| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.05.2014, 22:16
| #1 |
| |  TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 Hallo, ich habe von Avira gemeldet bekommen, dass die im Titel genannten Dateien/Trojaner gefunden wurden. Mein Computer ist seit drei Wochen super langsam, im Internet überall fragwürdige Werbeanzeigen und so weiter... Ich habe versucht alle Anweisungen zu den Logfiles zu befolgen, jetzt habe ich folgendes: 1. FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by coolelisa (administrator) on LISALAPTOP on 18-05-2014 22:19:45
Running from C:\Users\coolelisa\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ArcSoft, Inc.) C:\Program Files (x86)\MSI\ArcSoft\TotalMedia\TMMonitor.exe
(Dropbox, Inc.) C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Users\coolelisa\Downloads\UltimateCodec.exe
( ) C:\Users\coolelisa\AppData\Local\Temp\is357113909\3726848_stp\SmartWrapper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [862088 2011-01-28] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows7FirewallControl] => C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1126400 2012-04-12] (Sphinx Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1077328 2011-02-14] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1325642598-3495664763-1817961077-1001\...\Run: [YouTube Mini] => C:\Program Files (x86)\YoutubeDownloader.org\YouTubeDownloader\YouTube Mini.exe
HKU\S-1-5-21-1325642598-3495664763-1817961077-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1325642598-3495664763-1817961077-501\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe [815496 2013-09-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-1325642598-3495664763-1817961077-501\...\MountPoints2: E - E:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\MSI\ArcSoft\TotalMedia\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.landing.savetubevideo.com/index.php?from=3
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: HKCU - (No Name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
SearchScopes: HKCU - DefaultScope {2877A654-1C9F-4cb5-8438-16022B2FDD9C} URL = hxxp://www.landing.savetubevideo.com/results.php?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2877A654-1C9F-4cb5-8438-16022B2FDD9C} URL = hxxp://www.landing.savetubevideo.com/results.php?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
BHO: Torntv V9.0 - {11111111-1111-1111-1111-110511131190} - C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Torntv V9.0 - {11111111-1111-1111-1111-110511131190} - C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{B2617033-4097-4E6F-99FE-2A8DC49AFC1D}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: hxxp://www.spiegel.de/
FF Keyword.URL: hxxp://www.landing.savetubevideo.com/results.php?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\GoogleFeed.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Torntv V9.0 - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com [2014-03-23]
FF Extension: YouTube Unblocker - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-15]
FF Extension: {9d374d97-b968-496d-bc9a-136038834261} - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\{9d374d97-b968-496d-bc9a-136038834261}.xpi [2014-05-17]
FF Extension: Adblock Plus - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-09]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [760320 2012-04-12] (Sphinx Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-18 22:19 - 2014-05-18 22:20 - 00014357 _____ () C:\Users\coolelisa\Downloads\FRST.txt
2014-05-18 22:19 - 2014-05-18 22:19 - 02067456 _____ (Farbar) C:\Users\coolelisa\Downloads\FRST64.exe
2014-05-18 22:19 - 2014-05-18 22:19 - 00000000 ____D () C:\FRST
2014-05-18 22:14 - 2014-05-18 22:14 - 00050477 _____ () C:\Users\coolelisa\Downloads\Defogger.exe
2014-05-18 22:14 - 2014-05-18 22:14 - 00000000 _____ () C:\Users\coolelisa\defogger_reenable
2014-05-18 22:06 - 2014-05-18 22:06 - 00003340 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-05-18 22:06 - 2014-05-18 22:06 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-05-18 22:06 - 2014-05-18 22:06 - 00003046 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-05-18 22:06 - 2014-05-18 22:06 - 00002890 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-05-18 22:06 - 2014-05-18 22:06 - 00000292 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-05-18 22:06 - 2014-05-18 22:06 - 00000284 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-05-18 22:06 - 2014-05-18 22:06 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Advanced System Protector
2014-05-18 22:05 - 2014-05-18 22:05 - 00001996 _____ () C:\Windows\unins000.dat
2014-05-18 22:05 - 2014-05-18 22:05 - 00001058 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Systweak
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\LavFilters
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\CDXReader
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\DivX
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Haali
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-18 22:05 - 2014-05-18 22:04 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-18 22:05 - 2014-04-25 14:49 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-05-18 22:05 - 2012-02-26 16:47 - 00079360 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-18 22:05 - 2012-01-09 20:45 - 00178688 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-18 22:05 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2014-05-18 22:05 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2014-05-18 22:05 - 2011-05-30 15:42 - 00255488 _____ () C:\Windows\system32\xvidvfw.dll
2014-05-18 22:05 - 2011-05-30 15:42 - 00240640 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-05-18 22:05 - 2011-05-23 11:52 - 00153088 _____ () C:\Windows\SysWOW64\xvid.ax
2014-05-18 22:05 - 2011-05-23 09:49 - 00173568 _____ () C:\Windows\system32\xvid.ax
2014-05-18 22:05 - 2011-05-23 09:46 - 00645632 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-05-18 22:05 - 2011-05-23 09:45 - 00696832 _____ () C:\Windows\system32\xvidcore.dll
2014-05-18 22:04 - 2014-05-18 22:04 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-18 22:02 - 2014-05-18 22:17 - 00001135 _____ () C:\Users\coolelisa\Desktop\Continue Codec Pack Installation.lnk
2014-05-18 22:01 - 2014-05-18 22:01 - 00678112 _____ () C:\Users\coolelisa\Downloads\UltimateCodec.exe
2014-05-18 21:06 - 2014-05-18 21:06 - 05255978 _____ () C:\Users\coolelisa\Downloads\WP 2020 Stand 2014-05-13 Kopie.zip
2014-05-16 01:03 - 2014-05-16 01:03 - 00000000 ____D () C:\0e665f10d1af54ce4a8e86d9ab0aa5
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\DropboxMaster
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Windows Live Writer
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\Windows Live Writer
2014-05-13 11:10 - 2014-05-13 11:10 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\CrashDumps
2014-05-11 12:57 - 2014-05-11 13:22 - 00000000 ____D () C:\NPE
2014-05-11 12:48 - 2014-05-11 13:26 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\NPE
2014-05-11 12:48 - 2014-05-11 12:48 - 03081712 ____N (Symantec Corporation) C:\Users\coolelisa\Downloads\NPE.exe
2014-05-11 12:48 - 2014-05-11 12:48 - 00000000 ____D () C:\ProgramData\Norton
2014-05-11 12:41 - 2014-05-11 12:41 - 00629584 _____ (Chip Digital GmbH) C:\Users\coolelisa\Downloads\Norton Power Eraser - CHIP-Downloader.exe
2014-05-11 12:36 - 2014-05-11 12:36 - 00004054 _____ () C:\Users\coolelisa\Desktop\Bewerbung MOME.lnk
2014-05-08 10:54 - 2014-05-08 10:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 14:12 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 14:12 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-04 17:43 - 2014-04-29 16:14 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-04 17:43 - 2014-04-29 14:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-04 17:43 - 2014-04-29 14:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-04 17:43 - 2014-04-29 14:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 22:10 - 2014-04-24 22:10 - 00013201 _____ () C:\Users\coolelisa\Downloads\Protokoll 24.4.14.odt
2014-04-22 20:31 - 2014-04-22 20:31 - 04081800 _____ () C:\Users\coolelisa\Downloads\waschhaus_Illu1.tif
2014-04-22 20:31 - 2014-04-22 20:31 - 02777264 _____ () C:\Users\coolelisa\Downloads\waschhaus_Ill2.tif
==================== One Month Modified Files and Folders =======
2014-05-18 22:20 - 2014-05-18 22:19 - 00014357 _____ () C:\Users\coolelisa\Downloads\FRST.txt
2014-05-18 22:19 - 2014-05-18 22:19 - 02067456 _____ (Farbar) C:\Users\coolelisa\Downloads\FRST64.exe
2014-05-18 22:19 - 2014-05-18 22:19 - 00000000 ____D () C:\FRST
2014-05-18 22:17 - 2014-05-18 22:02 - 00001135 _____ () C:\Users\coolelisa\Desktop\Continue Codec Pack Installation.lnk
2014-05-18 22:14 - 2014-05-18 22:14 - 00050477 _____ () C:\Users\coolelisa\Downloads\Defogger.exe
2014-05-18 22:14 - 2014-05-18 22:14 - 00000000 _____ () C:\Users\coolelisa\defogger_reenable
2014-05-18 22:14 - 2011-08-18 13:58 - 00000000 ____D () C:\Users\coolelisa
2014-05-18 22:12 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 22:12 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 22:06 - 2014-05-18 22:06 - 00003340 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-05-18 22:06 - 2014-05-18 22:06 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-05-18 22:06 - 2014-05-18 22:06 - 00003046 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-05-18 22:06 - 2014-05-18 22:06 - 00002890 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-05-18 22:06 - 2014-05-18 22:06 - 00000292 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-05-18 22:06 - 2014-05-18 22:06 - 00000284 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-05-18 22:06 - 2014-05-18 22:06 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Advanced System Protector
2014-05-18 22:05 - 2014-05-18 22:05 - 00001996 _____ () C:\Windows\unins000.dat
2014-05-18 22:05 - 2014-05-18 22:05 - 00001058 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Systweak
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\LavFilters
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\CDXReader
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\DivX
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Haali
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-18 22:04 - 2014-05-18 22:05 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-18 22:04 - 2014-05-18 22:04 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-18 22:04 - 2014-03-23 19:09 - 00003258 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-05-18 22:04 - 2014-03-23 19:09 - 00000306 _____ () C:\Windows\Tasks\Digital Sites.job
2014-05-18 22:01 - 2014-05-18 22:01 - 00678112 _____ () C:\Users\coolelisa\Downloads\UltimateCodec.exe
2014-05-18 22:00 - 2011-03-29 03:18 - 01177025 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 21:14 - 2013-11-28 11:46 - 00545923 _____ () C:\Windows\IE11_main.log
2014-05-18 21:06 - 2014-05-18 21:06 - 05255978 _____ () C:\Users\coolelisa\Downloads\WP 2020 Stand 2014-05-13 Kopie.zip
2014-05-18 21:02 - 2014-03-23 19:12 - 00003100 _____ () C:\Windows\Tasks\Torntv V9.0-chromeinstaller.job
2014-05-18 21:02 - 2014-03-23 19:12 - 00002430 _____ () C:\Windows\Tasks\Torntv V9.0-firefoxinstaller.job
2014-05-18 21:02 - 2014-03-23 19:12 - 00001514 _____ () C:\Windows\Tasks\Torntv V9.0-updater.job
2014-05-18 21:02 - 2014-03-23 19:12 - 00001458 _____ () C:\Windows\Tasks\Torntv V9.0-codedownloader.job
2014-05-18 21:02 - 2014-03-23 19:12 - 00001348 _____ () C:\Windows\Tasks\Torntv V9.0-enabler.job
2014-05-18 21:02 - 2013-02-26 17:48 - 00000000 ___RD () C:\Users\coolelisa\Dropbox
2014-05-18 21:02 - 2012-10-31 18:17 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Dropbox
2014-05-18 21:02 - 2011-03-29 03:48 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-18 21:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 21:01 - 2009-07-14 06:51 - 00122005 _____ () C:\Windows\setupact.log
2014-05-16 01:03 - 2014-05-16 01:03 - 00000000 ____D () C:\0e665f10d1af54ce4a8e86d9ab0aa5
2014-05-16 01:03 - 2013-08-20 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 01:03 - 2012-06-24 10:27 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-16 01:01 - 2011-08-19 12:38 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\SoftGrid Client
2014-05-15 21:26 - 2012-11-13 22:31 - 00000000 ____D () C:\Users\coolelisa\Documents\HfK
2014-05-15 11:36 - 2013-07-14 15:30 - 00000000 ____D () C:\Users\coolelisa\Documents\Telekom
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\DropboxMaster
2014-05-14 18:57 - 2012-11-24 15:37 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 18:57 - 2012-11-24 15:30 - 00002176 _____ () C:\Windows\wininit.ini
2014-05-14 18:57 - 2011-08-18 13:58 - 00000000 ___RD () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 18:52 - 2011-03-29 13:09 - 00714926 _____ () C:\Windows\system32\perfh007.dat
2014-05-14 18:52 - 2011-03-29 13:09 - 00154720 _____ () C:\Windows\system32\perfc007.dat
2014-05-14 18:52 - 2009-07-14 07:13 - 01651216 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Windows Live Writer
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\Windows Live Writer
2014-05-13 11:10 - 2014-05-13 11:10 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\CrashDumps
2014-05-11 13:26 - 2014-05-11 12:48 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\NPE
2014-05-11 13:22 - 2014-05-11 12:57 - 00000000 ____D () C:\NPE
2014-05-11 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-11 12:48 - 2014-05-11 12:48 - 03081712 ____N (Symantec Corporation) C:\Users\coolelisa\Downloads\NPE.exe
2014-05-11 12:48 - 2014-05-11 12:48 - 00000000 ____D () C:\ProgramData\Norton
2014-05-11 12:41 - 2014-05-11 12:41 - 00629584 _____ (Chip Digital GmbH) C:\Users\coolelisa\Downloads\Norton Power Eraser - CHIP-Downloader.exe
2014-05-11 12:36 - 2014-05-11 12:36 - 00004054 _____ () C:\Users\coolelisa\Desktop\Bewerbung MOME.lnk
2014-05-10 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-10 13:59 - 2013-06-24 00:03 - 00000000 ____D () C:\Users\coolelisa\Documents\Schriften
2014-05-10 13:47 - 2012-07-09 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 10:54 - 2014-05-08 10:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 16:14 - 2014-05-04 17:43 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 14:47 - 2014-05-04 17:43 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:36 - 2014-05-04 17:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:25 - 2014-05-04 17:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-25 14:49 - 2014-05-18 22:05 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-24 22:10 - 2014-04-24 22:10 - 00013201 _____ () C:\Users\coolelisa\Downloads\Protokoll 24.4.14.odt
2014-04-22 20:31 - 2014-04-22 20:31 - 04081800 _____ () C:\Users\coolelisa\Downloads\waschhaus_Illu1.tif
2014-04-22 20:31 - 2014-04-22 20:31 - 02777264 _____ () C:\Users\coolelisa\Downloads\waschhaus_Ill2.tif
Some content of TEMP:
====================
C:\Users\coolelisa\AppData\Local\Temp\AskSLib.dll
C:\Users\coolelisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuekl35.dll
C:\Users\coolelisa\AppData\Local\Temp\ffunzip.exe
C:\Users\coolelisa\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
C:\Users\coolelisa\AppData\Local\Temp\ICReinstall_ZipSetup.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_1.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_2.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_3.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_4.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aih(1).exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\install_reader11_de_mssd_aih(1).exe
C:\Users\coolelisa\AppData\Local\Temp\install_reader11_de_mssd_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\MSN69EB.exe
C:\Users\coolelisa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\coolelisa\AppData\Local\Temp\tbFre0.dll
C:\Users\coolelisa\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 19:49
==================== End Of Log ============================
2. Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by coolelisa at 2014-05-18 22:21:01 Running from C:\Users\coolelisa\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1324 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1324 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3004 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) ArcSoft TotalMedia 3 (HKLM-x32\...\{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}) (Version: - ArcSoft) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - ) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.0.0.1199 - Avira) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.52.0.50 - Conexant) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - ) DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team) Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.) ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - ) Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2287 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launch Manager (HKLM-x32\...\LManager) (Version: 6.0.1s1 - Acer Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - ) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.) RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) SecureW2 EAP Suite 1.1.3 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - ) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated) Torntv V9.0 (HKLM-x32\...\Torntv V9.0) (Version: 1.34.3.6 - installdaddy) <==== ATTENTION Update for Codec Pack (HKCU\...\Digital Sites) (Version: - Update for Codec Pack) <==== ATTENTION Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows7FirewallControl (x64) 5.0.0.15 (HKLM\...\Windows7FirewallControl_is1) (Version: 5.0.0.15 - Sphinx Software) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) ==================== Restore Points ========================= 13-05-2014 21:56:09 Windows Update 15-05-2014 23:01:29 Windows Update 17-05-2014 11:29:02 Windows Update 18-05-2014 19:05:55 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2B9D00A0-CE79-4235-87A8-F7D486D9673E} - System32\Tasks\Torntv V9.0-chromeinstaller => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-chromeinstaller.exe <==== ATTENTION Task: {64A54D01-A417-43EF-A16F-07D74E8CD897} - System32\Tasks\Torntv V9.0-firefoxinstaller => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-firefoxinstaller.exe <==== ATTENTION Task: {69A04BEE-0A69-4D88-B4D1-84DA87C113BD} - System32\Tasks\Torntv V9.0-codedownloader => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exe <==== ATTENTION Task: {776D89CB-3195-4A9C-A873-9C3BFA6E1488} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-04-25] (Systweak Inc) <==== ATTENTION Task: {7A5E08D7-43F8-4883-AB27-033F65C483FE} - System32\Tasks\Digital Sites => C:\Users\coolelisa\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {7B7FECD0-F312-4338-982F-5CD31061A2E3} - System32\Tasks\Torntv V9.0-enabler => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-enabler.exe <==== ATTENTION Task: {9266A4C1-245C-4C9C-9D99-DAD4A4B8C03F} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [2014-04-24] (Systweak Inc ) <==== ATTENTION Task: {92D8849B-D184-4994-9D36-1F867E2C60CD} - System32\Tasks\Torntv V9.0-updater => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-updater.exe <==== ATTENTION Task: {DF6E932D-CA17-4759-A13D-BA17093E1BAB} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-04-25] (Systweak Inc) <==== ATTENTION Task: {E44B6D29-A4EE-44A6-988A-FA1547F77453} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-04-25] (Systweak Inc) <==== ATTENTION Task: {E71D85BA-978C-4430-8952-6805FFDA8A7B} - System32\Tasks\{C737E961-0B01-4312-B03C-5EDBCCCBA65D} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.2.0.106&LastError=12029 Task: {E8ED70C3-042A-4358-88C5-1A17C5F5EA64} - System32\Tasks\AdobeAAMUpdater-1.0-LisaLaptop-coolelisa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\COOLEL~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: C:\Windows\Tasks\Torntv V9.0-chromeinstaller.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-chromeinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\Torntv V9.0-codedownloader.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\Torntv V9.0-enabler.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-enabler.exe <==== ATTENTION Task: C:\Windows\Tasks\Torntv V9.0-firefoxinstaller.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-firefoxinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\Torntv V9.0-updater.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-updater.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2011-03-16 06:19 - 2011-01-20 04:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-05-18 22:01 - 2014-05-18 22:01 - 00678112 _____ () C:\Users\coolelisa\Downloads\UltimateCodec.exe 2012-02-28 14:50 - 2012-05-08 11:35 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-01-30 19:16 - 2005-08-05 17:24 - 00028672 _____ () C:\Program Files (x86)\MSI\ArcSoft\TotalMedia\uPiApi.dll 2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2014-05-18 21:02 - 2014-05-18 21:02 - 00041984 _____ () C:\Users\coolelisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuekl35.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\libcef.dll 2011-01-17 17:19 - 2012-01-03 16:55 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2012-07-09 22:13 - 2014-05-10 13:47 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-29 20:55 - 2013-09-29 20:55 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll 2014-02-17 22:53 - 2014-02-17 22:53 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll 2011-03-16 05:57 - 2010-09-14 03:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-03-17 14:19 - 2014-03-17 14:19 - 00214528 ____N () C:\Users\coolelisa\AppData\Local\Temp\is357113909\3726765_stp\icc.dll 2014-03-13 16:39 - 2014-03-13 16:39 - 00645592 ____N () C:\Users\coolelisa\AppData\Local\Temp\is357113909\3726765_stp\sqlite3.dll 2014-02-25 10:55 - 2014-02-25 10:55 - 00151040 ____N () C:\Users\coolelisa\AppData\Local\Temp\is357113909\3726675_stp\RAM.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/14/2014 11:35:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15585 Error: (05/14/2014 11:35:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15585 Error: (05/14/2014 11:35:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/13/2014 06:25:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2350046 Error: (05/13/2014 06:25:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2350046 Error: (05/13/2014 06:25:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/13/2014 05:46:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9984 Error: (05/13/2014 05:46:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9984 Error: (05/13/2014 05:46:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/13/2014 02:55:16 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3292230 System errors: ============= Error: (05/18/2014 09:14:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme Error: (05/18/2014 09:03:14 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (05/18/2014 09:03:14 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/ Error: (05/18/2014 09:03:14 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (05/18/2014 09:03:14 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/ Error: (05/17/2014 03:50:06 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (05/17/2014 03:50:06 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/ Error: (05/17/2014 03:50:06 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (05/17/2014 03:50:06 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/ Error: (05/17/2014 01:38:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme Microsoft Office Sessions: ========================= Error: (05/14/2014 11:35:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15585 Error: (05/14/2014 11:35:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15585 Error: (05/14/2014 11:35:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/13/2014 06:25:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2350046 Error: (05/13/2014 06:25:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2350046 Error: (05/13/2014 06:25:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/13/2014 05:46:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9984 Error: (05/13/2014 05:46:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9984 Error: (05/13/2014 05:46:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/13/2014 02:55:16 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3292230 ==================== Memory info =========================== Percentage of memory in use: 66% Total physical RAM: 3947.86 MB Available physical RAM: 1303.26 MB Total Pagefile: 7893.9 MB Available Pagefile: 4915.26 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:232.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B8764BBC) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ==================== End Of Log ============================ 3. Gmer GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-18 22:55:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\COOLEL~1\AppData\Local\Temp\uwloakow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
.text C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe[1876] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe[1876] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[5424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[5424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4488:4500] 00000000776f3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4488:4504] 0000000075377587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4488:4516] 0000000072407712
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4488:4536] 00000000776f2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4488:4964] 000000007618d864
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4488:4384] 00000000776f3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4488:2876] 00000000776f7151
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4488:5684] 00000000776f3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4212:5184] 00000000776f2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4212:6092] 00000000776f3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4212:5188] 00000000776f3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4212:2576] 000000007618d864
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4212:5852] 000000006e876a0f
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4212:2556] 000000006e8f05e5
---- Processes - GMER 2.1 ----
Library C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe [1876](2014-01-03 03:42:50) 00000000038c0000
Library c:\users\coolel~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqzhblp.dll (*** suspicious ***) @ C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe [1876](2014-05-18 20:34:28) 00000000037c0000
Library C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe [1876](2013-10-18 23:55:02) 00000000674d0000
Library C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe [1876] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000065dc0000
---- EOF - GMER 2.1 ----
4. Avira Exportierte Ereignisse: 18.05.2014 21:14 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\40F5ACDB-9C59-4BBE-BD00-BBA89935F179\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 18.05.2014 21:13 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\40F5ACDB-9C59-4BBE-BD00-BBA89935F179\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 18.05.2014 21:13 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\40F5ACDB-9C59-4BBE-BD00-BBA89935F179\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 17.05.2014 13:35 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\97CB6797-F090-486D-A0F8-2264A188DB97\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.05.2014 13:34 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\97CB6797-F090-486D-A0F8-2264A188DB97\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 17.05.2014 13:34 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\97CB6797-F090-486D-A0F8-2264A188DB97\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 14.05.2014 00:00 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\E627C463-624F-482A-A000-1C008AE4F23E\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 14.05.2014 00:00 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\E627C463-624F-482A-A000-1C008AE4F23E\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 14.05.2014 00:00 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\E627C463-624F-482A-A000-1C008AE4F23E\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 13.05.2014 10:52 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\299885F9-4161-4B9A-8A9A-052A34CD9118\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 13.05.2014 10:52 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\299885F9-4161-4B9A-8A9A-052A34CD9118\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 13.05.2014 10:51 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\299885F9-4161-4B9A-8A9A-052A34CD9118\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 11.05.2014 15:20 [System Scanner] Malware gefunden Die Datei 'C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RN4OPU6' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e0ff7b2.qua' verschoben! 11.05.2014 15:20 [System Scanner] Malware gefunden Die Datei 'C:\Users\coolelisa\AppData\Local\Mozilla\Firefox\Profiles\x3zoul2n.default\Cach e\6\41\4FB3Cd01' enthielt einen Virus oder unerwünschtes Programm 'HTML/ExpKit.Gen3' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5694d819.qua' verschoben! 11.05.2014 13:10 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\6290D77D-5C44-4CAF-BDCF-1036F041EE9B\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 11.05.2014 13:10 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\6290D77D-5C44-4CAF-BDCF-1036F041EE9B\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 11.05.2014 13:10 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\6290D77D-5C44-4CAF-BDCF-1036F041EE9B\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 11.05.2014 12:04 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\E9BE1AE5-A4EA-4903-B458-4E224790CFD6\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 11.05.2014 12:04 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\E9BE1AE5-A4EA-4903-B458-4E224790CFD6\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 11.05.2014 12:04 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\E9BE1AE5-A4EA-4903-B458-4E224790CFD6\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 11.05.2014 12:04 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\E9BE1AE5-A4EA-4903-B458-4E224790CFD6\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 10.05.2014 13:57 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\FC69D003-421A-4720-BCDC-A446E13758FF\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 10.05.2014 13:56 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\FC69D003-421A-4720-BCDC-A446E13758FF\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 10.05.2014 13:56 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\FC69D003-421A-4720-BCDC-A446E13758FF\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 09.05.2014 19:44 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\63E27509-03A3-4173-BA25-037159AD5692\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 09.05.2014 19:43 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\63E27509-03A3-4173-BA25-037159AD5692\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 09.05.2014 19:43 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\63E27509-03A3-4173-BA25-037159AD5692\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 08.05.2014 12:52 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\3B8E8665-6193-4855-820E-5E9CD12CE557\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 08.05.2014 12:52 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\3B8E8665-6193-4855-820E-5E9CD12CE557\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 08.05.2014 12:52 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\3B8E8665-6193-4855-820E-5E9CD12CE557\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 08.05.2014 10:58 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\E5CBACDA-7214-4B43-8E5B-1A8B2BF09FE3\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 08.05.2014 10:57 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\E5CBACDA-7214-4B43-8E5B-1A8B2BF09FE3\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 08.05.2014 10:57 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\E5CBACDA-7214-4B43-8E5B-1A8B2BF09FE3\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 06.05.2014 14:11 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\224D688E-CDC0-4A08-BD5A-C22DAD24B285\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 06.05.2014 14:10 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\224D688E-CDC0-4A08-BD5A-C22DAD24B285\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 06.05.2014 14:10 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\224D688E-CDC0-4A08-BD5A-C22DAD24B285\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 05.05.2014 10:54 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\9103A8A3-51D0-4A43-A41D-790070F02A6C\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 05.05.2014 10:54 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\9103A8A3-51D0-4A43-A41D-790070F02A6C\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 05.05.2014 10:54 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\9103A8A3-51D0-4A43-A41D-790070F02A6C\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 02.05.2014 23:10 [System Scanner] Malware gefunden Die Datei 'C:\Users\coolelisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGW7Q6I6\sh145[1].htm' enthielt einen Virus oder unerwünschtes Programm 'HTML/ExpKit.Gen3' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ee98bc0.qua' verschoben! 02.05.2014 23:10 [System Scanner] Malware gefunden Die Datei 'C:\Users\coolelisa\AppData\Local\Mozilla\Firefox\Profiles\x3zoul2n.default\Cach e\6\41\4FB3Cd01' enthielt einen Virus oder unerwünschtes Programm 'HTML/ExpKit.Gen3' [virus]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004. Die Quelldatei konnte nicht gefunden werden. Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! Die Datei existiert nicht! 02.05.2014 01:32 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\30F8E1EB-6BED-4332-AE3F-CC9F8268CE05\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.05.2014 01:32 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\30F8E1EB-6BED-4332-AE3F-CC9F8268CE05\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 02.05.2014 01:32 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\30F8E1EB-6BED-4332-AE3F-CC9F8268CE05\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 01.05.2014 23:01 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\8FEF2A7E-1CBA-4CE6-94DA-5BFF2DCBFB07\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 01.05.2014 23:01 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\8FEF2A7E-1CBA-4CE6-94DA-5BFF2DCBFB07\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 01.05.2014 23:00 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\8FEF2A7E-1CBA-4CE6-94DA-5BFF2DCBFB07\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 27.04.2014 16:49 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\winsxs\Temp\414198d62762cf01e9010000a4159808\508e1dd72762cf018702000 0a4159808_mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 27.04.2014 16:49 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\winsxs\Temp\414198d62762cf01e9010000a4159808\508e1dd72762cf018702000 0a4159808_mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 27.04.2014 16:49 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\60D89C7B-D91C-40BD-9839-B177B4D71304\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 27.04.2014 16:49 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\60D89C7B-D91C-40BD-9839-B177B4D71304\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 27.04.2014 16:05 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\9DA639F7-A9F2-407C-B890-1BE93A605C6F\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 27.04.2014 16:05 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\9DA639F7-A9F2-407C-B890-1BE93A605C6F\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 27.04.2014 16:05 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\9DA639F7-A9F2-407C-B890-1BE93A605C6F\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 26.04.2014 17:45 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\F039E61B-BE5F-417E-A7C4-6BEFAA31F899\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 26.04.2014 17:45 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\F039E61B-BE5F-417E-A7C4-6BEFAA31F899\x86_microsoft-windows-ie-m shtmldac_31bf3856ad364e35_11.2.9600.16428_none_5e761a2653ce8cd8\mshtmldac.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 26.04.2014 17:44 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Windows\Temp\F039E61B-BE5F-417E-A7C4-6BEFAA31F899\x86_microsoft-windows-e..y phenation.binaries_31bf3856ad364e35_6.3.9600.16428_none_eb9b0f6fb3a13f1e\elshyph .dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner Danke schon mal im Voraus! |
|
19.05.2014, 00:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 Hi,
__________________Avira deinstallieren, das Teil empfehlen wir schon lange nicht mehr, erzeugt zuviele Fehlalarme, im Prinzip kann jeder Scanner das Problem haben aber seit einiger Zeit fällt Avira besonders negativ auf. Wenn wir durch sind kannst du auf nen anderen Scanner umsteigen, mehr dazu später. Hast du noch andere Funde zB mit Malwarebytes oder ganz anderen Scannern?
__________________ |
|
24.05.2014, 19:30
| #3 |
| | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 Hallo, danke schon mal! Ich habe avira jetzt deinstalliert, bin mir aber wie gesagt sicher, dass es kein Fehlalarm war. Dann habe ich mit Malwarebytes noch einen scan gemacht und die gefundenen Dateien in Quarantäne verschoben. Der scan ist ziemlich lang. Wie kann man das so einfügen, dass ein extra Feld mit Scroll-Leiste angelegt wird? Und: Wie soll ich weiter machen?
__________________Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 24.05.2014 Suchlauf-Zeit: 19:07:21 Logdatei: malwarebytes.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.05.24.05 Rootkit Datenbank: v2014.05.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: coolelisa Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 320489 Verstrichene Zeit: 20 Min, 44 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 35 PUP.Optional.Updater, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Digital Sites, , [5adb064fbebd3600ab3610954eb46f91], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.BHO, , [ac89064fea910630810ebdffa75c916f], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.BHO.1, , [6acbf560b2c940f6226da517887bed13], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.Sandbox, , [e451f56037448da988074c70cb3852ae], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.Sandbox.1, , [0332391c28534bebdcb376465aa9b44c], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, , [de5762f36f0c6acc41c7afea42c0d32d], PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\Torntv V9.0, , [3005c88d77043ef881fdc3e442c021df], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.BHO, , [b87dd87da2d9c76fe6a9f5c7e122df21], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.BHO.1, , [161f44115e1d0036721d0daf31d2e41c], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.Sandbox, , [fb3ae66f760550e62b64caf249ba8e72], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.Sandbox.1, , [e4514f065526d26487083983e71cf20e], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\3874, , [1025fe5783f8e6500cfc9603b54d6d93], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [58dd3223364583b3c33bd4e8aa599a66], PUP.Optional.Iminent.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, , [ac8986cf2b5025114848d4d2ec16d52b], Adware.SkyMedia, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SkyMedia, , [88ad3e17b5c647ef83574fcf1be8c040], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [02339db8453654e2ba689d33966d44bc], PUP.Optional.PriceGong.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [c174e86de09b0a2c14ebdbc435cda35d], PUP.Optional.TornTV.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, , [0c29084d4536092d5fba633dcb3733cd], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [9e9773e2ff7c95a11d7baef7bc46a759], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [ac890055d5a66acc84213b800ef502fe], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, , [a88d4d08314ad75f26e30e8b42c060a0], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, , [fb3a62f3cbb0fb3bb3dd2c903cc717e9], PUP.Optional.Softonic.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [38fdb0a51b6069cd9a98a0f430d29d63], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511131190}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511131190}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544134490}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555135590}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566136690}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555135590}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566136690}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544134490}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511131190}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511131190}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511131190}, , [8fa6272e4e2dde58ccbfe4759272de22], PUP.Optional.CrossRider.M, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511131190}, , [8fa6272e4e2dde58ccbfe4759272de22], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1325642598-3495664763-1817961077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, , [ac890055d5a66acc84213b800ef502fe] Registrierungsdaten: 0 (No malicious items detected) Ordner: 108 PUP.Optional.Updater, C:\Users\coolelisa\AppData\Roaming\DigitalSites\UpdateProc, , [5adb064fbebd3600ab3610954eb46f91], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\aboutBox, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\aboutBox\images, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\aboutBox\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\res, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\api, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\features, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\features\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\features\js\resources, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\myStuffDialogs, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\images, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\js\resources, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\SearchProtectorBubbleDialog, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\searchProtectorSettingsDialog, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\searchProtectorSettingsDialog\images, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\gf, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\gf\css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\gf\img, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\img, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\404, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\APPLICATION_BUTTON, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\APPLICATION_BUTTON\Js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\APPLICATION_BUTTON\resources, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\img, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\js\resources, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\css\custom-theme, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\resources, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\buildSettings, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\Css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\js\resources, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH_IN_NEW_TAB, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_EMBEDDED, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_EMBEDDED\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_POPUP, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_POPUP\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\img, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\resources, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\core, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\sl, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\skin, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\defaults, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\defaults\preferences, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\lib, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\META-INF, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\modules, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\Plugins, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\defaults, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\defaults\preferences, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\userCode, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\locale, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\locale\en-US, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin, , [ca6be66f4635c076169e0f6c867c26da], Dateien: 468 PUP.Optional.Bandoo, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R3QFDR8.exe, , [af86d3823348a29438f844c6ab56956b], PUP.Adware.Agent, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R3U8Z1Z.exe, , [87ae65f0f18a7abc02c4ceab07f901ff], PUP.Optional.Softonic.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RBSZW5E.exe, , [68cd084d661556e0bad534ec8a77b749], PUP.Optional.Bandoo, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RLWHHGP.exe, , [2e07381db9c21323d060b45670918878], PUP.Optional.OneClickDownloader.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RMJ7LP7.exe, , [2a0b87ce2556d165a6e9320a4ab750b0], PUP.Optional.OneClickDownloader.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RCM5QY6.exe, , [6fc688cdd6a53afc4c43c379679ad62a], PUP.Optional.Softonic.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RSBA4FP.exe, , [b1847fd6b1ca8caa850a64bce31ea35d], PUP.Optional.Conduit.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RGIH6S4.exe, , [bc7980d52e4dc47251a2a4a65da4e719], PUP.Optional.OneClickDownloader.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RVHCXO9.exe, , [4ee7e2734b3039fd632cc57734cd847c], PUP.Optional.OneClickDownloader.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RRFPNS5.exe, , [8ea784d18af101357817d567f809a25e], PUP.OfferBundler.ST, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RBIHTXA.exe, , [280de66f1c5fef47002ae5a6ee12ef11], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-codedownloader.exe, , [cd68eb6a4b300f274d6574c8f30e659b], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-bg.exe, , [db5a62f3d2a93600ae04b4886d947789], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-bho.dll, , [b18480d5cfac7cba278bf8442dd40000], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-bho64.dll, , [81b43a1b6b10b482cfe354e868999e62], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-buttonutil.exe, , [0233a4b138433cfaf0c263d998697888], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-buttonutil64.exe, , [9d98cd881764ca6c4d65e458be4345bb], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-chromeinstaller.exe, , [ec49490ce9920d297a3886b633cefb05], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-enabler.exe, , [3ef7aea7d7a4bf77e6ccf745ab5618e8], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-firefoxinstaller.exe, , [bf76b2a3502b48ee5959fb411ae7f010], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-updater.exe, , [191cb79e9ae167cf357d6bd1837e4bb5], PUP.Optional.TornTV.A, C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\utils.exe, , [38fd460f91eacb6b9787b9af61a0926e], PUP.Optional.Bundlore, C:\Users\coolelisa\AppData\Local\Temp\+4IMDpVw.exe.part, , [61d4a0b5e09bfd397ad180a1ec14cf31], PUP.Optional.Firseria, C:\Users\coolelisa\AppData\Local\Temp\nAxeIkPR.exe.part, , [56dfb2a37dfeb482bb2b700b0afa28d8], PUP.Optional.InstallCore, C:\Users\coolelisa\AppData\Local\Temp\ICReinstall_UltimateCodec.exe, , [bc7923321c5fa98d4b23da6d63a14db3], PUP.Optional.Bundlore, C:\Users\coolelisa\AppData\Local\Temp\ig1fQjFM.exe.part, , [3302c590bfbc67cf6be024fdf709d828], PUP.Optional.Firseria, C:\Users\coolelisa\AppData\Local\Temp\lrh3LrMp.exe.part, , [44f18dc8314a241240a60675a85c0af6], PUP.Optional.DomaIQ, C:\Users\coolelisa\AppData\Local\Temp\fFF3Ilt9.exe.part, , [1e17ca8b87f4d95df0c3120e41c037c9], PUP.Optional.InstallMonetizer, C:\Users\coolelisa\AppData\Local\Temp\ppviEROI.exe.part, , [65d0ff56e695bb7b40110029728fd52b], PUP.Optional.Bandoo, C:\Users\coolelisa\AppData\Local\Temp\QwI6G8Rg.exe.part, , [181dabaabcbfc96d5fd143c7cb36718f], PUP.Optional.Bundlore, C:\Users\coolelisa\AppData\Local\Temp\JCzgTQCk.exe.part, , [47eee174b2c96bcbd7ecae5728d9ee12], PUP.Optional.Iminent.A, C:\Users\coolelisa\AppData\Local\Temp\nsb454D.tmp\IminentSetup.exe, , [af86193cb1ca270f3b4b1c28ed14639d], PUP.Optional.ScramblePacker.A, C:\Users\coolelisa\AppData\Local\Temp\nsb454D.tmp\trtextsetup.exe, , [c4718acb94e788ae9887156727daf50b], PUP.Optional.InstallCore, C:\Users\coolelisa\Downloads\UltimateCodec.exe, , [81b457fe5d1e53e377f794b3ba4a9070], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [41f48acbabd03105fc86b7e8f80a5ca4], PUP.Optional.Updater, C:\Users\coolelisa\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, , [5adb064fbebd3600ab3610954eb46f91], PUP.Optional.Updater, C:\Users\coolelisa\AppData\Roaming\DigitalSites\UpdateProc\config.dat, , [5adb064fbebd3600ab3610954eb46f91], PUP.Optional.Updater, C:\Users\coolelisa\AppData\Roaming\DigitalSites\UpdateProc\info.dat, , [5adb064fbebd3600ab3610954eb46f91], PUP.Optional.Updater, C:\Users\coolelisa\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, , [5adb064fbebd3600ab3610954eb46f91], PUP.Optional.TornTV.A, C:\Windows\Tasks\Torntv V9.0-chromeinstaller.job, , [b87df5609dde42f4d0b0c8dfd32fb64a], PUP.Optional.TornTV.A, C:\Windows\Tasks\Torntv V9.0-codedownloader.job, , [2e078bca3b40092d94ec9b0c6999c43c], PUP.Optional.TornTV.A, C:\Windows\Tasks\Torntv V9.0-enabler.job, , [37fe2431e497b97d4c341e894fb305fb], PUP.Optional.TornTV.A, C:\Windows\Tasks\Torntv V9.0-firefoxinstaller.job, , [ba7b371ed4a7a2943b453c6bda2853ad], PUP.Optional.TornTV.A, C:\Windows\Tasks\Torntv V9.0-updater.job, , [aa8b4c09097261d5bec2f7b013eff60a], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\bootstrap.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome.manifest, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\install.rdf, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\version.txt, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\BrowserContextMenuManager.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\ConduitAbstractionLayer.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\popup.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\popup.xul, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\popupTransparent.xul, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\popupWithChrome.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\popupWithChrome.xul, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\preferences.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\preferences.xul, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\toolbarOverlay.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\toolbarOverlay.xul, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tooltips.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\uninstallObserver.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\version.xul, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\backstage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\al.backstage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\al.view.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\aboutBox\aboutBox.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\aboutBox\images\truste.gif, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\aboutBox\images\x.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\aboutBox\js\aboutBox.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\appManager.controller.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\appManager.model.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\appManager.view.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\css\toolbar.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img\ajax-loader.gif, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img\buttonSprites.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img\chevron_sprites.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img\fallback24.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img\loader-icon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img\menu_arrow.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img\minibrowser.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img\mp_sprites.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img\separator.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\img\separator_hover.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ac\res\yoxscroll.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\api\toolbarapi.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\api\webAppApi.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\features\features.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\features\js\resources\webAppUtils.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\myStuffDialogs\excanvas.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\myStuffDialogs\trusted.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\myStuffDialogs\trusted.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\myStuffDialogs\untrusted.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\myStuffDialogs\untrusted.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\myStuffDialogs\untrusted.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\options.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\css\options.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\css\reset.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\images\ic_Closer_hover.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\images\minibrowser.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\images\x.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\js\options.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\js\resources\html5shiv.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\options\js\resources\modernizr-1.7.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\js\searchProtectorManager.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\SearchProtectorBubbleDialog\bubble.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\SearchProtectorBubbleDialog\bubble.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\SearchProtectorBubbleDialog\main.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images\information.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images\x-default-LTR.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images\x-default-RTL.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\searchProtectorSettingsDialog\main.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\searchProtectorSettingsDialog\SearchProtector.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\searchProtectorSettingsDialog\settings.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\searchProtectorSettingsDialog\images\ok-button.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\searchProtectorSettingsDialog\images\separation-line.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\searchProtector\searchProtectorSettingsDialog\images\warning.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menus.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\popups.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ajax-loader.gif, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\DialogsAPI.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\excanvas.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\generalDialogStyle.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\PIE.htc, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\settings.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\version.txt, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\main.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\ToolbarFirstTimeDialog.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\ToolbarFirstTimeDialog.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\app-store-icon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\arrow.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\dialog_tip_left.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\dialog_tip_right.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\divider.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\emailNotifier.gif, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\facebook.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\radio.GIF, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\Thumbs.db, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\truste_welcome.GIF, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\dlg\ftd\images\weather.GIF, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\gf\gf.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\gf\gf.view.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\gf\css\gf.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\gf\css\gf_ie.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\gf\img\ie_back.gif, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\gf\img\loader.gif, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\gf\img\sprites.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\popup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\css\menu.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\img\arrow-down-strong.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\img\arrow-down.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\img\arrow-left-strong.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\img\arrow-left.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\img\arrow-right-strong.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\img\arrow-right.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\img\arrows.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\js\jquery.ellipsis.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\js\jquery.mousewheel.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\js\jquery.scrollTo-1.4.2-min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\js\menu.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\ui\menu\js\scrollers.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\browserAppApi.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\404\404.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\404\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\APPLICATION_BUTTON\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\APPLICATION_BUTTON\Js\bgpage.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\APPLICATION_BUTTON\resources\defaultEngineImage.gif, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\bgPage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\popup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\css\en.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\css\en_rtl.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\css\jquery.jscrollpane.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\js\backend.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\js\frontend.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins\jquery.jscrollpane.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins\jquery.mousewheel.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins\jquery.text-overflow.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins\jquery.watermark.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins\modal.popups.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\embedded.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\popup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\css\embedded.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\css\popup.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\css\reset.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\js\bgpage.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\js\embedded.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\js\higlighter_script.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\HIGHLIGHTER\js\popup.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\popup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\css\popup.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\img\arrows.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\img\badges.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\img\icons.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\js\bgpage.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\js\popup.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\js\resources\jquery.text-overflow.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\js\resources\jquery.tmpl.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\js\resources\webAppUtils.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\MULTI_RSS\js\resources\xml2json.custom.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\embedded.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\NotificationPopup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\Settings.htm, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\css\gadget.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\css\general.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\css\Main.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\css\newMain.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\css\settings.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\css\ui.stepper.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\bgButton.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\bgButtonSet.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\closeIcon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\downArrow.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\envelopeIcon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\iconLogo.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\iIcon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\inIcon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\lockIcon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\logoIcon8.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\nextIcon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\poweredByConduit.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\previousIcon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\questionMarkIcon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\settingsIcon.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\images\upArrow.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\js\AppName.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\js\commons.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\js\jquery.ezmark.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\js\notification.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\js\NotificationSettings.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\js\notificationUIManger.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\js\Settings.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\js\stepper.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\NOTIFICATION\js\ToolbarAndAppsSettings.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\embedded.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\popup2.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\css\gadget.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\css\jquery.jscrollpane.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\css\reset.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\css\stations.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\css\custom-theme\jquery-ui-1.8.10.custom.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\bgpage.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\embedded.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\localization.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\player.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\popup.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\resources\BrowserDetect.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\resources\jquery-ui-1.8.10.custom.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\resources\jquery.jscrollpane.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\resources\jquery.mousewheel.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\resources\jquery.scrollTo-1.4.2-min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\resources\radioCommon.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\resources\system.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\RADIO_PLAYER\js\resources\utils.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\embedded.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\engines.popup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\information.popup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\buildSettings\SearchApp_Ant.xml, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\Css\embedded.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\Css\engines.popup.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\Css\information.popup.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\Css\jquery.jscrollpane.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\Css\reset.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\js\bgpage.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\js\embedded.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\js\engines.popup.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\js\information.popup.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\js\resources\jquery.jscrollpane.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources\buttonSprites.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources\dd-arrow.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources\defaultEngineImage.gif, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources\dropdownButton.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources\history--x-default.jpg, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources\history--x-default.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources\history--x-mouseover.jpg, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources\history--x-mouseover.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources\removeButton.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH\resources\removeButtonHover.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\SEARCH_IN_NEW_TAB\searchInNewTab.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_EMBEDDED\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_EMBEDDED\embedded.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_EMBEDDED\popup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_EMBEDDED\js\embedded.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_EMBEDDED\js\popup.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_EMBEDDED\js\webAppTester.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_POPUP\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_POPUP\embedded.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_POPUP\popup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_POPUP\js\embedded.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_POPUP\js\popup.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TESTER_POPUP\js\webAppTester.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\popup.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\popup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\img\icons.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\img\inbox.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\img\scroll_down.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\img\scroll_up.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\js\bgpage.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\js\Config.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\js\popup.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\js\Utils.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\resources\ajax-loader.gif, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\resources\icons.png, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\resources\jquery-1.6.1.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\resources\jquery.tmpl.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\resources\yManager.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\TWITTER\resources\yStore.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\bgpage.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\popup.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\css\gadget.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\css\ie7styles.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\css\iestyle.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\js\bgpage.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\js\common.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\js\date-functions.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\js\gadget.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\js\jquery.autocomplete.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\js\jquery.textshadow.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\js\logic.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\js\main.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\al\wa\WEATHER\js\xPath.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\core\corelibs.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\core\framework.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\core\utils.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\ie_fix.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\jquery-1.5.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\jquery-1.6.2.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\jquery.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\jquery.tmpl.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\jquery.xml2json.custom.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\jquery.xml2json.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\json2.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\json2.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\LAB.min.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\log4javascript.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\lib\log4javascriptStub4Release.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\sl\serviceLayer.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\content\tb\sl\services.html, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\chrome\CT2704262\skin\conduitToolBarStyle.css, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\defaults\preferences\defaults.js, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\lib\log4conduit.jsm, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\lib\log4moz.jsm, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\META-INF\manifest.mf, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\META-INF\zigbert.rsa, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\META-INF\zigbert.sf, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\modules\BackStage.jsm, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\modules\Broker.jsm, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\modules\FrontStage.jsm, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.Conduit.A, C:\Users\coolelisa\AppData\Local\Temp\ct2704262\Plugins\np-mswmp.dll, , [4de8a4b1f487da5cb8da2d4942c008f8], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome.manifest, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\install.rdf, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\background.html, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\baseObject.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\browser.xul, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\dialog.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\ffCoreFilesIndex.txt, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\main.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\options.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\options.xul, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\platformVersion.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\search_dialog.xul, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\asyncDB.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\background.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\browserAction.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\contextMenu.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\dbManager.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\dom_bg.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\fileManager.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\firefox.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\firefoxNotifications.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\firefoxOmnibox.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\message.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\pageAction.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\request.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\tabs.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\webRequest.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\windowsMessagingHandler.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\addressBarChangeObserver.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\console.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\consts.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\delegate.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\extensionDataStore.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\folderIOWrapper.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\httpObserver.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\IDBWrapper.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\installer.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\logFile.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\prefs.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\progressListenerObserver.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\registry.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\reloadObserver.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\reports.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\requestObject.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\searchSettings.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\uninstallObserver.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\updateManager.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\utils.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\xhr.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\defaults\preferences\prefs.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\manifest.xml, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins.json, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\21_debug.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\4_jquery_1_7_1.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\1000020_analytics.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\1000025_analyticsFront.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\1000030_mz.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\102_dealply_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\103_intext_5_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\104_jollywallet_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\123_intext_adv_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\13_CrossriderAppUtils.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\14_CrossriderUtils.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\155_ibario_pops_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\16_FFAppAPIWrapper.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\220_icm_base_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\223_imonomy_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\226_set_campaign_id_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\22_resources.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\244_engageya_inner_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\246_setup.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\260_pricedetect_sidebar_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\28_initializer.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\47_resources_background.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\175_coolmirage_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\177_crossriderDashboard.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\17_jQuery.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\180_bpo_serp_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\182_openUrl.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\183_tabsWrapper.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\190_pops_5_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\195_icm_convertmedia_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\1_base.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\207_dbWrapper.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\64_appApiMessage.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\72_appApiValidation.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\78_CrossriderInfo.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\7_hooks.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\91_monetizationLoader.js.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\93_superfish_no_coupons_m.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\98_omniCommands.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\9_search_engine_hook.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\userCode\background.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\userCode\extension.js, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\locale\en-US\translations.dtd, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\button1.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\button2.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\button3.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\button4.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\button5.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\crossrider_statusbar.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\icon128.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\icon16.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\icon24.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\icon48.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\panelarrow-up.png, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\popup.html, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\skin.css, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\update.css, , [ca6be66f4635c076169e0f6c867c26da], PUP.Optional.CrossRider.A, C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "144efef8896a7101eae2463cc5af2a8f")  , ,[d65f2b2ad5a6b87e123f87fc5da7bc44]Physische Sektoren: 0 (No malicious items detected) (end) Geändert von ajourmuster (24.05.2014 um 19:39 Uhr) |
|
25.05.2014, 22:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.05.2014, 21:19
| #5 |
| | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by coolelisa on 28.05.2014 at 21:57:55,55 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220522132290} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220522132290} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2704262 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_free-sound-recorder_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_free-sound-recorder_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_free-sound-recorder_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_free-sound-recorder_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\Users\coolelisa\AppData\Roaming\advanced system protector" Successfully deleted: [Folder] "C:\Users\coolelisa\AppData\Roaming\systweak" Successfully deleted: [Folder] "C:\Users\coolelisa\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\coolelisa\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" ~~~ FireFox Successfully deleted the following from C:\Users\coolelisa\AppData\Roaming\mozilla\firefox\profiles\x3zoul2n.default\prefs.js user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.testingGaq.value", "%22hxxp%3A//extclickmedia-maynemyltf.netdna-ss user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.name", "Torntv V9.0"); user_pref("extensions.crossrider.bic", "144efef8896a7101eae2463cc5af2a8f"); Emptied folder: C:\Users\coolelisa\AppData\Roaming\mozilla\firefox\profiles\x3zoul2n.default\minidumps [319 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28.05.2014 at 22:08:53,18 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [/CODE] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 28/05/2014 um 22:12:58
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : coolelisa - LISALAPTOP
# Gestartet von : C:\Users\coolelisa\Downloads\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\COOLEL~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\coolelisa\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\coolelisa\AppData\Roaming\DigitalSites
Datei Gelöscht : C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\GoogleFeed.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\prefs.js ]
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\qh4tbvnb.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2193 octets] - [28/05/2014 22:11:51]
AdwCleaner[S0].txt - [2064 octets] - [28/05/2014 22:12:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2124 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by coolelisa (administrator) on LISALAPTOP on 28-05-2014 22:18:19
Running from C:\Users\coolelisa\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(ArcSoft, Inc.) C:\Program Files (x86)\MSI\ArcSoft\TotalMedia\TMMonitor.exe
(Dropbox, Inc.) C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [862088 2011-01-28] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows7FirewallControl] => C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1126400 2012-04-12] (Sphinx Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1077328 2011-02-14] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1325642598-3495664763-1817961077-1001\...\Run: [YouTube Mini] => C:\Program Files (x86)\YoutubeDownloader.org\YouTubeDownloader\YouTube Mini.exe
HKU\S-1-5-21-1325642598-3495664763-1817961077-1001\...\Run: [AdobeBridge] => [X]
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\MSI\ArcSoft\TotalMedia\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.landing.savetubevideo.com/index.php?from=3
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2877A654-1C9F-4cb5-8438-16022B2FDD9C} URL = hxxp://www.landing.savetubevideo.com/results.php?q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{B2617033-4097-4E6F-99FE-2A8DC49AFC1D}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: hxxp://www.spiegel.de/
FF Keyword.URL: hxxp://www.landing.savetubevideo.com/results.php?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-15]
FF Extension: Unity Converter Free - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\{6d514d26-0752-4828-a9e2-0ea000b75dd6}.xpi [2014-05-21]
FF Extension: {9d374d97-b968-496d-bc9a-136038834261} - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\{9d374d97-b968-496d-bc9a-136038834261}.xpi [2014-05-17]
FF Extension: Adblock Plus - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-09]
==================== Services (Whitelisted) =================
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [760320 2012-04-12] (Sphinx Software)
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-28 22:18 - 2014-05-28 22:18 - 00011759 _____ () C:\Users\coolelisa\Downloads\FRST.txt
2014-05-28 22:18 - 2014-05-28 22:18 - 00000000 ____D () C:\Users\coolelisa\Downloads\FRST-OlderVersion
2014-05-28 22:14 - 2014-05-28 22:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-28 22:11 - 2014-05-28 22:13 - 00000000 ____D () C:\AdwCleaner
2014-05-28 21:57 - 2014-05-28 21:57 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 21:56 - 2014-05-28 21:56 - 01327971 _____ () C:\Users\coolelisa\Downloads\adwcleaner_3.211.exe
2014-05-28 21:55 - 2014-05-28 21:55 - 01016261 _____ (Thisisu) C:\Users\coolelisa\Downloads\JRT.exe
2014-05-25 19:19 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-05-25 19:13 - 2014-05-25 19:13 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-25 19:13 - 2014-05-25 19:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-25 19:12 - 2014-05-25 19:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-25 19:12 - 2014-05-25 19:12 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-25 19:12 - 2014-05-25 19:12 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-25 19:12 - 2014-05-25 19:12 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-25 19:12 - 2014-05-25 19:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-25 19:12 - 2014-05-25 19:12 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-25 19:12 - 2014-05-25 19:12 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-25 19:12 - 2014-05-25 19:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-25 19:12 - 2014-05-25 19:12 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-25 19:12 - 2014-05-25 19:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-24 19:01 - 2014-05-24 19:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 19:01 - 2014-05-24 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 19:01 - 2014-05-24 19:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-24 19:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-24 19:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-24 19:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-24 18:59 - 2014-05-24 18:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\coolelisa\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-18 22:28 - 2014-05-18 22:28 - 00380416 _____ () C:\Users\coolelisa\Downloads\Gmer-19357.exe
2014-05-18 22:19 - 2014-05-28 22:18 - 02066944 _____ (Farbar) C:\Users\coolelisa\Downloads\FRST64.exe
2014-05-18 22:19 - 2014-05-28 22:18 - 00000000 ____D () C:\FRST
2014-05-18 22:14 - 2014-05-18 22:14 - 00050477 _____ () C:\Users\coolelisa\Downloads\Defogger.exe
2014-05-18 22:14 - 2014-05-18 22:14 - 00000000 _____ () C:\Users\coolelisa\defogger_reenable
2014-05-18 22:05 - 2014-05-18 22:05 - 00001996 _____ () C:\Windows\unins000.dat
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\LavFilters
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\CDXReader
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\DivX
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Haali
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-18 22:05 - 2014-05-18 22:04 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-18 22:05 - 2012-02-26 16:47 - 00079360 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-18 22:05 - 2012-01-09 20:45 - 00178688 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-18 22:05 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2014-05-18 22:05 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2014-05-18 22:04 - 2014-05-18 22:04 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-18 21:06 - 2014-05-18 21:06 - 05255978 _____ () C:\Users\coolelisa\Downloads\WP 2020 Stand 2014-05-13 Kopie.zip
2014-05-16 01:03 - 2014-05-16 01:03 - 00000000 ____D () C:\0e665f10d1af54ce4a8e86d9ab0aa5
2014-05-15 15:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 15:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 15:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 15:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 15:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 15:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 15:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 15:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 15:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 15:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 15:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 15:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 15:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 15:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 15:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 15:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 15:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 15:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 15:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 15:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:57 - 2014-05-28 22:15 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\DropboxMaster
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Windows Live Writer
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\Windows Live Writer
2014-05-13 11:10 - 2014-05-13 11:10 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\CrashDumps
2014-05-11 12:57 - 2014-05-11 13:22 - 00000000 ____D () C:\NPE
2014-05-11 12:48 - 2014-05-11 13:26 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\NPE
2014-05-11 12:48 - 2014-05-11 12:48 - 03081712 ____N (Symantec Corporation) C:\Users\coolelisa\Downloads\NPE.exe
2014-05-11 12:48 - 2014-05-11 12:48 - 00000000 ____D () C:\ProgramData\Norton
2014-05-11 12:41 - 2014-05-11 12:41 - 00629584 _____ (Chip Digital GmbH) C:\Users\coolelisa\Downloads\Norton Power Eraser - CHIP-Downloader.exe
2014-05-08 10:54 - 2014-05-18 22:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-05-28 22:20 - 2014-05-28 22:18 - 00011759 _____ () C:\Users\coolelisa\Downloads\FRST.txt
2014-05-28 22:18 - 2014-05-28 22:18 - 00000000 ____D () C:\Users\coolelisa\Downloads\FRST-OlderVersion
2014-05-28 22:18 - 2014-05-18 22:19 - 02066944 _____ (Farbar) C:\Users\coolelisa\Downloads\FRST64.exe
2014-05-28 22:18 - 2014-05-18 22:19 - 00000000 ____D () C:\FRST
2014-05-28 22:15 - 2014-05-14 18:57 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\DropboxMaster
2014-05-28 22:15 - 2013-02-26 17:48 - 00000000 ___RD () C:\Users\coolelisa\Dropbox
2014-05-28 22:15 - 2012-10-31 18:17 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Dropbox
2014-05-28 22:14 - 2014-05-28 22:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-28 22:13 - 2014-05-28 22:11 - 00000000 ____D () C:\AdwCleaner
2014-05-28 22:13 - 2011-03-29 03:18 - 01435848 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 22:13 - 2011-03-29 03:14 - 00372360 _____ () C:\Windows\PFRO.log
2014-05-28 22:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 22:13 - 2009-07-14 06:51 - 00122677 _____ () C:\Windows\setupact.log
2014-05-28 22:12 - 2011-08-19 12:38 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\SoftGrid Client
2014-05-28 21:57 - 2014-05-28 21:57 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 21:56 - 2014-05-28 21:56 - 01327971 _____ () C:\Users\coolelisa\Downloads\adwcleaner_3.211.exe
2014-05-28 21:55 - 2014-05-28 21:55 - 01016261 _____ (Thisisu) C:\Users\coolelisa\Downloads\JRT.exe
2014-05-28 21:37 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 21:37 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 23:34 - 2011-03-29 13:09 - 00714926 _____ () C:\Windows\system32\perfh007.dat
2014-05-25 23:34 - 2011-03-29 13:09 - 00154720 _____ () C:\Windows\system32\perfc007.dat
2014-05-25 23:34 - 2009-07-14 07:13 - 01651216 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 22:00 - 2011-08-18 13:58 - 00001429 _____ () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-25 19:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-25 19:19 - 2013-11-28 11:46 - 00571220 _____ () C:\Windows\IE11_main.log
2014-05-25 19:13 - 2014-05-25 19:13 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-25 19:13 - 2014-05-25 19:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-25 19:12 - 2014-05-25 19:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-25 19:12 - 2014-05-25 19:12 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-25 19:12 - 2014-05-25 19:12 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-25 19:12 - 2014-05-25 19:12 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-25 19:12 - 2014-05-25 19:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-25 19:12 - 2014-05-25 19:12 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-25 19:12 - 2014-05-25 19:12 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-25 19:12 - 2014-05-25 19:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-25 19:12 - 2014-05-25 19:12 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-25 19:12 - 2014-05-25 19:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-24 19:05 - 2014-05-24 19:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 19:01 - 2014-05-24 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 19:01 - 2014-05-24 19:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-24 18:59 - 2014-05-24 18:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\coolelisa\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 18:34 - 2012-11-24 15:37 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 18:34 - 2012-11-24 15:30 - 00002360 _____ () C:\Windows\wininit.ini
2014-05-24 18:34 - 2011-08-18 13:58 - 00000000 ___RD () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 18:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-18 22:33 - 2011-08-18 13:58 - 00000000 ___RD () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 22:29 - 2014-05-08 10:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-18 22:28 - 2014-05-18 22:28 - 00380416 _____ () C:\Users\coolelisa\Downloads\Gmer-19357.exe
2014-05-18 22:14 - 2014-05-18 22:14 - 00050477 _____ () C:\Users\coolelisa\Downloads\Defogger.exe
2014-05-18 22:14 - 2014-05-18 22:14 - 00000000 _____ () C:\Users\coolelisa\defogger_reenable
2014-05-18 22:14 - 2011-08-18 13:58 - 00000000 ____D () C:\Users\coolelisa
2014-05-18 22:05 - 2014-05-18 22:05 - 00001996 _____ () C:\Windows\unins000.dat
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\LavFilters
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\CDXReader
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\DivX
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Haali
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-18 22:04 - 2014-05-18 22:05 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-18 22:04 - 2014-05-18 22:04 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-18 21:06 - 2014-05-18 21:06 - 05255978 _____ () C:\Users\coolelisa\Downloads\WP 2020 Stand 2014-05-13 Kopie.zip
2014-05-16 01:03 - 2014-05-16 01:03 - 00000000 ____D () C:\0e665f10d1af54ce4a8e86d9ab0aa5
2014-05-16 01:03 - 2013-08-20 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 01:03 - 2012-06-24 10:27 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 21:26 - 2012-11-13 22:31 - 00000000 ____D () C:\Users\coolelisa\Documents\HfK
2014-05-15 11:36 - 2013-07-14 15:30 - 00000000 ____D () C:\Users\coolelisa\Documents\Telekom
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Windows Live Writer
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\Windows Live Writer
2014-05-13 11:10 - 2014-05-13 11:10 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\CrashDumps
2014-05-12 07:26 - 2014-05-24 19:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-24 19:01 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-24 19:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 13:26 - 2014-05-11 12:48 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\NPE
2014-05-11 13:22 - 2014-05-11 12:57 - 00000000 ____D () C:\NPE
2014-05-11 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-11 12:48 - 2014-05-11 12:48 - 03081712 ____N (Symantec Corporation) C:\Users\coolelisa\Downloads\NPE.exe
2014-05-11 12:48 - 2014-05-11 12:48 - 00000000 ____D () C:\ProgramData\Norton
2014-05-11 12:41 - 2014-05-11 12:41 - 00629584 _____ (Chip Digital GmbH) C:\Users\coolelisa\Downloads\Norton Power Eraser - CHIP-Downloader.exe
2014-05-10 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-10 13:59 - 2013-06-24 00:03 - 00000000 ____D () C:\Users\coolelisa\Documents\Schriften
2014-05-10 13:47 - 2012-07-09 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 15:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 15:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\coolelisa\AppData\Local\Temp\AskSLib.dll
C:\Users\coolelisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfl1ama.dll
C:\Users\coolelisa\AppData\Local\Temp\ffunzip.exe
C:\Users\coolelisa\AppData\Local\Temp\ICReinstall_ZipSetup.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_1.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_2.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_3.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_4.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aih(1).exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\install_reader11_de_mssd_aih(1).exe
C:\Users\coolelisa\AppData\Local\Temp\install_reader11_de_mssd_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\MSN69EB.exe
C:\Users\coolelisa\AppData\Local\Temp\Quarantine.exe
C:\Users\coolelisa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\coolelisa\AppData\Local\Temp\tbFre0.dll
C:\Users\coolelisa\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 19:49
==================== End Of Log ============================
--- --- --- Geändert von ajourmuster (28.05.2014 um 21:25 Uhr) |
|
28.05.2014, 22:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 Bitte auch ne neue Additions.txt machen. Haken setzen bei Addition.txt dann auf Scan klicken 
__________________ --> TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 |
|
29.05.2014, 16:29
| #7 |
| | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by coolelisa (administrator) on LISALAPTOP on 29-05-2014 16:44:04
Running from C:\Users\coolelisa\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(ArcSoft, Inc.) C:\Program Files (x86)\MSI\ArcSoft\TotalMedia\TMMonitor.exe
(Dropbox, Inc.) C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [862088 2011-01-28] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows7FirewallControl] => C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1126400 2012-04-12] (Sphinx Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1077328 2011-02-14] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1325642598-3495664763-1817961077-1001\...\Run: [YouTube Mini] => C:\Program Files (x86)\YoutubeDownloader.org\YouTubeDownloader\YouTube Mini.exe
HKU\S-1-5-21-1325642598-3495664763-1817961077-1001\...\Run: [AdobeBridge] => [X]
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\MSI\ArcSoft\TotalMedia\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.landing.savetubevideo.com/index.php?from=3
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2877A654-1C9F-4cb5-8438-16022B2FDD9C} URL = hxxp://www.landing.savetubevideo.com/results.php?q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{B2617033-4097-4E6F-99FE-2A8DC49AFC1D}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: hxxp://www.spiegel.de/
FF Keyword.URL: hxxp://www.landing.savetubevideo.com/results.php?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-15]
FF Extension: Unity Converter Free - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\{6d514d26-0752-4828-a9e2-0ea000b75dd6}.xpi [2014-05-21]
FF Extension: {9d374d97-b968-496d-bc9a-136038834261} - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\{9d374d97-b968-496d-bc9a-136038834261}.xpi [2014-05-17]
FF Extension: Adblock Plus - C:\Users\coolelisa\AppData\Roaming\Mozilla\Firefox\Profiles\x3zoul2n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-09]
==================== Services (Whitelisted) =================
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [760320 2012-04-12] (Sphinx Software)
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-29 16:44 - 2014-05-29 16:44 - 00011666 _____ () C:\Users\coolelisa\Downloads\FRST.txt
2014-05-28 23:11 - 2014-05-08 09:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 23:11 - 2014-05-08 08:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 23:11 - 2014-05-08 07:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-28 23:11 - 2014-05-08 07:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-28 23:11 - 2014-05-08 06:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 23:11 - 2014-05-08 06:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-28 23:10 - 2013-12-21 11:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 23:10 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-28 22:18 - 2014-05-28 22:18 - 00000000 ____D () C:\Users\coolelisa\Downloads\FRST-OlderVersion
2014-05-28 22:14 - 2014-05-29 15:30 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-28 22:11 - 2014-05-28 22:13 - 00000000 ____D () C:\AdwCleaner
2014-05-28 21:57 - 2014-05-28 21:57 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 21:56 - 2014-05-28 21:56 - 01327971 _____ () C:\Users\coolelisa\Downloads\adwcleaner_3.211.exe
2014-05-28 21:55 - 2014-05-28 21:55 - 01016261 _____ (Thisisu) C:\Users\coolelisa\Downloads\JRT.exe
2014-05-28 21:42 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-28 21:42 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 21:42 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-28 21:42 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-28 21:42 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-28 21:42 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-28 21:42 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-28 21:42 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-28 21:42 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-28 21:42 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 21:42 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-28 21:42 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-28 21:42 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-28 21:42 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-28 21:42 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-28 21:42 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 21:42 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-28 21:41 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-28 21:41 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 21:41 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 21:41 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 21:41 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-28 21:41 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-28 21:41 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-28 21:41 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-28 21:41 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-28 21:41 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 21:41 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-28 21:41 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 21:41 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 21:41 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-28 21:41 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-28 21:41 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 21:41 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-28 21:41 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-28 21:41 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-25 19:19 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-05-25 19:13 - 2014-05-25 19:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-25 19:12 - 2014-05-25 19:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-25 19:12 - 2014-05-25 19:12 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-25 19:12 - 2014-05-25 19:12 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-25 19:12 - 2014-05-25 19:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-25 19:12 - 2014-05-25 19:12 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-25 19:12 - 2014-05-25 19:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-24 19:01 - 2014-05-24 19:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 19:01 - 2014-05-24 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 19:01 - 2014-05-24 19:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-24 19:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-24 19:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-24 19:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-24 18:59 - 2014-05-24 18:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\coolelisa\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-18 22:28 - 2014-05-18 22:28 - 00380416 _____ () C:\Users\coolelisa\Downloads\Gmer-19357.exe
2014-05-18 22:19 - 2014-05-29 16:44 - 00000000 ____D () C:\FRST
2014-05-18 22:19 - 2014-05-28 22:18 - 02066944 _____ (Farbar) C:\Users\coolelisa\Downloads\FRST64.exe
2014-05-18 22:14 - 2014-05-18 22:14 - 00050477 _____ () C:\Users\coolelisa\Downloads\Defogger.exe
2014-05-18 22:14 - 2014-05-18 22:14 - 00000000 _____ () C:\Users\coolelisa\defogger_reenable
2014-05-18 22:05 - 2014-05-18 22:05 - 00001996 _____ () C:\Windows\unins000.dat
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\LavFilters
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\CDXReader
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\DivX
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Haali
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-18 22:05 - 2014-05-18 22:04 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-18 22:05 - 2012-02-26 16:47 - 00079360 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-18 22:05 - 2012-01-09 20:45 - 00178688 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-18 22:05 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2014-05-18 22:05 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2014-05-18 22:04 - 2014-05-18 22:04 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-18 21:06 - 2014-05-18 21:06 - 05255978 _____ () C:\Users\coolelisa\Downloads\WP 2020 Stand 2014-05-13 Kopie.zip
2014-05-16 01:03 - 2014-05-16 01:03 - 00000000 ____D () C:\0e665f10d1af54ce4a8e86d9ab0aa5
2014-05-15 15:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 15:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 15:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 15:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 15:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 15:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 15:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 15:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 15:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 15:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 15:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 15:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 15:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 15:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 15:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 15:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 15:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 15:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 15:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 15:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 15:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 15:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 15:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:57 - 2014-05-29 15:30 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\DropboxMaster
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Windows Live Writer
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\Windows Live Writer
2014-05-13 11:10 - 2014-05-13 11:10 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\CrashDumps
2014-05-11 12:57 - 2014-05-11 13:22 - 00000000 ____D () C:\NPE
2014-05-11 12:48 - 2014-05-11 13:26 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\NPE
2014-05-11 12:48 - 2014-05-11 12:48 - 03081712 ____N (Symantec Corporation) C:\Users\coolelisa\Downloads\NPE.exe
2014-05-11 12:48 - 2014-05-11 12:48 - 00000000 ____D () C:\ProgramData\Norton
2014-05-11 12:41 - 2014-05-11 12:41 - 00629584 _____ (Chip Digital GmbH) C:\Users\coolelisa\Downloads\Norton Power Eraser - CHIP-Downloader.exe
2014-05-08 10:54 - 2014-05-18 22:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-05-29 16:44 - 2014-05-29 16:44 - 00011666 _____ () C:\Users\coolelisa\Downloads\FRST.txt
2014-05-29 16:44 - 2014-05-18 22:19 - 00000000 ____D () C:\FRST
2014-05-29 16:15 - 2011-03-29 03:18 - 01496933 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 15:34 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 15:34 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 15:30 - 2014-05-28 22:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-29 15:30 - 2014-05-14 18:57 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\DropboxMaster
2014-05-29 15:30 - 2013-02-26 17:48 - 00000000 ___RD () C:\Users\coolelisa\Dropbox
2014-05-29 15:30 - 2012-10-31 18:17 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Dropbox
2014-05-29 15:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 15:29 - 2009-07-14 06:51 - 00122789 _____ () C:\Windows\setupact.log
2014-05-28 23:09 - 2012-11-13 22:31 - 00000000 ____D () C:\Users\coolelisa\Documents\HfK
2014-05-28 22:18 - 2014-05-28 22:18 - 00000000 ____D () C:\Users\coolelisa\Downloads\FRST-OlderVersion
2014-05-28 22:18 - 2014-05-18 22:19 - 02066944 _____ (Farbar) C:\Users\coolelisa\Downloads\FRST64.exe
2014-05-28 22:13 - 2014-05-28 22:11 - 00000000 ____D () C:\AdwCleaner
2014-05-28 22:13 - 2011-03-29 03:14 - 00372360 _____ () C:\Windows\PFRO.log
2014-05-28 22:12 - 2011-08-19 12:38 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\SoftGrid Client
2014-05-28 21:57 - 2014-05-28 21:57 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 21:56 - 2014-05-28 21:56 - 01327971 _____ () C:\Users\coolelisa\Downloads\adwcleaner_3.211.exe
2014-05-28 21:55 - 2014-05-28 21:55 - 01016261 _____ (Thisisu) C:\Users\coolelisa\Downloads\JRT.exe
2014-05-25 23:34 - 2011-03-29 13:09 - 00714926 _____ () C:\Windows\system32\perfh007.dat
2014-05-25 23:34 - 2011-03-29 13:09 - 00154720 _____ () C:\Windows\system32\perfc007.dat
2014-05-25 23:34 - 2009-07-14 07:13 - 01651216 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 22:00 - 2011-08-18 13:58 - 00001429 _____ () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-25 19:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-25 19:19 - 2013-11-28 11:46 - 00571220 _____ () C:\Windows\IE11_main.log
2014-05-25 19:13 - 2014-05-25 19:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-25 19:12 - 2014-05-25 19:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-25 19:12 - 2014-05-25 19:12 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-25 19:12 - 2014-05-25 19:12 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-25 19:12 - 2014-05-25 19:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-25 19:12 - 2014-05-25 19:12 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-25 19:12 - 2014-05-25 19:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-25 19:12 - 2014-05-25 19:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-25 19:12 - 2014-05-25 19:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-24 19:05 - 2014-05-24 19:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 19:01 - 2014-05-24 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 19:01 - 2014-05-24 19:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-24 18:59 - 2014-05-24 18:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\coolelisa\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 18:34 - 2012-11-24 15:37 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 18:34 - 2012-11-24 15:30 - 00002360 _____ () C:\Windows\wininit.ini
2014-05-24 18:34 - 2011-08-18 13:58 - 00000000 ___RD () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 18:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-18 22:33 - 2011-08-18 13:58 - 00000000 ___RD () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 22:29 - 2014-05-08 10:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-18 22:28 - 2014-05-18 22:28 - 00380416 _____ () C:\Users\coolelisa\Downloads\Gmer-19357.exe
2014-05-18 22:14 - 2014-05-18 22:14 - 00050477 _____ () C:\Users\coolelisa\Downloads\Defogger.exe
2014-05-18 22:14 - 2014-05-18 22:14 - 00000000 _____ () C:\Users\coolelisa\defogger_reenable
2014-05-18 22:14 - 2011-08-18 13:58 - 00000000 ____D () C:\Users\coolelisa
2014-05-18 22:05 - 2014-05-18 22:05 - 00001996 _____ () C:\Windows\unins000.dat
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\LavFilters
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\CDXReader
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\ProgramData\DivX
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Haali
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-18 22:05 - 2014-05-18 22:05 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-18 22:04 - 2014-05-18 22:05 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-18 22:04 - 2014-05-18 22:04 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-18 21:06 - 2014-05-18 21:06 - 05255978 _____ () C:\Users\coolelisa\Downloads\WP 2020 Stand 2014-05-13 Kopie.zip
2014-05-16 01:03 - 2014-05-16 01:03 - 00000000 ____D () C:\0e665f10d1af54ce4a8e86d9ab0aa5
2014-05-16 01:03 - 2013-08-20 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 01:03 - 2012-06-24 10:27 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 11:36 - 2013-07-14 15:30 - 00000000 ____D () C:\Users\coolelisa\Documents\Telekom
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Roaming\Windows Live Writer
2014-05-13 23:52 - 2014-05-13 23:52 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\Windows Live Writer
2014-05-13 11:10 - 2014-05-13 11:10 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\CrashDumps
2014-05-12 07:26 - 2014-05-24 19:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-24 19:01 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-24 19:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 13:26 - 2014-05-11 12:48 - 00000000 ____D () C:\Users\coolelisa\AppData\Local\NPE
2014-05-11 13:22 - 2014-05-11 12:57 - 00000000 ____D () C:\NPE
2014-05-11 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-11 12:48 - 2014-05-11 12:48 - 03081712 ____N (Symantec Corporation) C:\Users\coolelisa\Downloads\NPE.exe
2014-05-11 12:48 - 2014-05-11 12:48 - 00000000 ____D () C:\ProgramData\Norton
2014-05-11 12:41 - 2014-05-11 12:41 - 00629584 _____ (Chip Digital GmbH) C:\Users\coolelisa\Downloads\Norton Power Eraser - CHIP-Downloader.exe
2014-05-10 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-10 13:59 - 2013-06-24 00:03 - 00000000 ____D () C:\Users\coolelisa\Documents\Schriften
2014-05-10 13:47 - 2012-07-09 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 15:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 15:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 09:14 - 2014-05-28 23:11 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-08 08:37 - 2014-05-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-08 07:52 - 2014-05-28 23:11 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-08 07:27 - 2014-05-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-08 06:57 - 2014-05-28 23:11 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-08 06:04 - 2014-05-28 23:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
Some content of TEMP:
====================
C:\Users\coolelisa\AppData\Local\Temp\AskSLib.dll
C:\Users\coolelisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt4el4q.dll
C:\Users\coolelisa\AppData\Local\Temp\ffunzip.exe
C:\Users\coolelisa\AppData\Local\Temp\ICReinstall_ZipSetup.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_1.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_2.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_3.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_4.exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aih(1).exe
C:\Users\coolelisa\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\install_reader11_de_mssd_aih(1).exe
C:\Users\coolelisa\AppData\Local\Temp\install_reader11_de_mssd_aih.exe
C:\Users\coolelisa\AppData\Local\Temp\MSN69EB.exe
C:\Users\coolelisa\AppData\Local\Temp\Quarantine.exe
C:\Users\coolelisa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\coolelisa\AppData\Local\Temp\tbFre0.dll
C:\Users\coolelisa\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 19:49
==================== End Of Log ============================
|
|
29.05.2014, 19:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 Additions.txt Logfile fehlt leider immer noch
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2014, 22:53
| #9 |
| | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 Ach shit, falsches gepostet, sorry.FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by coolelisa at 2014-05-29 16:46:06
Running from C:\Users\coolelisa\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1324 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1324 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
ArcSoft TotalMedia 3 (HKLM-x32\...\{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}) (Version: - ArcSoft)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.52.0.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - )
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2287 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 6.0.1s1 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
SecureW2 EAP Suite 1.1.3 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Torntv V9.0 (HKLM-x32\...\Torntv V9.0) (Version: 1.34.3.6 - installdaddy) <==== ATTENTION
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows7FirewallControl (x64) 5.0.0.15 (HKLM\...\Windows7FirewallControl_is1) (Version: 5.0.0.15 - Sphinx Software)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
15-05-2014 23:01:29 Windows Update
17-05-2014 11:29:02 Windows Update
18-05-2014 19:05:55 Windows Update
21-05-2014 08:25:10 Windows Update
24-05-2014 16:37:18 Windows Update
25-05-2014 17:08:41 Windows Update
28-05-2014 21:10:12 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {7A5E08D7-43F8-4883-AB27-033F65C483FE} - \Digital Sites No Task File <==== ATTENTION
Task: {9266A4C1-245C-4C9C-9D99-DAD4A4B8C03F} - \Advanced System Protector No Task File <==== ATTENTION
Task: {E71D85BA-978C-4430-8952-6805FFDA8A7B} - System32\Tasks\{C737E961-0B01-4312-B03C-5EDBCCCBA65D} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.2.0.106&LastError=12029
Task: {E8ED70C3-042A-4358-88C5-1A17C5F5EA64} - System32\Tasks\AdobeAAMUpdater-1.0-LisaLaptop-coolelisa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
==================== Loaded Modules (whitelisted) =============
2011-03-16 06:19 - 2011-01-20 04:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-30 19:16 - 2005-08-05 17:24 - 00028672 _____ () C:\Program Files (x86)\MSI\ArcSoft\TotalMedia\uPiApi.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-05-29 15:30 - 2014-05-29 15:30 - 00043008 _____ () C:\Users\coolelisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt4el4q.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\coolelisa\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 17:19 - 2012-01-03 16:55 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-07-09 22:13 - 2014-05-10 13:47 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-29 20:55 - 2013-09-29 20:55 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
2014-02-17 22:53 - 2014-02-17 22:53 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2011-03-16 05:57 - 2010-09-14 03:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (05/29/2014 03:31:16 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7
Error: (05/29/2014 03:31:16 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/
Error: (05/29/2014 03:31:16 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7
Error: (05/29/2014 03:31:16 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/
Error: (05/28/2014 10:15:26 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7
Error: (05/28/2014 10:15:26 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/
Error: (05/28/2014 10:15:26 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7
Error: (05/28/2014 10:15:26 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3947.86 MB
Available physical RAM: 2083.18 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5960.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:231.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B8764BBC)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
30.05.2014, 13:19
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 Okay, dann bitte Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.06.2014, 22:58
| #11 |
| | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 mbam-Scan Code:
ATTFilter Suchlauf Datum: 05.06.2014
Suchlauf-Zeit: 13:27:08
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.06.05.05
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: coolelisa
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 326348
Verstrichene Zeit: 20 Min, 38 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end)
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=7e5c90efbe07c4498ad08d885eecefcc
# engine=18573
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-05 02:20:26
# local_time=2014-06-05 04:20:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 60686 153607876 0 0
# scanned=158958
# found=15
# cleaned=0
# scan_time=7520
sh=BDFC5765CE635A44A44A203BC66917FA6F6A90CF ft=1 fh=c71c0011fa52db3c vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$RWL8KC1.exe"
sh=E08EC9E551CD6873CFD6F439AA63B5923DE41DC2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\51390.crx"
sh=FA99701AB941BCE737B89CCB9187D9A87FBE12D6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\51390.xpi"
sh=A19A27B7679BC62F3DECF581F49F4A0607D871CC ft=1 fh=c71c0011c30048ca vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-buttonutil.dll"
sh=DCD92EE98078F61EF0F48E6E54FF53170E47C800 ft=1 fh=c71c00112eab44a0 vn="möglicherweise Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1325642598-3495664763-1817961077-1001\$R21TH2Y.0\Torntv V9.0-buttonutil64.dll"
sh=DAE3B80A567AA739FA54D4C896A2CFE0F9718180 ft=1 fh=09c2f22f47670a60 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\COOLEL~1\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=B4267CC9FBAA1133921BBF40835E07DAA481E025 ft=1 fh=39d86043333a1074 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\coolelisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHMWR4E7\tbedrs[1].dll"
sh=BDFC5765CE635A44A44A203BC66917FA6F6A90CF ft=1 fh=c71c0011fa52db3c vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\coolelisa\AppData\Local\Temp\ICReinstall_ZipSetup.exe"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\coolelisa\AppData\Local\Temp\tbFre0.dll"
sh=1198E362C0504B2A3B13C48A3FB1FD392CD961F2 ft=1 fh=f811da979eb359e7 vn="Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\coolelisa\AppData\Local\Temp\is357113909\3726832_stp\May7www.sweet-page.com.exe"
sh=20908C1205359A8545F570772106F6D72F666AC3 ft=1 fh=e61b6c9d961e4263 vn="Win32/Systweak.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\coolelisa\AppData\Local\Temp\is357113909\3726885_stp\rcpsetup_adppi15_adppi15.exe"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\coolelisa\AppData\Local\Temp\is357113909\3726887_stp\uninstaller.exe"
sh=21DCC3FFFA5AC0EBDFB59D67496AB307709BBE7D ft=1 fh=9d5122560d19b03e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\coolelisa\Downloads\Norton Power Eraser - CHIP-Downloader.exe"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gast\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gast\AppData\LocalLow\FreeSoundRecorder\tbFree.dll"
|
|
13.06.2014, 11:24
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 Ein paar Reste TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.06.2014, 12:20
| #13 |
| | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 1 0 0 0 D A N K ! Ich glaube, es funktioniert alles wieder normal. Brauche ich dann jetzt noch ein Anti-Viren-Programm? Und waren das jetzt alles nur "Malware"-Sachen oder auch Viren/Trojaner? Reicht es für die Cookie-Sache, wenn ich "Cookies behalten, bis Firefox geschlossen wird" auswähle, oder soll ich dann auch "die komplette Chronik löschen" anwählen? |
|
14.06.2014, 16:49
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3 Anti-Virusprogramme
Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
