Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avast - ....durch eine gruppenrichtlinie blockiert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.08.2014, 13:17   #1
Gutealtezeit
 
Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



Hallo zusammen,

ich habe ein Problem, bei dem ich langsam nicht mehr weiter komme.
Beim Versuch Avast zu Starten, erhalte ich folgende Meldung: dieses Programm wurde durch eine gruppenrichtlinie blockiert und lässt sich weder starten noch deinstallieren.
Ich habe nun eine vielzahl von Antivirentools durchlaufen lassen, bis auf ein paar Kleinigkeiten hab ich aber nicht wirklich was gefunden.
Problem mit der Richtlinie besteht weiterhin, daher nehme ich an, dass noch nicht alles gesäubert ist.

Über ein wenig Hilfe würde ich mich freuen.

Alt 12.08.2014, 13:21   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 12.08.2014, 19:30   #3
Gutealtezeit
 
Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



Danke für Deine schnelle Antwort. Ich war tagsüber am arbeiten, daher konnte ich es erst jetzt durchführen.

Wie man sieht, habe ich aktuell 2 Virenscanner. Ursprünglich hatte ich den von Avast. Den Kaspersky habe ich erst gestern Abend ganz zum Schluß installiert, aber auch er hat nicht angeschlagen.

Hier die Logs:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-08-2014
Ran by Privat (administrator) on PRIVAT-PC on 12-08-2014 18:51:03
Running from C:\Users\Privat\Desktop
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Englisch (USA)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
( ) C:\Windows\System32\lxctcoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Lexmark 5400 Series\lxctmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 5400 Series\ezprint.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Dropbox, Inc.) C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-176602296-3208371113-2143824810-1001\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-176602296-3208371113-2143824810-1001\...\MountPoints2: {f265ecdc-b592-11e1-9884-806e6f6e6963} - E:\Bin\Assetup.exe
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x573D51A2D7E5CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKCU - DefaultScope {166D820D-915D-47D1-A926-5FECE97F48C0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312523&CUI=UN18336296927850970&UM=1
SearchScopes: HKCU - {166D820D-915D-47D1-A926-5FECE97F48C0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312523&CUI=UN18336296927850970&UM=1
SearchScopes: HKCU - {8E10D3CF-AEA7-4A1C-BED2-CC137D173BB6} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=0B8502B0-CE1B-4149-986F-AFD5A257B281&apn_sauid=4901D7EE-7161-44F6-822F-452DB2558F9B
SearchScopes: HKCU - {F792531D-9E64-4113-AB12-FA02C0C3A494} URL = https://www.google.com/search?q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default
FF DefaultSearchEngine: DivX Browser Bar DE Customized Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: DivX Browser Bar DE Customized Web Search
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN57436081810220232&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DivX Browser Bar DE  - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Extensions\{6dad39c6-f4ac-4984-8e9b-f666269b9eb1} [2014-08-11]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-29]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-08-11]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://nbhipompgkickajjkeoahffanickliji/newtab.html", "chrome-extension://mfeeblhkgkdkklmejjleemakllnficib/newtab.html", "chrome-extension://jgpkoeimeohmklglgekpoffibjmmcjij/newtab.html"
CHR Extension: (saovoe onn) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij [2014-06-21]
CHR Extension: (Google Docs) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (saevee  on) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak [2014-06-21]
CHR Extension: (YouTube) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google-Suche) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-08-12]
CHR Extension: (FeedSquares  Supercharge your Google Reader) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi [2014-06-21]
CHR Extension: (avast! Online Security) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-20]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-08-12]
CHR Extension: (Virtual Keyboard) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-08-12]
CHR Extension: (saave OaN) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof [2014-06-21]
CHR Extension: (Searcch-NewTaab) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij [2014-06-21]
CHR Extension: (SearCh-NEWTab) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib [2014-06-21]
CHR Extension: (Searcih-NeewTAb) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji [2014-06-21]
CHR Extension: (Google Wallet) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Google Mail) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR Extension: (saovoe onn) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14 [2014-06-21]
CHR Extension: (saevee  on) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14 [2014-06-21]
CHR Extension: (saave OaN) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14 [2014-06-21]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-06-21]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-08-08] (Emsisoft GmbH)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-09] ()
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-08-08] (Emsisoft GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-08-11] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-08-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-08-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-08-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-08-11] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [121600 2012-12-05] (WinISO.com)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 18:51 - 2014-08-12 18:51 - 00019936 _____ () C:\Users\Privat\Desktop\FRST.txt
2014-08-12 18:49 - 2014-08-12 18:51 - 00000000 ____D () C:\FRST
2014-08-12 18:40 - 2014-08-12 18:40 - 01091584 _____ (Farbar) C:\Users\Privat\Desktop\FRST.exe
2014-08-11 23:41 - 2014-08-12 18:33 - 00002236 _____ () C:\Users\Privat\Desktop\Sicherer Zahlungsverkehr.lnk
2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-08-11 23:36 - 2014-08-11 23:35 - 00001054 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-11 23:34 - 2014-08-11 23:56 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-11 23:34 - 2014-08-11 23:56 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-11 23:33 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-08-11 23:33 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-08-11 23:33 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-08-11 23:33 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-08-11 23:33 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-08-11 22:53 - 2014-08-12 18:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-11 22:53 - 2014-08-11 23:34 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-08-11 22:53 - 2014-08-11 22:53 - 00001007 _____ () C:\Users\Privat\Desktop\Kaspersky Security Scan.lnk
2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe
2014-08-11 22:15 - 2014-08-11 22:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-11 22:15 - 2014-08-11 22:18 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-11 22:15 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-08-11 22:12 - 2014-08-11 22:14 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe
2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe
2014-08-09 01:08 - 2014-08-11 21:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-09 01:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-09 01:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-09 01:08 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 00:37 - 2014-08-09 00:37 - 00004196 _____ () C:\Users\Privat\Desktop\hijackthis.log
2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-08-08 23:53 - 2014-08-09 00:43 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg
2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log
2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk
2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK
2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine
2014-08-08 22:27 - 2014-08-08 22:36 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe
2014-08-08 22:05 - 2014-08-08 22:06 - 00000000 ____D () C:\Program Files\stinger
2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe
2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia
2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini
2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer
2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe
2014-07-30 12:22 - 2014-08-01 09:13 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 18:51 - 2014-08-12 18:51 - 00019936 _____ () C:\Users\Privat\Desktop\FRST.txt
2014-08-12 18:51 - 2014-08-12 18:49 - 00000000 ____D () C:\FRST
2014-08-12 18:49 - 2014-08-11 22:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-12 18:40 - 2014-08-12 18:40 - 01091584 _____ (Farbar) C:\Users\Privat\Desktop\FRST.exe
2014-08-12 18:39 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 18:39 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 18:37 - 2013-05-27 09:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 18:35 - 2012-06-13 22:11 - 01512877 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 18:33 - 2014-08-11 23:41 - 00002236 _____ () C:\Users\Privat\Desktop\Sicherer Zahlungsverkehr.lnk
2014-08-12 18:32 - 2014-04-14 22:54 - 00000000 ___RD () C:\Users\Privat\Dropbox
2014-08-12 18:32 - 2014-04-14 22:50 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Dropbox
2014-08-12 18:32 - 2013-05-05 22:44 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 18:32 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 18:32 - 2009-07-14 06:39 - 00123385 _____ () C:\Windows\setupact.log
2014-08-12 18:31 - 2012-12-29 18:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-08-11 23:56 - 2014-08-11 23:34 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-11 23:56 - 2014-08-11 23:34 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-11 23:56 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-08-11 23:56 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-08-11 23:56 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-08-11 23:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-11 23:39 - 2012-12-29 19:29 - 00114434 _____ () C:\Windows\PFRO.log
2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-08-11 23:35 - 2014-08-11 23:36 - 00001054 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-11 23:34 - 2014-08-11 22:53 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-08-11 23:34 - 2012-06-13 22:14 - 01522236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 23:33 - 2012-12-29 19:18 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-11 23:22 - 2013-05-05 22:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 22:57 - 2014-03-07 21:07 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-11 22:57 - 2014-03-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-11 22:57 - 2012-12-29 21:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-11 22:53 - 2014-08-11 22:53 - 00001007 _____ () C:\Users\Privat\Desktop\Kaspersky Security Scan.lnk
2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe
2014-08-11 22:43 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-11 22:18 - 2014-08-11 22:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-11 22:14 - 2014-08-11 22:12 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe
2014-08-11 22:03 - 2013-11-29 19:46 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-11 21:59 - 2013-11-29 19:47 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-11 21:55 - 2014-06-14 19:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-11 21:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-08-11 21:43 - 2014-06-21 21:04 - 00000000 ____D () C:\ProgramData\AppSnow
2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe
2014-08-11 21:07 - 2014-08-09 01:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 12:49 - 2012-12-29 21:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\GG
2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 01:02 - 2014-01-15 11:54 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-09 01:02 - 2013-11-29 19:46 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-09 00:43 - 2014-08-08 23:53 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg
2014-08-09 00:37 - 2014-08-09 00:37 - 00004196 _____ () C:\Users\Privat\Desktop\hijackthis.log
2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log
2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk
2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK
2014-08-08 22:37 - 2012-06-13 22:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-08 22:37 - 2012-06-13 22:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-08 22:36 - 2014-08-08 22:27 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe
2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine
2014-08-08 22:07 - 2014-06-14 19:19 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5
2014-08-08 22:06 - 2014-08-08 22:05 - 00000000 ____D () C:\Program Files\stinger
2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe
2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia
2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini
2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer
2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe
2014-08-08 21:24 - 2014-04-14 22:54 - 00001021 _____ () C:\Users\Privat\Desktop\Dropbox.lnk
2014-08-08 21:24 - 2014-04-14 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-01 09:13 - 2014-07-30 12:22 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp
2014-08-01 09:09 - 2013-03-13 15:21 - 00000000 ____D () C:\Users\Privat\Documents\Briefe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Driver_Pro.exe
C:\Users\Administrator\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Administrator\AppData\Local\Temp\nsb2A7C.exe
C:\Users\Administrator\AppData\Local\Temp\optprosetup.exe
C:\Users\Administrator\AppData\Local\Temp\sSetup-se.exe
C:\Users\Krystina\AppData\Local\Temp\GLFA181.tmp.ConduitEngineSetup.exe
C:\Users\Krystina\AppData\Local\Temp\Myashampoo.exe
C:\Users\Krystina\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Privat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplloobz.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 11:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---

[/CODE]

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-08-2014
Ran by Privat at 2014-08-12 18:51:50
Running from C:\Users\Privat\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
GG (HKCU\...\GG) (Version: 11 - GG Network S.A.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (Version: 12.0.1.881 - Kaspersky Lab) Hidden
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
SkypEmoticons (HKLM\...\SkypEmoticons_is1) (Version:  - ) <==== ATTENTION
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WinISO (HKLM\...\WinISO) (Version: 6.3.0.4722 - WinISO Computing Inc.)
WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version:  - )
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-05-2014 13:10:03 Geplanter Prüfpunkt
29-05-2014 15:06:18 Windows Update
29-05-2014 15:10:06 Windows Update
21-06-2014 19:43:17 Geplanter Prüfpunkt
28-07-2014 08:07:23 Geplanter Prüfpunkt
07-08-2014 09:28:41 Geplanter Prüfpunkt
08-08-2014 23:01:10 avast! antivirus system restore point
11-08-2014 19:58:16 avast! antivirus system restore point
11-08-2014 21:33:01 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10141FFD-1F64-45A2-9AB0-518C5DDE0ABF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {22D86BC8-EA60-4BCD-97D7-94439E6FF99B} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
Task: {41CCEEF2-8660-4EAE-8A60-8075C4508786} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-08] (Adobe Systems Incorporated)
Task: {850C1976-76C0-4E93-82EA-9729695A0D05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {AE0A3BD8-C696-45E4-98F5-9B640140218A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BF2A583E-0C1A-4772-8BDC-128DE97A2365} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {D6936D74-F0D2-4B87-A6BF-E193BCD06580} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-09] (AVAST Software)
Task: {F092003B-4433-4CD5-A310-FD79C5A5CC6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-09 01:01 - 2014-08-09 01:01 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-11 20:59 - 2014-08-11 20:59 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081101\algo.dll
2014-08-12 18:32 - 2014-08-12 18:32 - 02786304 _____ () C:\Program Files\AVAST Software\Avast\defs\14081200\algo.dll
2013-01-05 17:28 - 2006-10-18 07:36 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll
2013-01-05 17:28 - 2006-10-18 06:30 - 00032768 _____ () C:\Program Files\Lexmark 5400 Series\ipcmt.dll
2013-01-05 17:28 - 2006-10-18 07:43 - 00012288 _____ () C:\Windows\System32\lxctpmrc.dll
2013-01-05 17:28 - 2006-11-13 05:35 - 00118784 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxctdrpp.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-08-11 22:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-11 22:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-11 22:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-11 22:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-11 22:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2006-08-08 16:58 - 2006-08-08 16:58 - 00692224 _____ () C:\Windows\system32\lxctdrs.dll
2006-08-14 18:17 - 2006-08-14 18:17 - 00065536 _____ () C:\Windows\system32\lxctcaps.dll
2006-05-03 15:31 - 2006-05-03 15:31 - 00061440 _____ () C:\Windows\system32\lxctcnv4.dll
2013-01-05 17:28 - 2006-11-22 11:11 - 00291760 _____ () C:\Program Files\Lexmark 5400 Series\lxctmon.exe
2013-01-05 17:28 - 2006-08-08 16:54 - 00278528 _____ () C:\Program Files\Lexmark 5400 Series\lxctscw.dll
2013-01-05 17:28 - 2006-06-09 03:39 - 00143360 _____ () C:\Program Files\Lexmark 5400 Series\lxctdrec.dll
2013-01-05 17:28 - 2006-05-25 17:20 - 00241664 _____ () C:\Program Files\Lexmark 5400 Series\iptk.dll
2014-08-12 18:32 - 2014-08-12 18:32 - 00043008 _____ () c:\users\privat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplloobz.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Privat\AppData\Roaming\Dropbox\bin\libcef.dll
2003-07-11 03:09 - 2003-07-11 03:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: fixghesj => regsvr32.exe "C:\ProgramData\fixghesj.dat"
MSCONFIG\startupreg: GG => "C:\Users\Privat\AppData\Local\GG\Application\gghub.exe"
MSCONFIG\startupreg: LXCTCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: se => "C:\Users\Administrator\AppData\Roaming\SkypEmoticons\SE.exe"  /minimized
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: THGuard => "C:\Program Files\TrojanHunter 5.5\THGuard.exe"
MSCONFIG\startupreg: TrojanScanner => C:\Program Files\Trojan Remover\Trjscan.exe /boot
MSCONFIG\startupreg: UhokrUbwuy => regsvr32.exe "C:\ProgramData\UhokrUbwuy.dat"
MSCONFIG\startupreg: xhcmah => regsvr32.exe "C:\ProgramData\xhcmah.dat"
MSCONFIG\startupreg: xndcavzi => regsvr32.exe "C:\ProgramData\xndcavzi.dat"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2014 06:32:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1
Name des fehlerhaften Moduls: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1
Ausnahmecode: 0x40000015
Fehleroffset: 0x0029bc69
ID des fehlerhaften Prozesses: 0x8c0
Startzeit der fehlerhaften Anwendung: 0xTeamViewer_Service.exe0
Pfad der fehlerhaften Anwendung: TeamViewer_Service.exe1
Pfad des fehlerhaften Moduls: TeamViewer_Service.exe2
Berichtskennung: TeamViewer_Service.exe3

Error: (08/11/2014 10:57:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/11/2014 10:18:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/11/2014 10:17:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/11/2014 10:16:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/11/2014 10:16:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/11/2014 10:16:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/11/2014 10:01:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/11/2014 09:58:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
Generatordaten werden gesammelt

Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {ea16d743-312e-4c0c-9ce8-310ccc4862b5}

Error: (08/11/2014 09:52:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1
Name des fehlerhaften Moduls: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1
Ausnahmecode: 0x40000015
Fehleroffset: 0x0029bc69
ID des fehlerhaften Prozesses: 0x158
Startzeit der fehlerhaften Anwendung: 0xTeamViewer_Service.exe0
Pfad der fehlerhaften Anwendung: TeamViewer_Service.exe1
Pfad des fehlerhaften Moduls: TeamViewer_Service.exe2
Berichtskennung: TeamViewer_Service.exe3


System errors:
=============
Error: (08/12/2014 06:34:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/11/2014 11:57:00 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (08/11/2014 11:42:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/11/2014 10:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/11/2014 10:16:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/11/2014 10:03:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/11/2014 09:54:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/11/2014 09:51:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (08/11/2014 09:01:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/11/2014 09:41:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (08/12/2014 06:32:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TeamViewer_Service.exe9.0.29947.053b3dcf1TeamViewer_Service.exe9.0.29947.053b3dcf1400000150029bc698c001cfb64afcc93965c:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exec:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe3f1de281-223e-11e4-956d-386077e3971b

Error: (08/11/2014 10:57:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 10:18:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 10:17:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 10:16:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 10:16:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 10:16:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 10:01:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 09:58:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
Generatordaten werden gesammelt

Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {ea16d743-312e-4c0c-9ce8-310ccc4862b5}

Error: (08/11/2014 09:52:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TeamViewer_Service.exe9.0.29947.053b3dcf1TeamViewer_Service.exe9.0.29947.053b3dcf1400000150029bc6915801cfb59dc47a4e0bc:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exec:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe0a9f8594-2191-11e4-8584-386077e3971b


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 3549.12 MB
Available physical RAM: 2291.5 MB
Total Pagefile: 7096.51 MB
Available Pagefile: 5473.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.9 GB) (Free:111.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: (Bilder & Filme) (Fixed) (Total:100 GB) (Free:81.41 GB) NTFS
Drive h: (Volume) (Fixed) (Total:166.02 GB) (Free:46.8 GB) NTFS
Drive i: (Volume) (Fixed) (Total:199.74 GB) (Free:49.7 GB) NTFS
Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 95B995B9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=150 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 11C911C9)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=166 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Vielen Dank schon mal vorab!
__________________

Alt 12.08.2014, 19:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .




Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.08.2014, 21:17   #5
Gutealtezeit
 
Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



hier die Logs:

Avast funktioniert nun wieder. Darf ich fragen, was da passiert ist? War es denn noch ein Virus?
Danke schon mal!

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-08-2014
Ran by Privat at 2014-08-12 21:33:39 Run:1
Running from C:\Users\Privat\Desktop\Neuer Ordner
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
         
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         
Code:
ATTFilter
ComboFix 14-08-12.01 - Privat 12.08.2014  21:46:17.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1033.18.3549.2243 [GMT 2:00]
ausgeführt von:: c:\users\Privat\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\16vlrfgj@uioiaea.com
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\16vlrfgj@uioiaea.com\bootstrap.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\16vlrfgj@uioiaea.com\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\16vlrfgj@uioiaea.com\content\bg.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\16vlrfgj@uioiaea.com\install.rdf
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\jthqu.auai@uyiuryqh.org
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\jthqu.auai@uyiuryqh.org\bootstrap.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\jthqu.auai@uyiuryqh.org\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\jthqu.auai@uyiuryqh.org\content\bg.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\jthqu.auai@uyiuryqh.org\install.rdf
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ldtzskwos@jybta-.net
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ldtzskwos@jybta-.net\bootstrap.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ldtzskwos@jybta-.net\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ldtzskwos@jybta-.net\content\bg.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ldtzskwos@jybta-.net\install.rdf
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ostjla_uiee@s-gfu.net
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ostjla_uiee@s-gfu.net\bootstrap.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ostjla_uiee@s-gfu.net\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ostjla_uiee@s-gfu.net\content\bg.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ostjla_uiee@s-gfu.net\install.rdf
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\staged\uegkbw8h2yq@eoiyioe.com
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\staged\uegkbw8h2yq@eoiyioe.com\bootstrap.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\staged\uegkbw8h2yq@eoiyioe.com\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\staged\uegkbw8h2yq@eoiyioe.com\content\bg.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\staged\uegkbw8h2yq@eoiyioe.com\install.rdf
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wnym@lhrtq.co.uk
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wnym@lhrtq.co.uk\bootstrap.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wnym@lhrtq.co.uk\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wnym@lhrtq.co.uk\content\bg.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wnym@lhrtq.co.uk\install.rdf
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wtd8.jsl@iuauu-aw.co.uk
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wtd8.jsl@iuauu-aw.co.uk\bootstrap.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wtd8.jsl@iuauu-aw.co.uk\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wtd8.jsl@iuauu-aw.co.uk\content\bg.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wtd8.jsl@iuauu-aw.co.uk\install.rdf
c:\users\Administrator\AppData\Roaming\regsvr32.exe_log.txt
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
         


Alt 12.08.2014, 21:19   #6
Gutealtezeit
 
Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



Code:
ATTFilter
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json
c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINISOCDBUS
-------\Service_WinisoCDBus
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-12 bis 2014-08-12  ))))))))))))))))))))))))))))))
.
.
2014-08-12 19:57 . 2014-08-12 20:00	--------	d-----w-	c:\users\Privat\AppData\Local\temp
2014-08-12 19:57 . 2014-08-12 19:57	--------	d-----w-	c:\users\Krystina\AppData\Local\temp
2014-08-12 19:25 . 2014-08-12 19:25	--------	d-----w-	c:\program files\VS Revo Group
2014-08-12 19:22 . 2014-08-12 19:22	10594416	----a-w-	c:\program files\Mozilla Firefox\icudt52.dll
2014-08-12 19:22 . 2014-08-12 19:22	1022576	----a-w-	c:\program files\Mozilla Firefox\icuin52.dll
2014-08-12 19:22 . 2014-08-12 19:22	822384	----a-w-	c:\program files\Mozilla Firefox\icuuc52.dll
2014-08-12 16:49 . 2014-08-12 19:33	--------	d-----w-	C:\FRST
2014-08-11 21:35 . 2014-08-11 21:35	--------	d-----w-	c:\windows\ELAMBKUP
2014-08-11 21:34 . 2014-08-11 21:56	94304	----a-w-	c:\windows\system32\drivers\klflt.sys
2014-08-11 21:33 . 2009-11-25 10:47	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2014-08-11 21:33 . 2009-11-25 10:47	49472	----a-w-	c:\windows\system32\netfxperf.dll
2014-08-11 21:33 . 2009-11-25 10:47	297808	----a-w-	c:\windows\system32\mscoree.dll
2014-08-11 21:33 . 2009-11-25 10:47	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2014-08-11 21:33 . 2009-11-25 10:47	1130824	----a-w-	c:\windows\system32\dfshim.dll
2014-08-11 20:53 . 2014-08-12 19:59	--------	d-----w-	c:\programdata\Kaspersky Lab
2014-08-11 20:53 . 2014-08-11 21:34	--------	d-----w-	c:\program files\Kaspersky Lab
2014-08-11 20:15 . 2013-09-20 08:49	18968	----a-w-	c:\windows\system32\sdnclean.exe
2014-08-11 20:15 . 2014-08-11 20:43	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-08-11 20:15 . 2014-08-11 20:18	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2014-08-11 19:55 . 2014-08-11 19:55	--------	d-----w-	c:\programdata\Logs
2014-08-08 23:08 . 2014-08-11 19:07	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-08 23:08 . 2014-08-08 23:08	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-08-08 23:08 . 2014-08-08 23:08	--------	d-----w-	c:\programdata\Malwarebytes
2014-08-08 23:08 . 2014-05-12 05:26	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-08 23:08 . 2014-05-12 05:25	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-08 23:08 . 2014-05-12 05:25	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-08 23:02 . 2014-08-08 23:02	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-08-08 23:02 . 2014-08-08 23:02	43152	----a-w-	c:\windows\avastSS.scr
2014-08-08 20:45 . 2014-08-08 20:45	--------	d-----w-	C:\EEK
2014-08-08 20:30 . 2014-08-08 20:30	--------	d-----w-	C:\Quarantine
2014-08-08 20:05 . 2014-08-08 20:06	--------	d-----w-	c:\program files\stinger
2014-08-08 20:01 . 2014-08-08 20:01	--------	d-----w-	c:\users\Privat\AppData\Local\Macromedia
2014-08-08 19:49 . 2014-08-08 19:49	--------	d-----w-	c:\users\Privat\AppData\Roaming\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-11 21:56 . 2013-10-17 13:47	25184	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2014-08-11 21:56 . 2013-10-17 13:47	135776	----a-w-	c:\windows\system32\drivers\kl1.sys
2014-08-11 21:56 . 2013-06-06 15:38	144992	----a-w-	c:\windows\system32\drivers\kneps.sys
2014-08-11 20:03 . 2013-11-29 17:46	414520	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-08-08 23:02 . 2014-01-15 09:54	71944	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-08-08 23:02 . 2013-11-29 17:46	192352	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-08-08 23:02 . 2013-11-29 17:46	779536	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-08-08 23:02 . 2013-11-29 17:46	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-08-08 23:02 . 2013-11-29 17:46	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-08-08 23:02 . 2013-11-29 17:46	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-08-08 23:02 . 2013-11-29 17:46	276432	----a-w-	c:\windows\system32\aswBoot.exe
2014-08-08 20:37 . 2012-06-13 20:27	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-08 20:37 . 2012-06-13 20:27	699056	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-29 15:12 . 2014-05-29 15:12	86528	----a-w-	c:\windows\system32\iesysprep.dll
2014-05-29 15:12 . 2014-05-29 15:12	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-05-29 15:12 . 2014-05-29 15:12	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-05-29 15:12 . 2014-05-29 15:12	74752	----a-w-	c:\windows\system32\iesetup.dll
2014-05-29 15:12 . 2014-05-29 15:12	63488	----a-w-	c:\windows\system32\tdc.ocx
2014-05-29 15:12 . 2014-05-29 15:12	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-05-29 15:12 . 2014-05-29 15:12	421376	----a-w-	c:\windows\system32\vbscript.dll
2014-05-29 15:12 . 2014-05-29 15:12	367104	----a-w-	c:\windows\system32\html.iec
2014-05-29 15:12 . 2014-05-29 15:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-29 15:12 . 2014-05-29 15:12	23552	----a-w-	c:\windows\system32\licmgr10.dll
2014-05-29 15:12 . 2014-05-29 15:12	1806848	----a-w-	c:\windows\system32\jscript9.dll
2014-05-29 15:12 . 2014-05-29 15:12	161792	----a-w-	c:\windows\system32\msls31.dll
2014-05-29 15:12 . 2014-05-29 15:12	152064	----a-w-	c:\windows\system32\wextract.exe
2014-05-29 15:12 . 2014-05-29 15:12	150528	----a-w-	c:\windows\system32\iexpress.exe
2014-05-29 15:12 . 2014-05-29 15:12	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2014-05-29 15:12 . 2014-05-29 15:12	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2014-05-29 15:12 . 2014-05-29 15:12	11776	----a-w-	c:\windows\system32\mshta.exe
2014-05-29 15:12 . 2014-05-29 15:12	1129472	----a-w-	c:\windows\system32\wininet.dll
2014-05-29 15:12 . 2014-05-29 15:12	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-05-29 15:12 . 2014-05-29 15:12	101888	----a-w-	c:\windows\system32\admparse.dll
2014-05-29 15:12 . 2014-05-29 15:12	35840	----a-w-	c:\windows\system32\imgutil.dll
2014-05-29 15:11 . 2014-05-29 15:11	801792	----a-w-	c:\windows\system32\FntCache.dll
2014-05-29 15:11 . 2014-05-29 15:11	739840	----a-w-	c:\windows\system32\d2d1.dll
2014-05-29 15:11 . 2014-05-29 15:11	728448	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2014-05-29 15:11 . 2014-05-29 15:11	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2014-05-29 15:11 . 2014-05-29 15:11	3181568	----a-w-	c:\windows\system32\mf.dll
2014-05-29 15:11 . 2014-05-29 15:11	283648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2014-05-29 15:11 . 2014-05-29 15:11	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2014-05-29 15:11 . 2014-05-29 15:11	218624	----a-w-	c:\windows\system32\d3d10_1core.dll
2014-05-29 15:11 . 2014-05-29 15:11	196608	----a-w-	c:\windows\system32\mfreadwrite.dll
2014-05-29 15:11 . 2014-05-29 15:11	1619456	----a-w-	c:\windows\system32\WMVDECOD.DLL
2014-05-29 15:11 . 2014-05-29 15:11	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2014-05-29 15:11 . 2014-05-29 15:11	1495040	----a-w-	c:\windows\system32\ExplorerFrame.dll
2014-05-29 15:11 . 2014-05-29 15:11	135168	----a-w-	c:\windows\system32\XpsRasterService.dll
2014-05-29 15:11 . 2014-05-29 15:11	1170944	----a-w-	c:\windows\system32\d3d10warp.dll
2014-05-29 15:11 . 2014-05-29 15:11	107520	----a-w-	c:\windows\system32\cdd.dll
2014-05-29 15:11 . 2014-05-29 15:11	1074176	----a-w-	c:\windows\system32\DWrite.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-08 23:01	578240	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2014-06-15 202080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-11 4085896]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-09-11 03:09	450560	----a-w-	c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-08-29 00:23	1861968	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GG]
2014-06-02 16:07	4023360	----a-w-	c:\users\Privat\AppData\Local\GG\Application\gghub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
2006-11-21 12:27	106496	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\lxcttime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50	155648	----a-w-	c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2011-06-28 08:37	10127976	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-05-08 07:51	21444224	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16	254336	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2014-06-15 202080]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2014-08-07 50200]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys [2014-08-11 94304]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax86.sys [2014-08-07 22056]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-08-08 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-11 414520]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2013-10-17 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-14 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-08-11 144992]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-08 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-08 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-08 71944]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-08-11 25184]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-10-17 25696]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 17:23	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 20:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = about:blank
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zu Anti-Banner hinzufügen - c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\
FF - prefs.js: browser.search.selectedEngine - DivX Browser Bar DE Customized Web Search
FF - prefs.js: keyword.URL - hxxp://trovi.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN57436081810220232&UM=2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
MSConfigStartUp-fixghesj - c:\programdata\fixghesj.dat
MSConfigStartUp-se - c:\users\Administrator\AppData\Roaming\SkypEmoticons\SE.exe
MSConfigStartUp-THGuard - c:\program files\TrojanHunter 5.5\THGuard.exe
MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe
MSConfigStartUp-UhokrUbwuy - c:\programdata\UhokrUbwuy.dat
MSConfigStartUp-xhcmah - c:\programdata\xhcmah.dat
MSConfigStartUp-xndcavzi - c:\programdata\xndcavzi.dat
AddRemove-{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1 - c:\program files\Ashampoo\Ashampoo Burning Studio 6 FREE\unins001.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
c:\windows\system32\lxctcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\taskhost.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\users\Privat\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
c:\users\Privat\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe
c:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Desktop.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-12  22:07:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-08-12 20:07
.
Vor Suchlauf: 14 Verzeichnis(se), 119.830.609.920 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 120.202.952.704 Bytes frei
.
- - End Of File - - 9DCD4842D60601F66DA8C5999FAEA7BB
A36C5E4F47E84449FF07ED3517B43A31
         
[/CODE]

Alt 13.08.2014, 19:29   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.08.2014, 22:07   #8
Gutealtezeit
 
Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



so bitte schon:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 13.08.2014
Suchlauf-Zeit: 21:17:53
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.13.06
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: Privat

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 384973
Verstrichene Zeit: 10 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.ValueApps.A, HKU\S-1-5-21-176602296-3208371113-2143824810-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, In Quarantäne, [ad6d378f6c0f340234938980c1428f71], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 2
PUP.Optional.ValueApps.A, C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\valueApps, In Quarantäne, [c05aab1b3f3c8caadcb4c6f5e41e4ab6], 
PUP.Optional.ValueApps.A, C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\valueApps\CT3297265, In Quarantäne, [c05aab1b3f3c8caadcb4c6f5e41e4ab6], 

Dateien: 4
PUP.Optional.Multiplug, C:\ProgramData\saevee  on\oLUa.exe, In Quarantäne, [59c1f1d5b5c62412201a7128d52cc13f], 
PUP.Optional.Multiplug, C:\ProgramData\Searcih-NeewTAb\MY_wzza.exe, In Quarantäne, [071365616219b97d06348a0ff50cc937], 
PUP.Optional.Trovi.A, C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN57436081810220232&UM=2&q=");), Ersetzt,[52c8fbcbf2890c2adf1d2ad410f40af6]
PUP.Optional.Conduit.A, C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\prefs.js, Gut: (), Schlecht: (user_pref("CT3297265.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3297265&octid=CT3297265&ISID=ISID_ID&SearchSource=15&CUI=UN57436081810220232&Lay=1&UM=2\"}");), Ersetzt,[0515b0169edd37ff31acac53d034ab55]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.304 - Report created 13/08/2014 at 22:24:33
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : Privat - PRIVAT-PC
# Running from : C:\Users\Privat\Downloads\adwcleaner_3.304.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\Users\Privat\Favorites\AGI
Folder Deleted : C:\ProgramData\Adblocker
Folder Deleted : C:\ProgramData\saave OaN
Folder Deleted : C:\ProgramData\saevee  on
Folder Deleted : C:\ProgramData\Searcch-NewTaab
Folder Deleted : C:\ProgramData\Searcih-NeewTAb
Folder Deleted : C:\Program Files\Adblocker
Folder Deleted : C:\Program Files\saave OaN
Folder Deleted : C:\Program Files\saevee  on
Folder Deleted : C:\Program Files\Searcch-NewTaab
Folder Deleted : C:\Program Files\Searcih-NeewTAb
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Krystina\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Krystina\AppData\Local\torch
Folder Deleted : C:\Users\Krystina\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Privat\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Privat\AppData\Local\torch
Folder Deleted : C:\Users\Privat\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Privat\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Smartbar
Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\ValueApps
Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\CT3297265
Folder Deleted : C:\Users\Krystina\AppData\Roaming\Mozilla\Firefox\Profiles\zzv8q9v5.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Extensions\{6dad39c6-f4ac-4984-8e9b-f666269b9eb1}

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297265
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3312523
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v31.0 (x86 de)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/21&hid=17936351540188775721&lg=EN&cc=DE&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/21&hid=17936351540188775721&lg=EN&cc=DE");
Line Deleted : user_pref("extensions.GU8QvuTGF6_.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.Gy4AWk8lbSMf.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("extensions.aHkHvU0cSjE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.cdCZq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Deleted : user_pref("extensions.mIgwfxBE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.rdmekPSun.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/21&hid=17936351540188775721&lg=EN&cc=DE&l=1&q=");

[ File : C:\Users\Krystina\AppData\Roaming\Mozilla\Firefox\Profiles\zzv8q9v5.default\prefs.js ]


[ File : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\prefs.js ]

Line Deleted : user_pref("CT3297265.FF19Solved", "true");
Line Deleted : user_pref("CT3297265.FirstTime", "true");
Line Deleted : user_pref("CT3297265.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3297265.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT3297265.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT3297265.UserID", "UN57436081810220232");
Line Deleted : user_pref("CT3297265.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3297265.autoDisableScopes", -1);
Line Deleted : user_pref("CT3297265.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3297265.countryCode", "DE");
Line Deleted : user_pref("CT3297265.defaultSearch", "true");
Line Deleted : user_pref("CT3297265.enableAlerts", "true");
Line Deleted : user_pref("CT3297265.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3297265.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3297265.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3297265.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3297265.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3297265.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3297265.fixUrls", true);
Line Deleted : user_pref("CT3297265.fullUserID", "UN57436081810220232.UP.20130917191347");
Line Deleted : user_pref("CT3297265.installDate", "12/5/2013 16:55:51");
Line Deleted : user_pref("CT3297265.installId", "stub.exe");
Line Deleted : user_pref("CT3297265.installSessionId", "{9599E7CC-9D04-4489-BB32-FC4256F0A6BC}");
Line Deleted : user_pref("CT3297265.installSp", "true");
Line Deleted : user_pref("CT3297265.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3297265.installUsage", "2013-05-12T18:47:57.0452567+03:00");
Line Deleted : user_pref("CT3297265.installUsageEarly", "2013-05-12T18:47:56.4828251+03:00");
Line Deleted : user_pref("CT3297265.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT3297265.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3297265.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3297265.keyword", true);
Line Deleted : user_pref("CT3297265.lastVersion", "10.33.0.505");
Line Deleted : user_pref("CT3297265.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3297265.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3297265.missingMachineIdSent", "true");
Line Deleted : user_pref("CT3297265.openThankYouPage", "false");
Line Deleted : user_pref("CT3297265.openUninstallPage", "true");
Line Deleted : user_pref("CT3297265.originalHomepage", "hxxp://www.google.de/");
Line Deleted : user_pref("CT3297265.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3297265.originalSearchEngine", "Ask.com");
Line Deleted : user_pref("CT3297265.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT3297265.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3297265.search.searchAppId", "130102701223206401");
Line Deleted : user_pref("CT3297265.search.searchCount", "2");
Line Deleted : user_pref("CT3297265.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3297265.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3297265.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3297265.searchRevert", "false");
Line Deleted : user_pref("CT3297265.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3297265.searchUserMode", "2");
Line Deleted : user_pref("CT3297265.serviceLayer_services_Configuration_lastUpdate", "1407960114351");
Line Deleted : user_pref("CT3297265.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1407527441852");
Line Deleted : user_pref("CT3297265.serviceLayer_services_appsMetadata_lastUpdate", "1407960113750");
Line Deleted : user_pref("CT3297265.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1407527441568");
Line Deleted : user_pref("CT3297265.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1368373696609");
Line Deleted : user_pref("CT3297265.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1368373697247");
Line Deleted : user_pref("CT3297265.serviceLayer_services_location_lastUpdate", "1378234817502");
Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.16.2.6_lastUpdate", "1378234817407");
Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.19.2.505_lastUpdate", "1379666522457");
Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380914120980");
Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.20.1.508_lastUpdate", "1389127912284");
Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.23.0.822_lastUpdate", "1397420866844");
Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.29.0.520_lastUpdate", "1401375991569");
Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.31.2.501_lastUpdate", "1407527441707");
Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.33.0.505_lastUpdate", "1407960113932");
Line Deleted : user_pref("CT3297265.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1407527441680");
Line Deleted : user_pref("CT3297265.serviceLayer_services_searchAPI_lastUpdate", "1407960114199");
Line Deleted : user_pref("CT3297265.serviceLayer_services_serviceMap_lastUpdate", "1407960113757");
Line Deleted : user_pref("CT3297265.serviceLayer_services_toolbarContextMenu_lastUpdate", "1407960113789");
Line Deleted : user_pref("CT3297265.serviceLayer_services_toolbarSettings_lastUpdate", "1407960113631");
Line Deleted : user_pref("CT3297265.serviceLayer_services_translation_lastUpdate", "1407960113773");
Line Deleted : user_pref("CT3297265.settingsINI", true);
Line Deleted : user_pref("CT3297265.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3297265.showToolbarPermission", "false");
Line Deleted : user_pref("CT3297265.smartbar.CTID", "CT3297265");
Line Deleted : user_pref("CT3297265.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3297265.smartbar.homepage", "true");
Line Deleted : user_pref("CT3297265.smartbar.toolbarName", "DivX Browser Bar DE ");
Line Deleted : user_pref("CT3297265.startPage", "true");
Line Deleted : user_pref("CT3297265.toolbarBornServerTime", "12-5-2013");
Line Deleted : user_pref("CT3297265.toolbarCurrentServerTime", "13-8-2014");
Line Deleted : user_pref("CT3297265.toolbarLoginClientTime", "Sun May 12 2013 17:48:17 GMT+0200");
Line Deleted : user_pref("CT3297265.versionFromInstaller", "10.16.2.6");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.TBHomepagesList", "");
Line Deleted : user_pref("Smartbar.TBSearchEngineList", "");
Line Deleted : user_pref("Smartbar.TBSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3297265");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3297265");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3297265&CUI=UN57436081810220232&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3297265&octid=CT3297265&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN57436081810220232&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3297265");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3297265");
Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3297265&CUI=UN57436081810220232&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3297265&octid=CT3297265&SearchSource=61&CUI[...]
Line Deleted : user_pref("smartbar.machineId", "R0ZPUMOHE87SUZOIXGRTSRSCBYVFCA83MQZSGDK2ADPFGWYAGCI3F6WGMOA/RPQJ8K0G2KTKNI7FBVSWBGCLAG");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3297265&CUI=UN57436081810220232&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN57436081810220232&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329[...]
Line Deleted : user_pref("valueApps.CT3297265.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3297265.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3297265.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3297265.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3297265.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3297265.mam_gk_userBornDate.storedInFile", false);

-\\ Google Chrome v35.0.1916.153

*************************

AdwCleaner[R0].txt - [15606 octets] - [13/08/2014 22:04:48]
AdwCleaner[S0].txt - [15790 octets] - [13/08/2014 22:24:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15851 octets] ##########
         
--- --- ---

[/CODE]

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Privat on 13.08.2014 at 22:34:43,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{166D820D-915D-47D1-A926-5FECE97F48C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E10D3CF-AEA7-4A1C-BED2-CC137D173BB6}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Privat\appdata\locallow\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.08.2014 at 22:43:54,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by Privat (administrator) on PRIVAT-PC on 13-08-2014 22:50:00
Running from C:\Users\Privat\Desktop\Neuer Ordner
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Englisch (USA)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
( ) C:\Windows\System32\lxctcoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\Lexmark 5400 Series\lxctmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 5400 Series\ezprint.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x573D51A2D7E5CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {F792531D-9E64-4113-AB12-FA02C0C3A494} URL = https://www.google.com/search?q={searchTerms}
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-29]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-08-11]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (YouTube) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google Search) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-08-12]
CHR Extension: (avast! Online Security) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-20]
CHR Extension: (Safe Money) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-08-12]
CHR Extension: (Virtual Keyboard) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-01-20]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer9; c:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe [4661056 2014-07-02] (TeamViewer GmbH)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-08-08] (Emsisoft GmbH)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-09] ()
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-08-08] (Emsisoft GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-08-11] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-08-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-08-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-08-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-08-11] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-13] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 catchme; \??\C:\Users\Privat\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 22:33 - 2014-08-13 22:33 - 01016261 _____ (Thisisu) C:\Users\Privat\Downloads\JRT.exe
2014-08-13 22:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-13 22:04 - 2014-08-13 22:24 - 00000000 ____D () C:\AdwCleaner
2014-08-12 23:12 - 2014-08-12 23:12 - 00000943 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-08-12 23:12 - 2014-08-12 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-12 23:11 - 2014-08-12 23:12 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Privat\Documents\PDF Architect 2
2014-08-12 23:09 - 2014-08-12 23:12 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-12 23:09 - 2014-08-12 23:09 - 00000949 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-12 23:09 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-08-12 23:09 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL
2014-08-12 23:09 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL
2014-08-12 23:09 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL
2014-08-12 23:09 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\MSCC2DE.DLL
2014-08-12 22:34 - 2014-08-12 22:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-12 21:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-12 21:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-12 21:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-12 21:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-12 21:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-12 21:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-12 21:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-12 21:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-12 21:38 - 2014-08-12 22:07 - 00000000 ____D () C:\Qoobox
2014-08-12 21:37 - 2014-08-12 22:02 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 21:36 - 2014-08-12 21:36 - 05569662 ____R (Swearware) C:\Users\Privat\Downloads\ComboFix.exe
2014-08-12 21:25 - 2014-08-12 21:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-12 21:24 - 2014-08-12 21:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Privat\Downloads\revosetup95.exe
2014-08-12 21:21 - 2014-08-13 22:50 - 00000000 ____D () C:\Users\Privat\Desktop\Neuer Ordner
2014-08-12 18:49 - 2014-08-13 22:50 - 00000000 ____D () C:\FRST
2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-11 23:34 - 2014-08-11 23:56 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-11 23:34 - 2014-08-11 23:56 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-11 23:33 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-08-11 23:33 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-08-11 23:33 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-08-11 23:33 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-08-11 23:33 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-08-11 22:53 - 2014-08-13 22:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-11 22:53 - 2014-08-11 23:34 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe
2014-08-11 22:15 - 2014-08-11 22:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-11 22:15 - 2014-08-11 22:18 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-11 22:15 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-08-11 22:12 - 2014-08-11 22:14 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe
2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe
2014-08-09 01:08 - 2014-08-13 21:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-09 01:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-09 01:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-09 01:08 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-08-08 23:53 - 2014-08-09 00:43 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg
2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log
2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk
2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK
2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine
2014-08-08 22:27 - 2014-08-08 22:36 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe
2014-08-08 22:05 - 2014-08-08 22:06 - 00000000 ____D () C:\Program Files\stinger
2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe
2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia
2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini
2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer
2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe
2014-07-30 12:22 - 2014-08-01 09:13 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:50 - 2014-08-12 21:21 - 00000000 ____D () C:\Users\Privat\Desktop\Neuer Ordner
2014-08-13 22:50 - 2014-08-12 18:49 - 00000000 ____D () C:\FRST
2014-08-13 22:37 - 2013-05-27 09:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 22:34 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 22:34 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 22:33 - 2014-08-13 22:33 - 01016261 _____ (Thisisu) C:\Users\Privat\Downloads\JRT.exe
2014-08-13 22:29 - 2012-06-13 22:11 - 01533212 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 22:26 - 2014-08-11 22:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-13 22:26 - 2012-12-29 19:29 - 00116962 _____ () C:\Windows\PFRO.log
2014-08-13 22:26 - 2012-12-29 18:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-08-13 22:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 22:26 - 2009-07-14 06:39 - 00123777 _____ () C:\Windows\setupact.log
2014-08-13 22:24 - 2014-08-13 22:04 - 00000000 ____D () C:\AdwCleaner
2014-08-13 22:02 - 2012-12-29 21:09 - 00001093 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-13 22:02 - 2012-12-29 21:09 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-13 21:58 - 2014-08-09 01:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 21:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-12 23:12 - 2014-08-12 23:12 - 00000943 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-08-12 23:12 - 2014-08-12 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-12 23:12 - 2014-08-12 23:11 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-12 23:12 - 2014-08-12 23:09 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-12 23:12 - 2014-04-14 22:54 - 00000000 ___RD () C:\Users\Privat\Dropbox
2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Privat\Documents\PDF Architect 2
2014-08-12 23:09 - 2014-08-12 23:09 - 00000949 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-12 22:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-12 22:34 - 2014-08-12 22:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-12 22:34 - 2013-07-03 09:36 - 00000000 ____D () C:\Program Files\Java
2014-08-12 22:30 - 2013-11-25 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-08-12 22:30 - 2012-12-29 21:22 - 00000000 ____D () C:\Program Files\DivX
2014-08-12 22:30 - 2012-12-29 21:20 - 00000000 ____D () C:\ProgramData\DivX
2014-08-12 22:07 - 2014-08-12 21:38 - 00000000 ____D () C:\Qoobox
2014-08-12 22:07 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-08-12 22:07 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-08-12 22:02 - 2014-08-12 21:37 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 22:00 - 2014-04-14 22:50 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Dropbox
2014-08-12 21:59 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-08-12 21:58 - 2009-07-14 04:03 - 37224448 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-12 21:58 - 2009-07-14 04:03 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-12 21:50 - 2014-06-14 19:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-12 21:36 - 2014-08-12 21:36 - 05569662 ____R (Swearware) C:\Users\Privat\Downloads\ComboFix.exe
2014-08-12 21:25 - 2014-08-12 21:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-12 21:24 - 2014-08-12 21:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Privat\Downloads\revosetup95.exe
2014-08-12 21:22 - 2014-04-20 19:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-11 23:56 - 2014-08-11 23:34 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-11 23:56 - 2014-08-11 23:34 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-11 23:56 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-08-11 23:56 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-08-11 23:56 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-11 23:34 - 2014-08-11 22:53 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-08-11 23:34 - 2012-06-13 22:14 - 01522236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 23:33 - 2012-12-29 19:18 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-11 22:57 - 2014-03-07 21:07 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-11 22:57 - 2014-03-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-11 22:57 - 2012-12-29 21:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe
2014-08-11 22:43 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-11 22:18 - 2014-08-11 22:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-11 22:14 - 2014-08-11 22:12 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe
2014-08-11 22:03 - 2013-11-29 19:46 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-11 21:59 - 2013-11-29 19:47 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-11 21:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-08-11 21:43 - 2014-06-21 21:04 - 00000000 ____D () C:\ProgramData\AppSnow
2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe
2014-08-11 12:49 - 2012-12-29 21:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\GG
2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 01:02 - 2014-01-15 11:54 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-09 01:02 - 2013-11-29 19:46 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-09 00:43 - 2014-08-08 23:53 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg
2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log
2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk
2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK
2014-08-08 22:37 - 2012-06-13 22:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-08 22:37 - 2012-06-13 22:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-08 22:36 - 2014-08-08 22:27 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe
2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine
2014-08-08 22:07 - 2014-06-14 19:19 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5
2014-08-08 22:06 - 2014-08-08 22:05 - 00000000 ____D () C:\Program Files\stinger
2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe
2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia
2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini
2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer
2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe
2014-08-08 21:24 - 2014-04-14 22:54 - 00001021 _____ () C:\Users\Privat\Desktop\Dropbox.lnk
2014-08-08 21:24 - 2014-04-14 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-01 09:13 - 2014-07-30 12:22 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp
2014-08-01 09:09 - 2013-03-13 15:21 - 00000000 ____D () C:\Users\Privat\Documents\Briefe

Some content of TEMP:
====================
C:\Users\Privat\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu6u0dc.dll
C:\Users\Privat\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 11:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Privat at 2014-08-13 22:50:33
Running from C:\Users\Privat\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
GG (HKCU\...\GG) (Version: 11 - GG Network S.A.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (Version: 12.0.1.881 - Kaspersky Lab) Hidden
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WinISO (HKLM\...\WinISO) (Version: 6.3.0.4722 - WinISO Computing Inc.)
WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version:  - )
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-06-2014 19:43:17 Geplanter Prüfpunkt
28-07-2014 08:07:23 Geplanter Prüfpunkt
07-08-2014 09:28:41 Geplanter Prüfpunkt
08-08-2014 23:01:10 avast! antivirus system restore point
11-08-2014 19:58:16 avast! antivirus system restore point
11-08-2014 21:33:01 Windows Update
12-08-2014 19:29:21 Revo Uninstaller's restore point - SkypEmoticons
12-08-2014 21:11:32 Installed PDF Architect 2 View Module

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-08-12 21:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {22D86BC8-EA60-4BCD-97D7-94439E6FF99B} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
Task: {41CCEEF2-8660-4EAE-8A60-8075C4508786} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-08] (Adobe Systems Incorporated)
Task: {850C1976-76C0-4E93-82EA-9729695A0D05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {AE0A3BD8-C696-45E4-98F5-9B640140218A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BF2A583E-0C1A-4772-8BDC-128DE97A2365} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {D6936D74-F0D2-4B87-A6BF-E193BCD06580} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-09] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-08-09 01:01 - 2014-08-09 01:01 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-13 20:59 - 2014-08-13 20:59 - 02797056 _____ () C:\Program Files\AVAST Software\Avast\defs\14081301\algo.dll
2013-01-05 17:28 - 2006-10-18 07:36 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll
2013-01-05 17:28 - 2006-10-18 06:30 - 00032768 _____ () C:\Program Files\Lexmark 5400 Series\ipcmt.dll
2013-01-05 17:28 - 2006-10-18 07:43 - 00012288 _____ () C:\Windows\System32\lxctpmrc.dll
2013-01-05 17:28 - 2006-11-13 05:35 - 00118784 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxctdrpp.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-01-05 17:28 - 2006-11-22 11:11 - 00291760 _____ () C:\Program Files\Lexmark 5400 Series\lxctmon.exe
2013-01-05 17:28 - 2006-08-08 16:54 - 00278528 _____ () C:\Program Files\Lexmark 5400 Series\lxctscw.dll
2013-01-05 17:28 - 2006-06-09 03:39 - 00143360 _____ () C:\Program Files\Lexmark 5400 Series\lxctdrec.dll
2013-01-05 17:28 - 2006-05-25 17:20 - 00241664 _____ () C:\Program Files\Lexmark 5400 Series\iptk.dll
2014-08-11 22:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-11 22:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-11 22:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-11 22:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-11 22:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-09 01:02 - 2014-08-09 01:02 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-08-08 16:58 - 2006-08-08 16:58 - 00692224 _____ () C:\Windows\system32\lxctdrs.dll
2006-08-14 18:17 - 2006-08-14 18:17 - 00065536 _____ () C:\Windows\system32\lxctcaps.dll
2006-05-03 15:31 - 2006-05-03 15:31 - 00061440 _____ () C:\Windows\system32\lxctcnv4.dll
2012-12-29 19:06 - 2004-09-18 09:43 - 00121856 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GG => "C:\Users\Privat\AppData\Local\GG\Application\gghub.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: LXCTCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-12 21:45:23.924
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-12 21:45:23.924
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 3549.12 MB
Available physical RAM: 2358.13 MB
Total Pagefile: 7096.51 MB
Available Pagefile: 5485.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.9 GB) (Free:112.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: (Bilder & Filme) (Fixed) (Total:100 GB) (Free:81.41 GB) NTFS
Drive h: (Volume) (Fixed) (Total:166.02 GB) (Free:46.87 GB) NTFS
Drive i: (Volume) (Fixed) (Total:199.74 GB) (Free:49.71 GB) NTFS
Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 95B995B9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=150 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 11C911C9)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=166 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Dürfte ich noch wissen, was jetzt zu diesem Verhalten geführt hat und u.a. wie wurde das Problem mit den Berechtigungen behoben? Danke vorab :-)

Viele Grüße
Gutealtezeit

Alt 14.08.2014, 13:23   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.08.2014, 14:24   #10
Gutealtezeit
 
Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



Werde es wohl leider erst morgen schaffen, da ich seit gestern beruflich unterwegs bin.

Alt 16.08.2014, 10:04   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.08.2014, 20:52   #12
Gutealtezeit
 
Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



Hallo,

sorry ich bin jetzt fast 1 Woche nicht da zu gekommen sich um meinen Rechner zu kümmern und hoffe wir können jetzt weiter machen.

Anbei die benötigten Logs:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=670fdca411c9b84bb2ba5f8f13507f84
# engine=19772
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-21 07:28:43
# local_time=2014-08-21 09:28:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 7228 22905716 0 0
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 7343 40127345 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 42778454 160280514 0 0
# scanned=177695
# found=36
# cleaned=36
# scan_time=4708
sh=AD3EB5C38E33919317F46331E93E669105497F07 ft=1 fh=f28f6a642fe78f79 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Extensions\{6dad39c6-f4ac-4984-8e9b-f666269b9eb1}\ctypes\FirefoxCtype.dll.vir"
sh=545537DD6DF32D4ADCA7CD093735EB727CF3B98E ft=1 fh=c14d1e35487b28c7 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Extensions\{6dad39c6-f4ac-4984-8e9b-f666269b9eb1}\Plugins\npFirefoxPlugin.dll.vir"
sh=6E1AF05E8736A01B06784AC8E182E296F6988930 ft=1 fh=955c114d470cbc4c vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\DivX_Browser_Bar_DE\hktbDivX.dll"
sh=D48BE97123B04D44CD11E8A5A7A7EB0E49DA3DD0 ft=1 fh=e6d7e987a7677d06 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\DivX_Browser_Bar_DE\ldrtbDivX.dll"
sh=BE144F65AA4ADF3D2100746839B6728914F947AE ft=1 fh=c557c62982098975 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\DivX_Browser_Bar_DE\tbDiv1.dll"
sh=C3D54B5C6569F04C9E076AF7D441D6745BB98C4E ft=1 fh=aa1a0cb4f5da8738 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\DivX_Browser_Bar_DE\tbDivX.dll"
sh=1B37BEC7610109F594112CFB3D31145270C9B448 ft=1 fh=40977a3eb07e85f1 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\MyAshampoo\hk64tbMyA0.dll"
sh=D0ED81A632CE3D57C8B76105DA25F471D47B3E75 ft=1 fh=fc399cefd8e91d81 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\MyAshampoo\hktbMyA0.dll"
sh=2AA1E2644D392689B767F9208ABD40C8CF9A0830 ft=1 fh=6a69b43ed4700d25 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\MyAshampoo\ldrtbMyA0.dll"
sh=9D2D4D6F4434A89BCEEE7132C24890550E01479C ft=1 fh=2a05e04e6030aaf6 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\MyAshampoo\tbMyA0.dll"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\MyAshampoo\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OH2PCQ8U\PDFCreator-1_7_3_setup.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\PDFCreator-1_7_0_setup.exe"
sh=5FC37CF3593B0E1813ED9EF2E4770C879BD14276 ft=1 fh=c7322977c9844bd5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Chris-USB\!Sicherung\agnes\Desktop\Softonic-de3.exe"
sh=078379F52A32E34A3CBAC7D6CE2AF06084680E86 ft=1 fh=4e25f64989058ae4 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Chris-USB\!Sicherung\Andreas\Desktop\media.player.codec.pack.v3.9.9.setup.exe"
sh=525F6675380B7C73089B5C41F6E831656B948F32 ft=1 fh=92c112b62bbd807e vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Chris-USB\!Sicherung\Andreas\Eigene Dateien\driverupdater.exe"
sh=3AFB53DDFC81A47E4335B232481F8D3A7469B1E5 ft=1 fh=73b161e50e1ad296 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\ministub.exe"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\Ashampoo_DE\ldrtbAsha.dll"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\Ashampoo_DE\tbAsha.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\ldrtbDVDV.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\tbDVDV.dll"
sh=0497DEF079C91A14CC54EBDC7E9025BB245B78C0 ft=1 fh=3602d6868b043d08 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\ldrtbpc_0.dll"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\ldrtbpc_2.dll"
sh=B5A8BD03570AD4B64DA1F3B99889A84DC2E8BF18 ft=1 fh=62cf372c5a341a16 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\tbpc_0.dll"
sh=32FE0A33D2A8505018E1F6B5F4DD06468B2A3931 ft=1 fh=1a7ec0b34028967e vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\tbpc_1.dll"
sh=A48E9D09D891F94FB40BF74B611E1FB95D1ED6A0 ft=1 fh=d6588fdcf23534bf vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\tbpc_2.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=041AC80970175315F820806E4ADC7A209055B969 ft=1 fh=b227b26e3e0b6bfa vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\SoftonicDownloader_fuer_media-player-codec-pack.exe"
sh=525F6675380B7C73089B5C41F6E831656B948F32 ft=1 fh=92c112b62bbd807e vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\!EigeneDateien\driverupdater.exe"
sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Arnold-Dreambox\!Arnold-USB\Von Arnold-DM 8000\Image\vlc-1.0.0-win32.exe"
sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Arnold-Dreambox\Lüfter und Bilder-DM8000\Dream.8000-Neu von Arnold\info von Arnold-DM 8000\Image\vlc-1.0.0-win32.exe"
sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Arnold-Dreambox\Lüfter und Bilder-DM8000\Dream.DM-8000 - Bilder\Von Arnold für DM 8000\vlc-1.0.0-win32.exe"
sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Arnold-Dreambox\Lüfter und Bilder-DM8000\Dream.DM-8000-Info\!Arnold-USB\Von Arnold-DM 8000\Image\vlc-1.0.0-win32.exe"
sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Bilder\Bilder Draembox\Lüfter und Bilder-DM8000\Dream.8000-Neu von Arnold\info von Arnold-DM 8000\Image\vlc-1.0.0-win32.exe"
sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Bilder\Bilder Draembox\Lüfter und Bilder-DM8000\Dream.DM-8000 - Bilder\Von Arnold für DM 8000\vlc-1.0.0-win32.exe"
sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Bilder\Bilder Draembox\Lüfter und Bilder-DM8000\Dream.DM-8000-Info\!Arnold-USB\Von Arnold-DM 8000\Image\vlc-1.0.0-win32.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7  x86 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
avast! Antivirus              
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 	14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 klwtblfs.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by Privat (administrator) on PRIVAT-PC on 21-08-2014 21:45:35
Running from C:\Users\Privat\Desktop\Neuer Ordner
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Englisch (USA)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
( ) C:\Windows\System32\lxctcoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\Lexmark 5400 Series\lxctmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 5400 Series\ezprint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [lxctmon.exe] => C:\Program Files\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM\...\Run: [Lexmark 5400 Series Fax Server] => C:\Program Files\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-11] (AVAST Software)
HKU\S-1-5-21-176602296-3208371113-2143824810-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632 2014-08-08] (Adobe Systems Incorporated)
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x573D51A2D7E5CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {F792531D-9E64-4113-AB12-FA02C0C3A494} URL = https://www.google.com/search?q={searchTerms}
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-29]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-08-11]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-08-11]

Chrome: 
=======
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Docs) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (Kaspersky Protection) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-08-15]
CHR Extension: (YouTube) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google-Suche) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-08-12]
CHR Extension: (avast! Online Security) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-20]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-08-12]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-08-15]
CHR Extension: (Virtual Keyboard) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Google Mail) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR Extension: (Anti-Banner) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-08-15]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-08-15]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-08-08] (Emsisoft GmbH)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-09] ()
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-08-08] (Emsisoft GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-08-11] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-08-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-08-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-08-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-08-11] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-13] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 catchme; \??\C:\Users\Privat\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 21:38 - 2014-08-21 21:38 - 00854417 _____ () C:\Users\Privat\Downloads\SecurityCheck.exe
2014-08-21 20:01 - 2014-08-21 20:01 - 00000000 ____D () C:\Program Files\ESET
2014-08-21 19:59 - 2014-08-21 19:59 - 02347384 _____ (ESET) C:\Users\Privat\Downloads\esetsmartinstaller_deu.exe
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 22:33 - 2014-08-13 22:33 - 01016261 _____ (Thisisu) C:\Users\Privat\Downloads\JRT.exe
2014-08-13 22:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-13 22:04 - 2014-08-13 22:24 - 00000000 ____D () C:\AdwCleaner
2014-08-12 23:12 - 2014-08-12 23:12 - 00000943 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-08-12 23:12 - 2014-08-12 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-12 23:11 - 2014-08-12 23:12 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Privat\Documents\PDF Architect 2
2014-08-12 23:09 - 2014-08-12 23:12 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-12 23:09 - 2014-08-12 23:09 - 00000949 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-12 23:09 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-08-12 23:09 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL
2014-08-12 23:09 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL
2014-08-12 23:09 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL
2014-08-12 23:09 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\MSCC2DE.DLL
2014-08-12 22:34 - 2014-08-12 22:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-12 21:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-12 21:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-12 21:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-12 21:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-12 21:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-12 21:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-12 21:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-12 21:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-12 21:38 - 2014-08-12 22:07 - 00000000 ____D () C:\Qoobox
2014-08-12 21:37 - 2014-08-12 22:02 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 21:36 - 2014-08-12 21:36 - 05569662 ____R (Swearware) C:\Users\Privat\Downloads\ComboFix.exe
2014-08-12 21:25 - 2014-08-12 21:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-12 21:24 - 2014-08-12 21:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Privat\Downloads\revosetup95.exe
2014-08-12 21:21 - 2014-08-21 21:45 - 00000000 ____D () C:\Users\Privat\Desktop\Neuer Ordner
2014-08-12 18:49 - 2014-08-21 21:45 - 00000000 ____D () C:\FRST
2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-11 23:34 - 2014-08-11 23:56 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-11 23:34 - 2014-08-11 23:56 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-11 23:33 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-08-11 23:33 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-08-11 23:33 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-08-11 23:33 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-08-11 23:33 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-08-11 22:53 - 2014-08-21 21:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-11 22:53 - 2014-08-11 23:34 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe
2014-08-11 22:15 - 2014-08-11 22:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-11 22:15 - 2014-08-11 22:18 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-11 22:15 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-08-11 22:12 - 2014-08-11 22:14 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe
2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe
2014-08-09 01:08 - 2014-08-13 21:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-09 01:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-09 01:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-09 01:08 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-08-08 23:53 - 2014-08-09 00:43 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg
2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log
2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk
2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK
2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine
2014-08-08 22:27 - 2014-08-08 22:36 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe
2014-08-08 22:05 - 2014-08-08 22:06 - 00000000 ____D () C:\Program Files\stinger
2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe
2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia
2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini
2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer
2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe
2014-07-30 12:22 - 2014-08-01 09:13 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 21:46 - 2014-08-11 22:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-21 21:45 - 2014-08-12 21:21 - 00000000 ____D () C:\Users\Privat\Desktop\Neuer Ordner
2014-08-21 21:45 - 2014-08-12 18:49 - 00000000 ____D () C:\FRST
2014-08-21 21:38 - 2014-08-21 21:38 - 00854417 _____ () C:\Users\Privat\Downloads\SecurityCheck.exe
2014-08-21 21:37 - 2013-05-27 09:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 20:01 - 2014-08-21 20:01 - 00000000 ____D () C:\Program Files\ESET
2014-08-21 19:59 - 2014-08-21 19:59 - 02347384 _____ (ESET) C:\Users\Privat\Downloads\esetsmartinstaller_deu.exe
2014-08-21 19:33 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 19:33 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 19:29 - 2012-06-13 22:11 - 01544117 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 19:26 - 2014-04-14 22:54 - 00000000 ___RD () C:\Users\Privat\Dropbox
2014-08-21 19:26 - 2014-04-14 22:50 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Dropbox
2014-08-21 19:25 - 2012-12-29 18:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-08-21 19:25 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 19:25 - 2009-07-14 06:39 - 00124001 _____ () C:\Windows\setupact.log
2014-08-15 10:26 - 2014-04-14 22:54 - 00001021 _____ () C:\Users\Privat\Desktop\Dropbox.lnk
2014-08-15 10:26 - 2014-04-14 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 10:21 - 2012-12-29 21:18 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Skype
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 22:33 - 2014-08-13 22:33 - 01016261 _____ (Thisisu) C:\Users\Privat\Downloads\JRT.exe
2014-08-13 22:26 - 2012-12-29 19:29 - 00116962 _____ () C:\Windows\PFRO.log
2014-08-13 22:24 - 2014-08-13 22:04 - 00000000 ____D () C:\AdwCleaner
2014-08-13 22:02 - 2012-12-29 21:09 - 00001093 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-13 22:02 - 2012-12-29 21:09 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-13 21:58 - 2014-08-09 01:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 21:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-12 23:12 - 2014-08-12 23:12 - 00000943 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-08-12 23:12 - 2014-08-12 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-12 23:12 - 2014-08-12 23:11 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-12 23:12 - 2014-08-12 23:09 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Privat\Documents\PDF Architect 2
2014-08-12 23:09 - 2014-08-12 23:09 - 00000949 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-12 22:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-12 22:34 - 2014-08-12 22:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-12 22:34 - 2013-07-03 09:36 - 00000000 ____D () C:\Program Files\Java
2014-08-12 22:30 - 2013-11-25 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-08-12 22:30 - 2012-12-29 21:22 - 00000000 ____D () C:\Program Files\DivX
2014-08-12 22:30 - 2012-12-29 21:20 - 00000000 ____D () C:\ProgramData\DivX
2014-08-12 22:07 - 2014-08-12 21:38 - 00000000 ____D () C:\Qoobox
2014-08-12 22:07 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-08-12 22:07 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-08-12 22:02 - 2014-08-12 21:37 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 21:59 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-08-12 21:58 - 2009-07-14 04:03 - 37224448 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-12 21:58 - 2009-07-14 04:03 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-12 21:50 - 2014-06-14 19:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-12 21:36 - 2014-08-12 21:36 - 05569662 ____R (Swearware) C:\Users\Privat\Downloads\ComboFix.exe
2014-08-12 21:25 - 2014-08-12 21:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-12 21:24 - 2014-08-12 21:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Privat\Downloads\revosetup95.exe
2014-08-12 21:22 - 2014-04-20 19:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-11 23:56 - 2014-08-11 23:34 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-11 23:56 - 2014-08-11 23:34 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-11 23:56 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-08-11 23:56 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-08-11 23:56 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-11 23:34 - 2014-08-11 22:53 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-08-11 23:34 - 2012-06-13 22:14 - 01522236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 23:33 - 2012-12-29 19:18 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-11 22:57 - 2014-03-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-11 22:57 - 2012-12-29 21:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe
2014-08-11 22:43 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-11 22:18 - 2014-08-11 22:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-11 22:14 - 2014-08-11 22:12 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe
2014-08-11 22:03 - 2013-11-29 19:46 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-11 21:59 - 2013-11-29 19:47 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-11 21:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-08-11 21:43 - 2014-06-21 21:04 - 00000000 ____D () C:\ProgramData\AppSnow
2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe
2014-08-11 12:49 - 2012-12-29 21:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\GG
2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 01:02 - 2014-01-15 11:54 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-09 01:02 - 2013-11-29 19:46 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-09 01:02 - 2013-11-29 19:46 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-09 00:43 - 2014-08-08 23:53 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg
2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log
2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk
2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK
2014-08-08 22:37 - 2012-06-13 22:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-08 22:37 - 2012-06-13 22:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-08 22:36 - 2014-08-08 22:27 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe
2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine
2014-08-08 22:07 - 2014-06-14 19:19 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5
2014-08-08 22:06 - 2014-08-08 22:05 - 00000000 ____D () C:\Program Files\stinger
2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe
2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia
2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini
2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer
2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe
2014-08-01 09:13 - 2014-07-30 12:22 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp
2014-08-01 09:09 - 2013-03-13 15:21 - 00000000 ____D () C:\Users\Privat\Documents\Briefe

Some content of TEMP:
====================
C:\Users\Privat\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2itymi.dll
C:\Users\Privat\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 11:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2014
Ran by Privat at 2014-08-21 21:46:27
Running from C:\Users\Privat\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GG (HKCU\...\GG) (Version: 11 - GG Network S.A.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (Version: 12.0.1.881 - Kaspersky Lab) Hidden
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WinISO (HKLM\...\WinISO) (Version: 6.3.0.4722 - WinISO Computing Inc.)
WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version:  - )
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-06-2014 19:43:17 Geplanter Prüfpunkt
28-07-2014 08:07:23 Geplanter Prüfpunkt
07-08-2014 09:28:41 Geplanter Prüfpunkt
08-08-2014 23:01:10 avast! antivirus system restore point
11-08-2014 19:58:16 avast! antivirus system restore point
11-08-2014 21:33:01 Windows Update
12-08-2014 19:29:21 Revo Uninstaller's restore point - SkypEmoticons
12-08-2014 21:11:32 Installed PDF Architect 2 View Module

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-08-12 21:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {22D86BC8-EA60-4BCD-97D7-94439E6FF99B} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
Task: {41CCEEF2-8660-4EAE-8A60-8075C4508786} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-08] (Adobe Systems Incorporated)
Task: {850C1976-76C0-4E93-82EA-9729695A0D05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {AE0A3BD8-C696-45E4-98F5-9B640140218A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BF2A583E-0C1A-4772-8BDC-128DE97A2365} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {D6936D74-F0D2-4B87-A6BF-E193BCD06580} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-09] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-08-09 01:01 - 2014-08-09 01:01 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-15 09:32 - 2014-08-15 09:32 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081500\algo.dll
2014-08-21 19:26 - 2014-08-21 19:26 - 02800128 _____ () C:\Program Files\AVAST Software\Avast\defs\14082100\algo.dll
2013-01-05 17:28 - 2006-10-18 07:36 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll
2013-01-05 17:28 - 2006-10-18 06:30 - 00032768 _____ () C:\Program Files\Lexmark 5400 Series\ipcmt.dll
2013-01-05 17:28 - 2006-10-18 07:43 - 00012288 _____ () C:\Windows\System32\lxctpmrc.dll
2013-01-05 17:28 - 2006-11-13 05:35 - 00118784 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxctdrpp.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2003-07-11 03:09 - 2003-07-11 03:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2013-01-05 17:28 - 2006-11-22 11:11 - 00291760 _____ () C:\Program Files\Lexmark 5400 Series\lxctmon.exe
2013-01-05 17:28 - 2006-08-08 16:54 - 00278528 _____ () C:\Program Files\Lexmark 5400 Series\lxctscw.dll
2013-01-05 17:28 - 2006-06-09 03:39 - 00143360 _____ () C:\Program Files\Lexmark 5400 Series\lxctdrec.dll
2013-01-05 17:28 - 2006-05-25 17:20 - 00241664 _____ () C:\Program Files\Lexmark 5400 Series\iptk.dll
2014-08-09 01:02 - 2014-08-09 01:02 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-21 19:26 - 2014-08-21 19:26 - 00043008 _____ () c:\users\privat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2itymi.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Privat\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-11 22:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-11 22:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-11 22:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2006-08-08 16:58 - 2006-08-08 16:58 - 00692224 _____ () C:\Windows\system32\lxctdrs.dll
2006-08-14 18:17 - 2006-08-14 18:17 - 00065536 _____ () C:\Windows\system32\lxctcaps.dll
2006-05-03 15:31 - 2006-05-03 15:31 - 00061440 _____ () C:\Windows\system32\lxctcnv4.dll
2014-08-11 22:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-11 22:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-04-20 19:33 - 2014-08-12 21:22 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GG => "C:\Users\Privat\AppData\Local\GG\Application\gghub.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: LXCTCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2014 09:32:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1
Name des fehlerhaften Moduls: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1
Ausnahmecode: 0x40000015
Fehleroffset: 0x0029bc69
ID des fehlerhaften Prozesses: 0xbf4
Startzeit der fehlerhaften Anwendung: 0xTeamViewer_Service.exe0
Pfad der fehlerhaften Anwendung: TeamViewer_Service.exe1
Pfad des fehlerhaften Moduls: TeamViewer_Service.exe2
Berichtskennung: TeamViewer_Service.exe3


System errors:
=============
Error: (08/21/2014 08:29:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (08/21/2014 08:28:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (08/21/2014 08:28:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (08/21/2014 08:19:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (08/21/2014 08:19:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (08/21/2014 08:19:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (08/21/2014 08:19:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (08/21/2014 07:28:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/21/2014 07:26:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/21/2014 07:26:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.


Microsoft Office Sessions:
=========================
Error: (08/15/2014 09:32:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TeamViewer_Service.exe9.0.29947.053b3dcf1TeamViewer_Service.exe9.0.29947.053b3dcf1400000150029bc69bf401cfb85b0d7df43ac:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exec:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe5c760e99-244e-11e4-b720-386077e3971b


CodeIntegrity Errors:
===================================
  Date: 2014-08-12 21:45:23.924
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-12 21:45:23.924
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 57%
Total physical RAM: 3549.12 MB
Available physical RAM: 1491.13 MB
Total Pagefile: 7096.51 MB
Available Pagefile: 4798.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.9 GB) (Free:111.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: (Bilder & Filme) (Fixed) (Total:100 GB) (Free:81.44 GB) NTFS
Drive h: (Volume) (Fixed) (Total:166.02 GB) (Free:46.89 GB) NTFS
Drive i: (Volume) (Fixed) (Total:199.74 GB) (Free:49.84 GB) NTFS
Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 95B995B9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=149.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 11C911C9)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=166 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=199.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 22.08.2014, 19:19   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Avast - ....durch eine gruppenrichtlinie blockiert - Standard

Avast - ....durch eine gruppenrichtlinie blockiert



Java updaten. Windows updaten, da fehlt ein Servicepack!!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Avast - ....durch eine gruppenrichtlinie blockiert
conduit.search, conduit.search entfernen, conduitsearch, conduitsearch entfernen, deinstalliere, gruppenrichtlinie, gruppenrichtlinie blockiert, problem, pup.optional.conduit.a, pup.optional.multiplug, pup.optional.trovi.a, pup.optional.valueapps.a, tools, win32/conduit.searchprotect.n, win32/installmonetizer.aq, win32/pricegong.a, win32/softonicdownloader.a, win32/systweak.h, win32/toolbar.conduit.b, win32/toolbar.conduit.p, win32/toolbar.conduit.s, win32/toolbar.conduit.x, win32/toolbar.conduit.y, win32/toolbar.widgi, win64/toolbar.conduit.b, wirklich




Ähnliche Themen: Avast - ....durch eine gruppenrichtlinie blockiert


  1. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 27.11.2014 (11)
  2. Avast-dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 08.10.2014 (4)
  3. Win 7: Avast Antivir Fehler "dieses Programm wurde durch eine Gruppenrichtlinie blockiert [...]"
    Log-Analyse und Auswertung - 08.10.2014 (8)
  4. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 18.09.2014 (19)
  5. Avast - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 09.09.2014 (5)
  6. Avast durch Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (8)
  7. "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert." (AVAST)
    Plagegeister aller Art und deren Bekämpfung - 21.07.2014 (12)
  8. Trojaner? Avast wurde durch eine Gruppenrichtlinie blockiert.
    Plagegeister aller Art und deren Bekämpfung - 25.06.2014 (25)
  9. Dieses Programm wurde durch eine Gruppenrichtlinie blockiert... Avast und Antivir lassen sich nicht mehr starten!
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (17)
  10. Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator.
    Log-Analyse und Auswertung - 18.06.2014 (19)
  11. Problem avast zu öffnen - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 17.06.2014 (19)
  12. Avast durch Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (13)
  13. Avast durch Gruppenrichtlinie blockiert.
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (5)
  14. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 22.05.2014 (7)
  15. Avast - Datei wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 02.05.2014 (15)
  16. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 30.04.2014 (11)
  17. Avast durch Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 04.04.2014 (11)

Zum Thema Avast - ....durch eine gruppenrichtlinie blockiert - Hallo zusammen, ich habe ein Problem, bei dem ich langsam nicht mehr weiter komme. Beim Versuch Avast zu Starten, erhalte ich folgende Meldung: dieses Programm wurde durch eine gruppenrichtlinie blockiert - Avast - ....durch eine gruppenrichtlinie blockiert...
Archiv
Du betrachtest: Avast - ....durch eine gruppenrichtlinie blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.