x86)\HQVid8.1\Uninstall.exe /fromcontrolpanel=1"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HQVid8.1]
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1]
[HKEY_USERS\S-1-5-21-1673328631-1222144369-1283111628-1006\Software\AppDataLow\Software\HQVid8.1]
[HKEY_USERS\S-1-5-21-1673328631-1222144369-1283111628-1006\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1]
[HKEY_USERS\S-1-5-21-1673328631-1222144369-1283111628-1006_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HQVid8.1]
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1]
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput xmlns="schemas-hp-com.casl">
<Output>
<Data>
<Capabilities>
<NumberOfPowerSources>4</NumberOfPowerSources>
<GlobalFeatures>
<WWANAntenna>true</WWANAntenna>
<GPSIncluded>true</GPSIncluded>
</GlobalFeatures>
</Capabilities>
<Devices>
<Device>
<TechnologyType>Bluetooth</TechnologyType>
<BusType>USB</BusType>
<VendorID>03F0</VendorID>
<DeviceID>231D</DeviceID>
<SubVendorID>0000</SubVendorID>
<SubSystemID>0000</SubSystemID>
<PowerSource>1</PowerSource>
<CurrentState>off</CurrentState>
<LastRequestedState>
<WMI Changed="false">on</WMI>
<F10 Changed="false">on</F10>
<HardwareButton Changed="true">on</Ha
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged.2.0"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput2 xmlns="schemas-hp-com.casl">
<Output>
<Data>
<Capabilities>
<NumberOfPowerSources>4</NumberOfPowerSources>
<GlobalFeatures>
<WWANAntenna>true</WWANAntenna>
<GPSIncluded>true</GPSIncluded>
</GlobalFeatures>
</Capabilities>
<Devices>
<Device>
<TechnologyType>Bluetooth</TechnologyType>
<BusType>USB</BusType>
<VendorID>03F0</VendorID>
<DeviceID>231D</DeviceID>
<SubVendorID>0000</SubVendorID>
<SubSystemID>0000</SubSystemID>
<PowerSource>1</PowerSource>
<CurrentState>off</CurrentState>
<LastRequestedState>
<WMI>on</WMI>
<F10>on</F10>
<HardwareButton>off</HardwareButton>
</LastRequestedS
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput xmlns="schemas-hp-com.casl">
<Output>
<Data>
<Capabilities>
<NumberOfPowerSources>4</NumberOfPowerSources>
<GlobalFeatures>
<WWANAntenna>true</WWANAntenna>
<GPSIncluded>true</GPSIncluded>
</GlobalFeatures>
</Capabilities>
<Devices>
<Device>
<TechnologyType>Bluetooth</TechnologyType>
<BusType>USB</BusType>
<VendorID>03F0</VendorID>
<DeviceID>231D</DeviceID>
<SubVendorID>0000</SubVendorID>
<SubSystemID>0000</SubSystemID>
<PowerSource>1</PowerSource>
<CurrentState>off</CurrentState>
<LastRequestedState>
<WMI Changed="false">on</WMI>
<F10 Changed="false">on</F10>
<HardwareButton Changed="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged.2.0"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput2 xmlns="schemas-hp-com.casl">
<Output>
<Data>
<Capabilities>
<NumberOfPowerSources>4</NumberOfPowerSources>
<GlobalFeatures>
<WWANAntenna>true</WWANAntenna>
<GPSIncluded>true</GPSIncluded>
</GlobalFeatures>
</Capabilities>
<Devices>
<Device>
<TechnologyType>Bluetooth</TechnologyType>
<BusType>USB</BusType>
<VendorID>03F0</VendorID>
<DeviceID>231D</DeviceID>
<SubVendorID>0000</SubVendorID>
<SubSystemID>0000</SubSystemID>
<PowerSource>1</PowerSource>
<CurrentState>off</CurrentState>
<LastRequestedState>
<WMI>on</WMI>
<F10>on</F10>
<HardwareButton>off</HardwareButton>
</La
-= EOF =-
Code:
ATTFilter Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
14.05.2014, 19:34
| #10 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
C:\Program Files (x86)\HQVid8.1
Reg: reg delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\HQVid8.1" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HQVid8.1" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1" /f
Reg: reg delete "HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HQVid8.1" /f
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Starte deinen Rejchner neu auf. Schritt 2
Bitte poste mit deiner nächsten Antwort
|
|
14.05.2014, 20:05
| #11 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet Hallo Matthias, hier die neuen Logfiles: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2014 01
Ran by Admin-***** at 2014-05-14 20:51:42 Run:2
Running from C:\Users\Admin-*****\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Program Files (x86)\HQVid8.1
Reg: reg delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\HQVid8.1" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HQVid8.1" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1" /f
Reg: reg delete "HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HQVid8.1" /f
end
*****************
C:\Program Files (x86)\HQVid8.1 => Moved successfully.
========= reg delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\HQVid8.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HQVid8.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HQVid8.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by Admin-***** (administrator) on USER-PC on 14-05-2014 20:58:39
Running from C:\Users\Admin-*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-12-03] (Acronis)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-16] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622104 2007-12-03] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [911184 2007-12-03] (Acronis)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1673328631-1222144369-1283111628-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
Lsa: [Authentication Packages] msv1_0 relog_ap
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE5CDF5CA466BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.206 80.69.100.182
FireFox:
========
FF ProfilePath: C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company)
R3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
R2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4979992 2013-11-25] (INCA Internet Co., Ltd.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498792 2007-12-03] ()
R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-02-11] (Ericsson AB)
==================== Drivers (Whitelisted) ====================
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-03-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
S3 h36wgps; C:\Windows\system32\drivers\h36wgps64.sys [101416 2010-12-02] (Ericsson AB)
R0 johci; C:\Windows\System32\drivers\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-03-28] ()
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SL4Usb; C:\Windows\System32\Drivers\SL4Usb.sys [49144 2013-07-09] (Cristalink Ltd)
S3 SL4UsbNoSSL; C:\Windows\System32\Drivers\SL4UsbNoSSL.sys [49144 2013-07-09] (Cristalink Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
S3 strmdrvk; C:\Windows\System32\Drivers\strmdrvk.sys [35912 2011-05-30] (Rane Corporation)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
S3 SzCCID; system32\DRIVERS\SzCCID.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-14 20:58 - 2014-05-14 20:58 - 00018302 _____ () C:\Users\Admin-*****\Desktop\FRST.txt
2014-05-14 20:57 - 2014-05-14 20:58 - 00000000 ____D () C:\Users\Admin-*****\Desktop\FRST-OlderVersion
2014-05-14 20:48 - 2014-05-14 20:58 - 02066944 _____ (Farbar) C:\Users\Admin-*****\Desktop\FRST64.exe
2014-05-13 19:47 - 2014-05-13 19:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-13 19:47 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-13 19:47 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-13 19:47 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-13 19:47 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-13 19:47 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-13 19:47 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-13 19:47 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-13 19:47 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-13 19:47 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-13 19:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-13 19:47 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-13 19:47 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 19:47 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 19:47 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-13 19:47 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-13 19:47 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-13 19:47 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-13 19:47 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-13 19:47 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-13 19:47 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-13 19:47 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-13 19:47 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-13 19:47 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-13 19:47 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-13 19:47 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-13 19:47 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-13 19:47 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-13 19:47 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-13 19:47 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 19:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-13 19:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-13 19:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-13 19:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-13 19:47 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 19:46 - 2014-05-13 19:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-11 13:14 - 2014-05-11 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 13:08 - 2014-05-11 13:08 - 53986158 _____ () C:\Windows\repository.backup
2014-05-11 13:08 - 2014-05-11 12:58 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-11 12:59 - 2014-05-11 13:09 - 00043212 _____ () C:\zoek-results.log
2014-05-11 12:58 - 2014-05-11 13:09 - 00000000 ____D () C:\zoek_backup
2014-05-11 12:27 - 2014-05-11 12:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 12:17 - 2014-05-11 12:19 - 00000000 ____D () C:\AdwCleaner
2014-05-09 18:03 - 2014-05-09 18:03 - 541496818 _____ () C:\Windows\MEMORY.DMP
2014-05-09 18:03 - 2014-05-09 18:03 - 00457144 _____ () C:\Windows\Minidump\050914-6614-01.dmp
2014-05-09 17:26 - 2014-05-14 20:58 - 00000000 ____D () C:\FRST
2014-05-09 17:23 - 2014-05-09 17:23 - 00000000 _____ () C:\Users\Admin-*****\defogger_reenable
2014-05-09 16:54 - 2014-05-09 16:54 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard_Developme
2014-05-09 07:37 - 2014-04-29 18:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-09 07:37 - 2014-04-29 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-09 07:37 - 2014-04-29 16:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-09 07:37 - 2014-04-29 16:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-09 06:59 - 2014-05-09 06:59 - 00003144 _____ () C:\Windows\System32\Tasks\{4958827E-B60F-4C00-852B-75509BCB7158}
2014-05-09 06:59 - 2014-05-09 06:59 - 00003140 _____ () C:\Windows\System32\Tasks\{B497F898-4C90-4039-9B47-4CEB2970DBA9}
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-09 06:57 - 2014-05-09 06:57 - 00003154 _____ () C:\Windows\System32\Tasks\{E34B49F4-1CA8-43F0-8875-63915DD163F4}
2014-05-09 06:52 - 2014-05-14 19:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 06:52 - 2014-05-09 06:52 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 06:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 06:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 06:51 - 2014-05-09 06:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-09 06:50 - 2014-05-09 06:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-01 11:49 - 2014-05-01 11:50 - 00000000 ____D () C:\Users\User\Desktop\Scratch Live 2.5.0
2014-04-26 17:30 - 2014-04-26 17:30 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_strmdrvk_01007.Wdf
2014-04-26 17:27 - 2014-04-26 17:27 - 00000000 ____D () C:\Program Files\Rane
2014-04-26 17:27 - 2013-07-09 12:28 - 00049144 _____ (Cristalink Ltd) C:\Windows\system32\Drivers\SL4Usb.sys
2014-04-26 17:27 - 2011-05-30 11:13 - 00611400 _____ () C:\Windows\system32\RaneAsioSL4.dll
2014-04-26 17:27 - 2011-05-30 11:12 - 00035912 _____ (Rane Corporation) C:\Windows\system32\Drivers\strmdrvk.sys
2014-04-26 17:27 - 2011-05-30 11:09 - 00540672 _____ () C:\Windows\SysWOW64\RaneAsioSL4.dll
2014-04-26 17:26 - 2013-07-09 12:28 - 00049144 _____ (Cristalink Ltd) C:\Windows\system32\Drivers\SL4UsbNoSSL.sys
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-04-25 07:29 - 2014-04-26 17:26 - 00002158 _____ () C:\Users\Admin-*****\Desktop\Scratch Live.lnk
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-04-25 07:19 - 2014-04-25 07:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-04-25 04:33 - 2014-04-25 04:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-24 07:47 - 2014-04-24 07:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-24 07:29 - 2014-04-24 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Avira
2014-04-24 07:28 - 2014-05-11 13:08 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\CrashDumps
2014-04-24 07:20 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-24 07:20 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-24 07:20 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-24 07:19 - 2014-05-13 19:47 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-24 07:19 - 2014-05-13 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-24 07:19 - 2014-05-13 19:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-24 07:19 - 2014-04-24 07:20 - 00000000 ____D () C:\ProgramData\Avira
2014-04-24 07:16 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-24 07:16 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-24 07:11 - 2014-05-14 03:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-24 07:11 - 2014-04-24 07:17 - 00004128 _____ () C:\Windows\IE11_main.log
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-04-24 07:11 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-24 07:11 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-24 07:11 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-24 07:11 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-24 07:11 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-24 07:11 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-24 07:11 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-24 07:11 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-24 07:11 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-24 07:11 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-24 07:11 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-24 07:11 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-24 07:11 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-24 07:11 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-24 07:11 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-24 07:11 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-24 07:10 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-24 07:10 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-24 06:53 - 2014-05-11 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-24 06:53 - 2014-04-24 06:53 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-24 06:50 - 2014-04-24 06:50 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Macromedia
2014-04-24 06:43 - 2014-04-24 06:43 - 00000677 _____ () C:\Users\Admin-*****\Desktop\000_INSTALL - Verknüpfung.lnk
2014-04-24 06:35 - 2014-05-14 06:04 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 06:35 - 2014-05-14 06:04 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 06:35 - 2014-05-09 17:23 - 00000000 ____D () C:\Users\Admin-*****
2014-04-24 06:35 - 2014-04-24 06:35 - 00058408 _____ () C:\Users\Admin-*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 06:35 - 2014-04-24 06:35 - 00001425 _____ () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00000020 ___SH () C:\Users\Admin-*****\ntuser.ini
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Vorlagen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Startmenü
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Netzwerkumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Lokale Einstellungen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Eigene Dateien
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Druckumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Musik
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Bilder
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Verlauf
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Synaptics
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Intel Corporation
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Infineon
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\hpqLog
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\DigitalPersona
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Adobe
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\VirtualStore
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\PDFC
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\DigitalPersona
2014-04-24 06:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-24 06:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-22 22:53 - 2014-04-22 22:53 - 00000000 ____D () C:\Users\User\AppData\Local\Hewlett-Packard_Developme
2014-04-22 22:08 - 2014-04-25 06:08 - 00000000 ____D () C:\ProgramData\Acronis
2014-04-22 22:08 - 2014-04-22 22:08 - 00711712 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-04-22 22:08 - 2014-04-22 22:08 - 00081952 _____ (Acronis) C:\Windows\system32\Drivers\tifsfilt.sys
2014-04-22 22:08 - 2007-02-16 16:40 - 00011264 _____ (Acronis) C:\Windows\system32\relog_ap.dll
2014-04-22 22:07 - 2014-04-22 22:07 - 00593952 _____ (Acronis) C:\Windows\system32\Drivers\tdrpman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00229408 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00001099 _____ () C:\Users\Public\Desktop\Acronis*True*Image*Home 11.0.lnk
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-04-17 11:14 - 2014-05-14 19:55 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 11:14 - 2014-05-14 19:55 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 11:14 - 2014-04-26 15:35 - 00000000 ____D () C:\Users\User\AppData\Local\PDFC
2014-04-17 11:14 - 2014-04-17 11:14 - 00058408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 11:14 - 2014-04-17 11:14 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-17 11:14 - 2014-04-17 11:14 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Vorlagen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Startmenü
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Netzwerkumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Lokale Einstellungen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Eigene Dateien
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Druckumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Musik
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Bilder
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Verlauf
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Synaptics
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Intel Corporation
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Infineon
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\hpqLog
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DigitalPersona
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\DigitalPersona
2014-04-17 11:14 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-17 11:14 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
2014-05-14 20:58 - 2014-05-14 20:58 - 00018302 _____ () C:\Users\Admin-*****\Desktop\FRST.txt
2014-05-14 20:58 - 2014-05-14 20:57 - 00000000 ____D () C:\Users\Admin-*****\Desktop\FRST-OlderVersion
2014-05-14 20:58 - 2014-05-14 20:48 - 02066944 _____ (Farbar) C:\Users\Admin-*****\Desktop\FRST64.exe
2014-05-14 20:58 - 2014-05-09 17:26 - 00000000 ____D () C:\FRST
2014-05-14 20:56 - 2012-05-02 15:37 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-14 20:56 - 2012-05-02 15:37 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-05-14 20:55 - 2014-04-04 06:58 - 00007295 _____ () C:\Windows\setupact.log
2014-05-14 20:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-14 20:53 - 2014-04-03 22:49 - 00878998 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 20:34 - 2014-04-03 20:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-14 20:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 19:55 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 19:55 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 19:45 - 2014-05-09 06:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 19:31 - 2009-07-14 06:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-14 19:31 - 2009-07-14 06:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-14 19:28 - 2009-08-30 07:25 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-14 19:28 - 2009-08-30 07:25 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-14 19:28 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-14 06:04 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 06:04 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 03:17 - 2014-04-24 07:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 03:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 03:01 - 2014-03-30 16:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 03:00 - 2012-12-10 11:33 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 19:47 - 2014-05-13 19:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-13 19:47 - 2014-04-24 07:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-13 19:47 - 2014-04-24 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-13 19:47 - 2014-04-24 07:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-13 19:46 - 2014-05-13 19:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-13 19:42 - 2014-03-28 23:00 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 19:39 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-11 13:44 - 2014-04-24 06:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 13:14 - 2014-05-11 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 13:09 - 2014-05-11 12:59 - 00043212 _____ () C:\zoek-results.log
2014-05-11 13:09 - 2014-05-11 12:58 - 00000000 ____D () C:\zoek_backup
2014-05-11 13:09 - 2014-04-04 18:45 - 00422128 _____ () C:\Windows\PFRO.log
2014-05-11 13:08 - 2014-05-11 13:08 - 53986158 _____ () C:\Windows\repository.backup
2014-05-11 13:08 - 2014-04-24 07:28 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\CrashDumps
2014-05-11 12:58 - 2014-05-11 13:08 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-11 12:27 - 2014-05-11 12:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 12:19 - 2014-05-11 12:17 - 00000000 ____D () C:\AdwCleaner
2014-05-09 18:03 - 2014-05-09 18:03 - 541496818 _____ () C:\Windows\MEMORY.DMP
2014-05-09 18:03 - 2014-05-09 18:03 - 00457144 _____ () C:\Windows\Minidump\050914-6614-01.dmp
2014-05-09 18:03 - 2012-05-02 15:07 - 00000000 ____D () C:\Windows\Minidump
2014-05-09 17:23 - 2014-05-09 17:23 - 00000000 _____ () C:\Users\Admin-*****\defogger_reenable
2014-05-09 17:23 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****
2014-05-09 16:54 - 2014-05-09 16:54 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard_Developme
2014-05-09 08:14 - 2014-05-13 19:47 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-13 19:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-09 07:00 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 06:59 - 2014-05-09 06:59 - 00003144 _____ () C:\Windows\System32\Tasks\{4958827E-B60F-4C00-852B-75509BCB7158}
2014-05-09 06:59 - 2014-05-09 06:59 - 00003140 _____ () C:\Windows\System32\Tasks\{B497F898-4C90-4039-9B47-4CEB2970DBA9}
2014-05-09 06:59 - 2014-04-04 11:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-09 06:57 - 2014-05-09 06:57 - 00003154 _____ () C:\Windows\System32\Tasks\{E34B49F4-1CA8-43F0-8875-63915DD163F4}
2014-05-09 06:52 - 2014-05-09 06:52 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-09 06:51 - 2014-05-09 06:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-09 06:50 - 2014-05-09 06:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-01 11:50 - 2014-05-01 11:49 - 00000000 ____D () C:\Users\User\Desktop\Scratch Live 2.5.0
2014-04-29 18:00 - 2014-05-09 07:37 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 17:24 - 2014-05-09 07:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 16:47 - 2014-05-09 07:37 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 16:14 - 2014-05-09 07:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 17:30 - 2014-04-26 17:30 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_strmdrvk_01007.Wdf
2014-04-26 17:27 - 2014-04-26 17:27 - 00000000 ____D () C:\Program Files\Rane
2014-04-26 17:26 - 2014-04-25 07:29 - 00002158 _____ () C:\Users\Admin-*****\Desktop\Scratch Live.lnk
2014-04-26 15:35 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\PDFC
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-04-25 07:19 - 2014-04-25 07:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-04-25 06:08 - 2014-04-22 22:08 - 00000000 ____D () C:\ProgramData\Acronis
2014-04-25 04:33 - 2014-04-25 04:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-24 07:47 - 2014-04-24 07:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-24 07:29 - 2014-04-24 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Avira
2014-04-24 07:26 - 2014-03-26 21:57 - 00000000 ____D () C:\ProgramData\Norton
2014-04-24 07:20 - 2014-04-24 07:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-24 07:17 - 2014-04-24 07:11 - 00004128 _____ () C:\Windows\IE11_main.log
2014-04-24 07:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-04-24 07:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-04-24 07:11 - 2012-05-02 15:02 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-24 06:54 - 2014-03-26 21:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-24 06:53 - 2014-04-24 06:53 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-24 06:50 - 2014-04-24 06:50 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Macromedia
2014-04-24 06:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-24 06:43 - 2014-04-24 06:43 - 00000677 _____ () C:\Users\Admin-*****\Desktop\000_INSTALL - Verknüpfung.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00058408 _____ () C:\Users\Admin-*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 06:35 - 2014-04-24 06:35 - 00001425 _____ () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00000020 ___SH () C:\Users\Admin-*****\ntuser.ini
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Vorlagen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Startmenü
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Netzwerkumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Lokale Einstellungen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Eigene Dateien
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Druckumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Musik
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Bilder
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Verlauf
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Synaptics
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Intel Corporation
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Infineon
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\hpqLog
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\DigitalPersona
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Adobe
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\VirtualStore
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\PDFC
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\DigitalPersona
2014-04-23 05:34 - 2014-04-10 14:14 - 00001425 _____ () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-22 22:53 - 2014-04-22 22:53 - 00000000 ____D () C:\Users\User\AppData\Local\Hewlett-Packard_Developme
2014-04-22 22:08 - 2014-04-22 22:08 - 00711712 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-04-22 22:08 - 2014-04-22 22:08 - 00081952 _____ (Acronis) C:\Windows\system32\Drivers\tifsfilt.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00593952 _____ (Acronis) C:\Windows\system32\Drivers\tdrpman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00229408 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00001099 _____ () C:\Users\Public\Desktop\Acronis*True*Image*Home 11.0.lnk
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-04-17 11:14 - 2014-04-17 11:14 - 00058408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 11:14 - 2014-04-17 11:14 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-17 11:14 - 2014-04-17 11:14 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Vorlagen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Startmenü
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Netzwerkumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Lokale Einstellungen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Eigene Dateien
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Druckumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Musik
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Bilder
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Verlauf
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Synaptics
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Intel Corporation
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Infineon
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\hpqLog
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DigitalPersona
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\DigitalPersona
Some content of TEMP:
====================
C:\Users\Admin-*****\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-13 19:47] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 08:04
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2014
Ran by Admin-***** at 2014-05-14 20:59:05
Running from C:\Users\Admin-*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acronis*True*Image*Home (HKLM-x32\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8064 - Acronis)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{D5526B83-25C4-88A8-A984-98F871DA1415}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{f470942e-6237-4c78-ba45-7e9b17a95709}) (Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0206.1335.24298 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help English (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help French (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help German (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
ccc-utility64 (Version: 2011.0206.1335.24298 - ATI) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Embedded Security for HP ProtectTools (HKLM\...\{87821717-5688-4AE6-887A-6B11571D0CD7}) (Version: 6.0.100.2572 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Client Automation Agent Preload (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.3.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.00.888 - Hewlett-Packard Company) Hidden
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.20.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.56.1 - JMicron Technology Corp.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rane SL 4 (ver. 1.0.1f4) (HKLM\...\RaneAsioSL4_is1) (Version: - Rane Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Scratch Live 2.5.0 (11) (HKLM-x32\...\{EA21EB55-073F-4CF5-A964-0412E755955A}) (Version: 2.5.0 - Serato Inc LP)
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
==================== Restore Points =========================
11-05-2014 10:59:20 zoek.exe restore point
13-05-2014 17:46:06 Windows Update
14-05-2014 01:00:11 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-05-11 12:59 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1BC22A45-F2A8-4EC0-AC70-2C35A54E4CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1D4FE741-660B-4181-A426-46ED0AA15869} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {22A065E0-AF10-4381-AC16-3C282751EBDE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {28F1AAE3-F8EE-4535-A31D-AB053F5F4160} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)
Task: {4FA62DF8-9D65-4D8E-A714-2CCE6D3F3A95} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {50CCEF51-92A2-4ADC-AEA4-5525FD59A58A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {9DC2B816-2301-4175-BE94-3B85A2E8A195} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B1815EC6-14FB-4624-87D8-5A350CAA44F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-03] (Adobe Systems Incorporated)
Task: {D9C29D9B-34AF-4FE0-AB52-17B8FF42999E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E285CBD6-5A6D-4E9B-80FE-4F161265D318} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F5154549-3FBE-40C3-A9A3-021B6EE81AEC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-01-31 20:54 - 2011-01-31 20:54 - 00107008 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 13:04 - 2011-02-09 13:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-12-07 07:17 - 2010-12-07 07:17 - 00204112 _____ () C:\Windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\Windows\system32\LIBEAY32.dll
2011-02-09 12:28 - 2011-02-09 12:28 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2007-12-03 11:26 - 2007-12-03 11:26 - 00498792 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2011-02-09 12:51 - 2011-02-09 12:51 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-01-27 03:14 - 2011-01-27 03:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2012-05-02 15:35 - 2011-01-27 02:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00080440 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00047160 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2010-06-24 11:21 - 2010-06-24 11:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-04-24 07:20 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-02-09 12:48 - 2011-02-09 12:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 12:27 - 2011-02-09 12:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 12:51 - 2011-02-09 12:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 12:29 - 2011-02-09 12:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 12:30 - 2011-02-09 12:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2012-05-02 15:10 - 2010-02-17 20:20 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2007-12-03 10:58 - 2007-12-03 10:58 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2014-05-11 13:09 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Admin-*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-04-04 18:38 - 2014-04-04 18:38 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-05-02 15:08 - 2011-01-13 03:56 - 00058880 ____R () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-06-24 11:19 - 2010-06-24 11:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Broadcom 2070 Bluetooth
Description: Broadcom 2070 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/14/2014 08:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lpksetup.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1f7
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000002a84e
ID des fehlerhaften Prozesses: 0x1080
Startzeit der fehlerhaften Anwendung: 0xlpksetup.exe0
Pfad der fehlerhaften Anwendung: lpksetup.exe1
Pfad des fehlerhaften Moduls: lpksetup.exe2
Berichtskennung: lpksetup.exe3
Error: (05/14/2014 08:20:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lpksetup.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1f7
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000002a84e
ID des fehlerhaften Prozesses: 0x1a0c
Startzeit der fehlerhaften Anwendung: 0xlpksetup.exe0
Pfad der fehlerhaften Anwendung: lpksetup.exe1
Pfad des fehlerhaften Moduls: lpksetup.exe2
Berichtskennung: lpksetup.exe3
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00C" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00A" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "006" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "001" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
System errors:
=============
Error: (05/14/2014 08:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/14/2014 08:55:55 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/14/2014 07:24:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/14/2014 07:24:04 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/14/2014 06:50:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/14/2014 06:50:41 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/14/2014 03:18:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/14/2014 03:18:04 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/13/2014 07:42:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/13/2014 07:42:06 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.
Microsoft Office Sessions:
=========================
Error: (05/14/2014 08:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lpksetup.exe6.1.7601.175144ce7a1f7msvcrt.dll7.0.7601.177444eeb033f40000015000000000002a84e108001cf6fa62ee224f1C:\Windows\system32\lpksetup.exeC:\Windows\system32\msvcrt.dll6e613d87-db99-11e3-a76d-2c41380543c6
Error: (05/14/2014 08:20:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lpksetup.exe6.1.7601.175144ce7a1f7msvcrt.dll7.0.7601.177444eeb033f40000015000000000002a84e1a0c01cf6fa123bf7903C:\Windows\system32\lpksetup.exeC:\Windows\system32\msvcrt.dll63246276-db94-11e3-aa71-2c41380543c6
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: 08168020000002D010000
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: 0138020000002D010000
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: 0108020000002D010000
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: 00C8020000002D010000
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: 00A8020000002D010000
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: 0068020000002D010000
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: 0018020000002D010000
Error: (05/14/2014 07:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT-AUTORITÄT)
Description: 0816120200000000000000AF000000
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 4046.36 MB
Available physical RAM: 1998.91 MB
Total Pagefile: 8090.9 MB
Available Pagefile: 5527.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:115.23 GB) (Free:77.15 GB) NTFS
Drive d: (HP_TOOLS) (Fixed) (Total:9.99 GB) (Free:9.99 GB) FAT32
Drive e: (MUSIK) (Fixed) (Total:113.14 GB) (Free:2.07 GB) NTFS
Drive i: (PHONE CARD) (Removable) (Total:1.86 GB) (Free:1.74 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: B71EBFEC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=115 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=113 GB) - (Type=05)
Partition 4: (Not Active) - (Size=10 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
15.05.2014, 16:00
| #12 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet Wir kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 ESET Online Scanner
Schritt 2 Downloade Dir bitte SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
16.05.2014, 06:13
| #13 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet Hallo Matthias, Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5adaf8bdd048584aa0ab3bcf174081eb
# engine=18249
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-13 07:46:05
# local_time=2014-05-13 09:46:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 358955 6692701 355818 0
# compatibility_mode=5893 16776573 100 94 6694 151640215 0 0
# scanned=178191
# found=5
# cleaned=0
# scan_time=1021
sh=899E491061E1CCB206825E33B5FB88FEEFC4BBDD ft=1 fh=b2989eccae0e3316 vn="Variante von Win32/VOPackage.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=AF4D935A409D77A8BBB1EEB39261043A5DC5EB2D ft=1 fh=3a4703d3780aad2d vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-bg.exe"
sh=A8B9FF7CA32721ADCBC5713986BA6F9B0F65994C ft=1 fh=cb4f981183719470 vn="Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-codedownloader.exe"
sh=FAB0D76B42D555C26B383CD0AE80D169F1C0461A ft=1 fh=5fed45c248d4392b vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber.exe"
sh=33C25EC1CB2766E31D1DD191F5E4DAE42F3127D3 ft=1 fh=653a61e4e3d0f8f7 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber_mp3_plugin.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5adaf8bdd048584aa0ab3bcf174081eb
# engine=18249
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-13 09:37:40
# local_time=2014-05-13 11:37:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 365650 6699396 362513 0
# compatibility_mode=5893 16776573 100 94 13389 151646910 0 0
# scanned=178191
# found=7
# cleaned=0
# scan_time=6581
sh=899E491061E1CCB206825E33B5FB88FEEFC4BBDD ft=1 fh=b2989eccae0e3316 vn="Variante von Win32/VOPackage.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=9A2F4FB4725ABE42A650A6EDE1F111A86F5FC167 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\53172.crx"
sh=C402C2CF6A893EFB1FA4DA4AB15F5B821D0306CB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\53172.xpi"
sh=AF4D935A409D77A8BBB1EEB39261043A5DC5EB2D ft=1 fh=3a4703d3780aad2d vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-bg.exe"
sh=A8B9FF7CA32721ADCBC5713986BA6F9B0F65994C ft=1 fh=cb4f981183719470 vn="Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-codedownloader.exe"
sh=FAB0D76B42D555C26B383CD0AE80D169F1C0461A ft=1 fh=5fed45c248d4392b vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber.exe"
sh=33C25EC1CB2766E31D1DD191F5E4DAE42F3127D3 ft=1 fh=653a61e4e3d0f8f7 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber_mp3_plugin.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5adaf8bdd048584aa0ab3bcf174081eb
# engine=18279
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-15 07:47:13
# local_time=2014-05-15 09:47:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 0 6865569 87465 0
# compatibility_mode=5893 16776573 100 94 145634 151813083 0 0
# scanned=178223
# found=7
# cleaned=0
# scan_time=1620
sh=899E491061E1CCB206825E33B5FB88FEEFC4BBDD ft=1 fh=b2989eccae0e3316 vn="Variante von Win32/VOPackage.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=9A2F4FB4725ABE42A650A6EDE1F111A86F5FC167 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HQVid8.1\53172.crx"
sh=C402C2CF6A893EFB1FA4DA4AB15F5B821D0306CB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HQVid8.1\53172.xpi"
sh=AF4D935A409D77A8BBB1EEB39261043A5DC5EB2D ft=1 fh=3a4703d3780aad2d vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HQVid8.1\HQVid8.1-bg.exe"
sh=A8B9FF7CA32721ADCBC5713986BA6F9B0F65994C ft=1 fh=cb4f981183719470 vn="Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HQVid8.1\HQVid8.1-codedownloader.exe"
sh=FAB0D76B42D555C26B383CD0AE80D169F1C0461A ft=1 fh=5fed45c248d4392b vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber.exe"
sh=33C25EC1CB2766E31D1DD191F5E4DAE42F3127D3 ft=1 fh=653a61e4e3d0f8f7 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber_mp3_plugin.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
16.05.2014, 14:43
| #14 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Die Reihenfolge ist hier entscheidend.
Schritt 2 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
18.05.2014, 19:18
| #15 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet Hallo Matthias, Schritt 1 habe ich soweit ausgeführt, die anderen Themen werde ich in Zukunft beachten. Folgende Probleme habe ich immer noch: 1.) Nachdem Schliessen von Firefox bekomme ich beim nächsten Start folgende Fehlermeldung "Firefox wird bereits ausgeführt, reagiert aber nicht. Um ein neues Fenster öffnen zu können, müssen Sie zuerst den bestehenden Firefox-Prozess beenden oder Ihren Computer neu starten." 2.) Avira Antivir ist auf dem Rechner installiert, uptodate und aktiviert. Im Windows Wartungscenter bekomme ich trotz allem folgende Meldung: "Es wurde keine Antivirensoftware auf dem Rechner gefunden. Programm online suchen" Wird Avira seitens Microsoft nicht unterstützt oder liegt hier ein anderer Fehler vor? Welches Antivirenprogramm empfehlt ihr seitens Trojanerboard? Gruss, Bruno |
|
Linear-Darstellung
