|
Log-Analyse und Auswertung: Avast - ....durch eine gruppenrichtlinie blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.08.2014, 13:17 | #1 |
| Avast - ....durch eine gruppenrichtlinie blockiert Hallo zusammen, ich habe ein Problem, bei dem ich langsam nicht mehr weiter komme. Beim Versuch Avast zu Starten, erhalte ich folgende Meldung: dieses Programm wurde durch eine gruppenrichtlinie blockiert und lässt sich weder starten noch deinstallieren. Ich habe nun eine vielzahl von Antivirentools durchlaufen lassen, bis auf ein paar Kleinigkeiten hab ich aber nicht wirklich was gefunden. Problem mit der Richtlinie besteht weiterhin, daher nehme ich an, dass noch nicht alles gesäubert ist. Über ein wenig Hilfe würde ich mich freuen. |
12.08.2014, 13:21 | #2 |
/// the machine /// TB-Ausbilder | Avast - ....durch eine gruppenrichtlinie blockiert hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
12.08.2014, 19:30 | #3 |
| Avast - ....durch eine gruppenrichtlinie blockiert Danke für Deine schnelle Antwort. Ich war tagsüber am arbeiten, daher konnte ich es erst jetzt durchführen.
__________________Wie man sieht, habe ich aktuell 2 Virenscanner. Ursprünglich hatte ich den von Avast. Den Kaspersky habe ich erst gestern Abend ganz zum Schluß installiert, aber auch er hat nicht angeschlagen. Hier die Logs: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-08-2014 Ran by Privat (administrator) on PRIVAT-PC on 12-08-2014 18:51:03 Running from C:\Users\Privat\Desktop Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe ( ) C:\Windows\System32\lxctcoms.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe () C:\Program Files\Lexmark 5400 Series\lxctmon.exe (Lexmark International Inc.) C:\Program Files\Lexmark 5400 Series\ezprint.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Dropbox, Inc.) C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-176602296-3208371113-2143824810-1001\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO) HKU\S-1-5-21-176602296-3208371113-2143824810-1001\...\MountPoints2: {f265ecdc-b592-11e1-9884-806e6f6e6963} - E:\Bin\Assetup.exe Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x573D51A2D7E5CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 SearchScopes: HKCU - DefaultScope {166D820D-915D-47D1-A926-5FECE97F48C0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312523&CUI=UN18336296927850970&UM=1 SearchScopes: HKCU - {166D820D-915D-47D1-A926-5FECE97F48C0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312523&CUI=UN18336296927850970&UM=1 SearchScopes: HKCU - {8E10D3CF-AEA7-4A1C-BED2-CC137D173BB6} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=0B8502B0-CE1B-4149-986F-AFD5A257B281&apn_sauid=4901D7EE-7161-44F6-822F-452DB2558F9B SearchScopes: HKCU - {F792531D-9E64-4113-AB12-FA02C0C3A494} URL = https://www.google.com/search?q={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default FF DefaultSearchEngine: DivX Browser Bar DE Customized Web Search FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: DivX Browser Bar DE Customized Web Search FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN57436081810220232&UM=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DivX Browser Bar DE - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Extensions\{6dad39c6-f4ac-4984-8e9b-f666269b9eb1} [2014-08-11] FF Extension: Firefox Old Version Update Hotfix - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-29] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-08-11] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR NewTab: "chrome-extension://nbhipompgkickajjkeoahffanickliji/newtab.html", "chrome-extension://mfeeblhkgkdkklmejjleemakllnficib/newtab.html", "chrome-extension://jgpkoeimeohmklglgekpoffibjmmcjij/newtab.html" CHR Extension: (saovoe onn) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij [2014-06-21] CHR Extension: (Google Docs) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20] CHR Extension: (Google Drive) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20] CHR Extension: (saevee on) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak [2014-06-21] CHR Extension: (YouTube) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20] CHR Extension: (Google-Suche) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-08-12] CHR Extension: (FeedSquares Supercharge your Google Reader) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi [2014-06-21] CHR Extension: (avast! Online Security) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-20] CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-08-12] CHR Extension: (Virtual Keyboard) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-08-12] CHR Extension: (saave OaN) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof [2014-06-21] CHR Extension: (Searcch-NewTaab) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij [2014-06-21] CHR Extension: (SearCh-NEWTab) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib [2014-06-21] CHR Extension: (Searcih-NeewTAb) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji [2014-06-21] CHR Extension: (Google Wallet) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20] CHR Extension: (Google Mail) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20] CHR Extension: (saovoe onn) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14 [2014-06-21] CHR Extension: (saevee on) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14 [2014-06-21] CHR Extension: (saave OaN) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14 [2014-06-21] CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-06-21] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO) R2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( ) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-08-08] (Emsisoft GmbH) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-09] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-09] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-09] () S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-08-08] (Emsisoft GmbH) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-08-11] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-08-11] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-08-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-08-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-08-11] (Kaspersky Lab ZAO) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] () R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [121600 2012-12-05] (WinISO.com) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 18:51 - 2014-08-12 18:51 - 00019936 _____ () C:\Users\Privat\Desktop\FRST.txt 2014-08-12 18:49 - 2014-08-12 18:51 - 00000000 ____D () C:\FRST 2014-08-12 18:40 - 2014-08-12 18:40 - 01091584 _____ (Farbar) C:\Users\Privat\Desktop\FRST.exe 2014-08-11 23:41 - 2014-08-12 18:33 - 00002236 _____ () C:\Users\Privat\Desktop\Sicherer Zahlungsverkehr.lnk 2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-08-11 23:36 - 2014-08-11 23:35 - 00001054 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-08-11 23:34 - 2014-08-11 23:56 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-08-11 23:34 - 2014-08-11 23:56 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-08-11 23:33 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-08-11 23:33 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2014-08-11 23:33 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2014-08-11 23:33 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2014-08-11 23:33 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2014-08-11 22:53 - 2014-08-12 18:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-08-11 22:53 - 2014-08-11 23:34 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-08-11 22:53 - 2014-08-11 22:53 - 00001007 _____ () C:\Users\Privat\Desktop\Kaspersky Security Scan.lnk 2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan 2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe 2014-08-11 22:15 - 2014-08-11 22:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-11 22:15 - 2014-08-11 22:18 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-08-11 22:15 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2014-08-11 22:12 - 2014-08-11 22:14 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe 2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe 2014-08-09 01:08 - 2014-08-11 21:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-09 01:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-09 01:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 01:08 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-09 00:37 - 2014-08-09 00:37 - 00004196 _____ () C:\Users\Privat\Desktop\hijackthis.log 2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe 2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe 2014-08-08 23:53 - 2014-08-09 00:43 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg 2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log 2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk 2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK 2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine 2014-08-08 22:27 - 2014-08-08 22:36 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe 2014-08-08 22:05 - 2014-08-08 22:06 - 00000000 ____D () C:\Program Files\stinger 2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe 2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia 2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini 2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer 2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe 2014-07-30 12:22 - 2014-08-01 09:13 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 18:51 - 2014-08-12 18:51 - 00019936 _____ () C:\Users\Privat\Desktop\FRST.txt 2014-08-12 18:51 - 2014-08-12 18:49 - 00000000 ____D () C:\FRST 2014-08-12 18:49 - 2014-08-11 22:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-08-12 18:40 - 2014-08-12 18:40 - 01091584 _____ (Farbar) C:\Users\Privat\Desktop\FRST.exe 2014-08-12 18:39 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-12 18:39 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-12 18:37 - 2013-05-27 09:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-12 18:35 - 2012-06-13 22:11 - 01512877 _____ () C:\Windows\WindowsUpdate.log 2014-08-12 18:33 - 2014-08-11 23:41 - 00002236 _____ () C:\Users\Privat\Desktop\Sicherer Zahlungsverkehr.lnk 2014-08-12 18:32 - 2014-04-14 22:54 - 00000000 ___RD () C:\Users\Privat\Dropbox 2014-08-12 18:32 - 2014-04-14 22:50 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Dropbox 2014-08-12 18:32 - 2013-05-05 22:44 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-12 18:32 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-12 18:32 - 2009-07-14 06:39 - 00123385 _____ () C:\Windows\setupact.log 2014-08-12 18:31 - 2012-12-29 18:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-08-11 23:56 - 2014-08-11 23:34 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-08-11 23:56 - 2014-08-11 23:34 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-08-11 23:56 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-08-11 23:56 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-08-11 23:56 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-08-11 23:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-11 23:39 - 2012-12-29 19:29 - 00114434 _____ () C:\Windows\PFRO.log 2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-08-11 23:35 - 2014-08-11 23:36 - 00001054 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-08-11 23:34 - 2014-08-11 22:53 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-08-11 23:34 - 2012-06-13 22:14 - 01522236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-11 23:33 - 2012-12-29 19:18 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-08-11 23:22 - 2013-05-05 22:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-11 22:57 - 2014-03-07 21:07 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-08-11 22:57 - 2014-03-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-11 22:57 - 2012-12-29 21:17 - 00000000 ____D () C:\ProgramData\Skype 2014-08-11 22:53 - 2014-08-11 22:53 - 00001007 _____ () C:\Users\Privat\Desktop\Kaspersky Security Scan.lnk 2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan 2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe 2014-08-11 22:43 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-11 22:18 - 2014-08-11 22:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-08-11 22:14 - 2014-08-11 22:12 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe 2014-08-11 22:03 - 2013-11-29 19:46 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-11 21:59 - 2013-11-29 19:47 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-11 21:55 - 2014-06-14 19:09 - 00000000 ____D () C:\ProgramData\TEMP 2014-08-11 21:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2014-08-11 21:43 - 2014-06-21 21:04 - 00000000 ____D () C:\ProgramData\AppSnow 2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe 2014-08-11 21:07 - 2014-08-09 01:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-11 12:49 - 2012-12-29 21:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\GG 2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-09 01:02 - 2014-01-15 11:54 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-09 01:02 - 2013-11-29 19:46 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-09 00:43 - 2014-08-08 23:53 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg 2014-08-09 00:37 - 2014-08-09 00:37 - 00004196 _____ () C:\Users\Privat\Desktop\hijackthis.log 2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe 2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe 2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log 2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk 2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK 2014-08-08 22:37 - 2012-06-13 22:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-08 22:37 - 2012-06-13 22:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-08 22:36 - 2014-08-08 22:27 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe 2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine 2014-08-08 22:07 - 2014-06-14 19:19 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5 2014-08-08 22:06 - 2014-08-08 22:05 - 00000000 ____D () C:\Program Files\stinger 2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe 2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia 2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini 2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer 2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe 2014-08-08 21:24 - 2014-04-14 22:54 - 00001021 _____ () C:\Users\Privat\Desktop\Dropbox.lnk 2014-08-08 21:24 - 2014-04-14 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-01 09:13 - 2014-07-30 12:22 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp 2014-08-01 09:09 - 2013-03-13 15:21 - 00000000 ____D () C:\Users\Privat\Documents\Briefe Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\Driver_Pro.exe C:\Users\Administrator\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\Administrator\AppData\Local\Temp\nsb2A7C.exe C:\Users\Administrator\AppData\Local\Temp\optprosetup.exe C:\Users\Administrator\AppData\Local\Temp\sSetup-se.exe C:\Users\Krystina\AppData\Local\Temp\GLFA181.tmp.ConduitEngineSetup.exe C:\Users\Krystina\AppData\Local\Temp\Myashampoo.exe C:\Users\Krystina\AppData\Local\Temp\SecondStepInstaller.exe C:\Users\Privat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplloobz.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 11:21 ==================== End Of Log ============================ --- --- --- [/CODE] Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-08-2014 Ran by Privat at 2014-08-12 18:51:50 Running from C:\Users\Privat\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC) Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.) GG (HKCU\...\GG) (Version: 11 - GG Network S.A.) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab) Kaspersky Security Scan (Version: 12.0.1.881 - Kaspersky Lab) Hidden Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.) SkypEmoticons (HKLM\...\SkypEmoticons_is1) (Version: - ) <==== ATTENTION Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden WinISO (HKLM\...\WinISO) (Version: 6.3.0.4722 - WinISO Computing Inc.) WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version: - ) WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 29-05-2014 13:10:03 Geplanter Prüfpunkt 29-05-2014 15:06:18 Windows Update 29-05-2014 15:10:06 Windows Update 21-06-2014 19:43:17 Geplanter Prüfpunkt 28-07-2014 08:07:23 Geplanter Prüfpunkt 07-08-2014 09:28:41 Geplanter Prüfpunkt 08-08-2014 23:01:10 avast! antivirus system restore point 11-08-2014 19:58:16 avast! antivirus system restore point 11-08-2014 21:33:01 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {10141FFD-1F64-45A2-9AB0-518C5DDE0ABF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe Task: {22D86BC8-EA60-4BCD-97D7-94439E6FF99B} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe Task: {41CCEEF2-8660-4EAE-8A60-8075C4508786} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-08] (Adobe Systems Incorporated) Task: {850C1976-76C0-4E93-82EA-9729695A0D05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {AE0A3BD8-C696-45E4-98F5-9B640140218A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {BF2A583E-0C1A-4772-8BDC-128DE97A2365} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: {D6936D74-F0D2-4B87-A6BF-E193BCD06580} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-09] (AVAST Software) Task: {F092003B-4433-4CD5-A310-FD79C5A5CC6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-09 01:01 - 2014-08-09 01:01 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-08-11 20:59 - 2014-08-11 20:59 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081101\algo.dll 2014-08-12 18:32 - 2014-08-12 18:32 - 02786304 _____ () C:\Program Files\AVAST Software\Avast\defs\14081200\algo.dll 2013-01-05 17:28 - 2006-10-18 07:36 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll 2013-01-05 17:28 - 2006-10-18 06:30 - 00032768 _____ () C:\Program Files\Lexmark 5400 Series\ipcmt.dll 2013-01-05 17:28 - 2006-10-18 07:43 - 00012288 _____ () C:\Windows\System32\lxctpmrc.dll 2013-01-05 17:28 - 2006-11-13 05:35 - 00118784 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxctdrpp.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2014-08-11 22:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-11 22:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-11 22:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-08-11 22:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2014-08-11 22:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2006-08-08 16:58 - 2006-08-08 16:58 - 00692224 _____ () C:\Windows\system32\lxctdrs.dll 2006-08-14 18:17 - 2006-08-14 18:17 - 00065536 _____ () C:\Windows\system32\lxctcaps.dll 2006-05-03 15:31 - 2006-05-03 15:31 - 00061440 _____ () C:\Windows\system32\lxctcnv4.dll 2013-01-05 17:28 - 2006-11-22 11:11 - 00291760 _____ () C:\Program Files\Lexmark 5400 Series\lxctmon.exe 2013-01-05 17:28 - 2006-08-08 16:54 - 00278528 _____ () C:\Program Files\Lexmark 5400 Series\lxctscw.dll 2013-01-05 17:28 - 2006-06-09 03:39 - 00143360 _____ () C:\Program Files\Lexmark 5400 Series\lxctdrec.dll 2013-01-05 17:28 - 2006-05-25 17:20 - 00241664 _____ () C:\Program Files\Lexmark 5400 Series\iptk.dll 2014-08-12 18:32 - 2014-08-12 18:32 - 00043008 _____ () c:\users\privat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplloobz.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Privat\AppData\Roaming\Dropbox\bin\libcef.dll 2003-07-11 03:09 - 2003-07-11 03:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: fixghesj => regsvr32.exe "C:\ProgramData\fixghesj.dat" MSCONFIG\startupreg: GG => "C:\Users\Privat\AppData\Local\GG\Application\gghub.exe" MSCONFIG\startupreg: LXCTCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s MSCONFIG\startupreg: se => "C:\Users\Administrator\AppData\Roaming\SkypEmoticons\SE.exe" /minimized MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: THGuard => "C:\Program Files\TrojanHunter 5.5\THGuard.exe" MSCONFIG\startupreg: TrojanScanner => C:\Program Files\Trojan Remover\Trjscan.exe /boot MSCONFIG\startupreg: UhokrUbwuy => regsvr32.exe "C:\ProgramData\UhokrUbwuy.dat" MSCONFIG\startupreg: xhcmah => regsvr32.exe "C:\ProgramData\xhcmah.dat" MSCONFIG\startupreg: xndcavzi => regsvr32.exe "C:\ProgramData\xndcavzi.dat" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/12/2014 06:32:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1 Name des fehlerhaften Moduls: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1 Ausnahmecode: 0x40000015 Fehleroffset: 0x0029bc69 ID des fehlerhaften Prozesses: 0x8c0 Startzeit der fehlerhaften Anwendung: 0xTeamViewer_Service.exe0 Pfad der fehlerhaften Anwendung: TeamViewer_Service.exe1 Pfad des fehlerhaften Moduls: TeamViewer_Service.exe2 Berichtskennung: TeamViewer_Service.exe3 Error: (08/11/2014 10:57:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/11/2014 10:18:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/11/2014 10:17:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/11/2014 10:16:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/11/2014 10:16:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/11/2014 10:16:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/11/2014 10:01:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/11/2014 09:58:13 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {ea16d743-312e-4c0c-9ce8-310ccc4862b5} Error: (08/11/2014 09:52:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1 Name des fehlerhaften Moduls: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1 Ausnahmecode: 0x40000015 Fehleroffset: 0x0029bc69 ID des fehlerhaften Prozesses: 0x158 Startzeit der fehlerhaften Anwendung: 0xTeamViewer_Service.exe0 Pfad der fehlerhaften Anwendung: TeamViewer_Service.exe1 Pfad des fehlerhaften Moduls: TeamViewer_Service.exe2 Berichtskennung: TeamViewer_Service.exe3 System errors: ============= Error: (08/12/2014 06:34:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/11/2014 11:57:00 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (08/11/2014 11:42:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/11/2014 10:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/11/2014 10:16:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (08/11/2014 10:03:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/11/2014 09:54:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/11/2014 09:51:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (08/11/2014 09:01:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/11/2014 09:41:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (08/12/2014 06:32:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TeamViewer_Service.exe9.0.29947.053b3dcf1TeamViewer_Service.exe9.0.29947.053b3dcf1400000150029bc698c001cfb64afcc93965c:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exec:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe3f1de281-223e-11e4-956d-386077e3971b Error: (08/11/2014 10:57:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (08/11/2014 10:18:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (08/11/2014 10:17:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (08/11/2014 10:16:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (08/11/2014 10:16:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (08/11/2014 10:16:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (08/11/2014 10:01:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (08/11/2014 09:58:13 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {ea16d743-312e-4c0c-9ce8-310ccc4862b5} Error: (08/11/2014 09:52:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TeamViewer_Service.exe9.0.29947.053b3dcf1TeamViewer_Service.exe9.0.29947.053b3dcf1400000150029bc6915801cfb59dc47a4e0bc:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exec:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe0a9f8594-2191-11e4-8584-386077e3971b ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 3549.12 MB Available physical RAM: 2291.5 MB Total Pagefile: 7096.51 MB Available Pagefile: 5473.57 MB Total Virtual: 2047.88 MB Available Virtual: 1877.4 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.9 GB) (Free:111.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive g: (Bilder & Filme) (Fixed) (Total:100 GB) (Free:81.41 GB) NTFS Drive h: (Volume) (Fixed) (Total:166.02 GB) (Free:46.8 GB) NTFS Drive i: (Volume) (Fixed) (Total:199.74 GB) (Free:49.7 GB) NTFS Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 95B995B9) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=150 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 466 GB) (Disk ID: 11C911C9) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=166 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
12.08.2014, 19:32 | #4 |
/// the machine /// TB-Ausbilder | Avast - ....durch eine gruppenrichtlinie blockiert Adware & Co. deinstallieren
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.08.2014, 21:17 | #5 |
| Avast - ....durch eine gruppenrichtlinie blockiert hier die Logs: Avast funktioniert nun wieder. Darf ich fragen, was da passiert ist? War es denn noch ein Virus? Danke schon mal! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-08-2014 Ran by Privat at 2014-08-12 21:33:39 Run:1 Running from C:\Users\Privat\Desktop\Neuer Ordner Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION ***************** HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. ==== End of Fixlog ==== Code:
ATTFilter ComboFix 14-08-12.01 - Privat 12.08.2014 21:46:17.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.3549.2243 [GMT 2:00] ausgeführt von:: c:\users\Privat\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\16vlrfgj@uioiaea.com c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\16vlrfgj@uioiaea.com\bootstrap.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\16vlrfgj@uioiaea.com\chrome.manifest c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\16vlrfgj@uioiaea.com\content\bg.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\16vlrfgj@uioiaea.com\install.rdf c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\jthqu.auai@uyiuryqh.org c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\jthqu.auai@uyiuryqh.org\bootstrap.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\jthqu.auai@uyiuryqh.org\chrome.manifest c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\jthqu.auai@uyiuryqh.org\content\bg.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\jthqu.auai@uyiuryqh.org\install.rdf c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ldtzskwos@jybta-.net c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ldtzskwos@jybta-.net\bootstrap.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ldtzskwos@jybta-.net\chrome.manifest c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ldtzskwos@jybta-.net\content\bg.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ldtzskwos@jybta-.net\install.rdf c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ostjla_uiee@s-gfu.net c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ostjla_uiee@s-gfu.net\bootstrap.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ostjla_uiee@s-gfu.net\chrome.manifest c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ostjla_uiee@s-gfu.net\content\bg.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\ostjla_uiee@s-gfu.net\install.rdf c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\staged\uegkbw8h2yq@eoiyioe.com c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\staged\uegkbw8h2yq@eoiyioe.com\bootstrap.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\staged\uegkbw8h2yq@eoiyioe.com\chrome.manifest c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\staged\uegkbw8h2yq@eoiyioe.com\content\bg.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\staged\uegkbw8h2yq@eoiyioe.com\install.rdf c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wnym@lhrtq.co.uk c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wnym@lhrtq.co.uk\bootstrap.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wnym@lhrtq.co.uk\chrome.manifest c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wnym@lhrtq.co.uk\content\bg.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wnym@lhrtq.co.uk\install.rdf c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wtd8.jsl@iuauu-aw.co.uk c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wtd8.jsl@iuauu-aw.co.uk\bootstrap.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wtd8.jsl@iuauu-aw.co.uk\chrome.manifest c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wtd8.jsl@iuauu-aw.co.uk\content\bg.js c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\extensions\wtd8.jsl@iuauu-aw.co.uk\install.rdf c:\users\Administrator\AppData\Roaming\regsvr32.exe_log.txt c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js |
12.08.2014, 21:19 | #6 |
| Avast - ....durch eine gruppenrichtlinie blockiertCode:
ATTFilter c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Krystina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Krystina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Krystina\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Krystina\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Privat\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Privat\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Privat\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html c:\users\Privat\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\background.html c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\bHUBWP1N5ec.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\content.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\lsdb.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\aeihaoaoecgdpfagfhiiohpoaefjmpij\2.14\manifest.json c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\background.html c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\content.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\eZipl.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\lsdb.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\bgdpklooffbcffgaedjkaekakfkpgmak\2.14\manifest.json c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\background.html c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\content.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\lsdb.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\manifest.json c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\106\WR_hWjMJZS1F.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\background.html c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\content.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\FODjWwB0Q.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\lsdb.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jdgjflcgdmknjlhoniocohididcnodof\2.14\manifest.json c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\background.html c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\content.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\lsdb.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\manifest.json c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\newtab.html c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\jgpkoeimeohmklglgekpoffibjmmcjij\2.1\wTyaYaDvtkj.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\background.html c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\content.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\H6w7ndI6DANL.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\lsdb.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\manifest.json c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\mfeeblhkgkdkklmejjleemakllnficib\2.1\newtab.html c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\background.html c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\content.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\DklbnPEj.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\lsdb.js c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\manifest.json c:\users\Privat\AppData\Local\Torch\User Data\Default\Extensions\nbhipompgkickajjkeoahffanickliji\2.1\newtab.html . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_WINISOCDBUS -------\Service_WinisoCDBus . . ((((((((((((((((((((((( Dateien erstellt von 2014-07-12 bis 2014-08-12 )))))))))))))))))))))))))))))) . . 2014-08-12 19:57 . 2014-08-12 20:00 -------- d-----w- c:\users\Privat\AppData\Local\temp 2014-08-12 19:57 . 2014-08-12 19:57 -------- d-----w- c:\users\Krystina\AppData\Local\temp 2014-08-12 19:25 . 2014-08-12 19:25 -------- d-----w- c:\program files\VS Revo Group 2014-08-12 19:22 . 2014-08-12 19:22 10594416 ----a-w- c:\program files\Mozilla Firefox\icudt52.dll 2014-08-12 19:22 . 2014-08-12 19:22 1022576 ----a-w- c:\program files\Mozilla Firefox\icuin52.dll 2014-08-12 19:22 . 2014-08-12 19:22 822384 ----a-w- c:\program files\Mozilla Firefox\icuuc52.dll 2014-08-12 16:49 . 2014-08-12 19:33 -------- d-----w- C:\FRST 2014-08-11 21:35 . 2014-08-11 21:35 -------- d-----w- c:\windows\ELAMBKUP 2014-08-11 21:34 . 2014-08-11 21:56 94304 ----a-w- c:\windows\system32\drivers\klflt.sys 2014-08-11 21:33 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2014-08-11 21:33 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2014-08-11 21:33 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2014-08-11 21:33 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2014-08-11 21:33 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2014-08-11 20:53 . 2014-08-12 19:59 -------- d-----w- c:\programdata\Kaspersky Lab 2014-08-11 20:53 . 2014-08-11 21:34 -------- d-----w- c:\program files\Kaspersky Lab 2014-08-11 20:15 . 2013-09-20 08:49 18968 ----a-w- c:\windows\system32\sdnclean.exe 2014-08-11 20:15 . 2014-08-11 20:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2014-08-11 20:15 . 2014-08-11 20:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2014-08-11 19:55 . 2014-08-11 19:55 -------- d-----w- c:\programdata\Logs 2014-08-08 23:08 . 2014-08-11 19:07 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-08 23:08 . 2014-08-08 23:08 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware 2014-08-08 23:08 . 2014-08-08 23:08 -------- d-----w- c:\programdata\Malwarebytes 2014-08-08 23:08 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-08 23:08 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-08 23:08 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-08 23:02 . 2014-08-08 23:02 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-08-08 23:02 . 2014-08-08 23:02 43152 ----a-w- c:\windows\avastSS.scr 2014-08-08 20:45 . 2014-08-08 20:45 -------- d-----w- C:\EEK 2014-08-08 20:30 . 2014-08-08 20:30 -------- d-----w- C:\Quarantine 2014-08-08 20:05 . 2014-08-08 20:06 -------- d-----w- c:\program files\stinger 2014-08-08 20:01 . 2014-08-08 20:01 -------- d-----w- c:\users\Privat\AppData\Local\Macromedia 2014-08-08 19:49 . 2014-08-08 19:49 -------- d-----w- c:\users\Privat\AppData\Roaming\TeamViewer . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-11 21:56 . 2013-10-17 13:47 25184 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2014-08-11 21:56 . 2013-10-17 13:47 135776 ----a-w- c:\windows\system32\drivers\kl1.sys 2014-08-11 21:56 . 2013-06-06 15:38 144992 ----a-w- c:\windows\system32\drivers\kneps.sys 2014-08-11 20:03 . 2013-11-29 17:46 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-08-08 23:02 . 2014-01-15 09:54 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-08-08 23:02 . 2013-11-29 17:46 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-08-08 23:02 . 2013-11-29 17:46 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-08-08 23:02 . 2013-11-29 17:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-08-08 23:02 . 2013-11-29 17:46 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-08-08 23:02 . 2013-11-29 17:46 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-08-08 23:02 . 2013-11-29 17:46 276432 ----a-w- c:\windows\system32\aswBoot.exe 2014-08-08 20:37 . 2012-06-13 20:27 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-08-08 20:37 . 2012-06-13 20:27 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-05-29 15:12 . 2014-05-29 15:12 86528 ----a-w- c:\windows\system32\iesysprep.dll 2014-05-29 15:12 . 2014-05-29 15:12 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-05-29 15:12 . 2014-05-29 15:12 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-05-29 15:12 . 2014-05-29 15:12 74752 ----a-w- c:\windows\system32\iesetup.dll 2014-05-29 15:12 . 2014-05-29 15:12 63488 ----a-w- c:\windows\system32\tdc.ocx 2014-05-29 15:12 . 2014-05-29 15:12 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-05-29 15:12 . 2014-05-29 15:12 421376 ----a-w- c:\windows\system32\vbscript.dll 2014-05-29 15:12 . 2014-05-29 15:12 367104 ----a-w- c:\windows\system32\html.iec 2014-05-29 15:12 . 2014-05-29 15:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-29 15:12 . 2014-05-29 15:12 23552 ----a-w- c:\windows\system32\licmgr10.dll 2014-05-29 15:12 . 2014-05-29 15:12 1806848 ----a-w- c:\windows\system32\jscript9.dll 2014-05-29 15:12 . 2014-05-29 15:12 161792 ----a-w- c:\windows\system32\msls31.dll 2014-05-29 15:12 . 2014-05-29 15:12 152064 ----a-w- c:\windows\system32\wextract.exe 2014-05-29 15:12 . 2014-05-29 15:12 150528 ----a-w- c:\windows\system32\iexpress.exe 2014-05-29 15:12 . 2014-05-29 15:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2014-05-29 15:12 . 2014-05-29 15:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2014-05-29 15:12 . 2014-05-29 15:12 11776 ----a-w- c:\windows\system32\mshta.exe 2014-05-29 15:12 . 2014-05-29 15:12 1129472 ----a-w- c:\windows\system32\wininet.dll 2014-05-29 15:12 . 2014-05-29 15:12 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2014-05-29 15:12 . 2014-05-29 15:12 101888 ----a-w- c:\windows\system32\admparse.dll 2014-05-29 15:12 . 2014-05-29 15:12 35840 ----a-w- c:\windows\system32\imgutil.dll 2014-05-29 15:11 . 2014-05-29 15:11 801792 ----a-w- c:\windows\system32\FntCache.dll 2014-05-29 15:11 . 2014-05-29 15:11 739840 ----a-w- c:\windows\system32\d2d1.dll 2014-05-29 15:11 . 2014-05-29 15:11 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2014-05-29 15:11 . 2014-05-29 15:11 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2014-05-29 15:11 . 2014-05-29 15:11 3181568 ----a-w- c:\windows\system32\mf.dll 2014-05-29 15:11 . 2014-05-29 15:11 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2014-05-29 15:11 . 2014-05-29 15:11 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2014-05-29 15:11 . 2014-05-29 15:11 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2014-05-29 15:11 . 2014-05-29 15:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll 2014-05-29 15:11 . 2014-05-29 15:11 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL 2014-05-29 15:11 . 2014-05-29 15:11 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2014-05-29 15:11 . 2014-05-29 15:11 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll 2014-05-29 15:11 . 2014-05-29 15:11 135168 ----a-w- c:\windows\system32\XpsRasterService.dll 2014-05-29 15:11 . 2014-05-29 15:11 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2014-05-29 15:11 . 2014-05-29 15:11 107520 ----a-w- c:\windows\system32\cdd.dll 2014-05-29 15:11 . 2014-05-29 15:11 1074176 ----a-w- c:\windows\system32\DWrite.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-08-08 23:01 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2014-06-15 202080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760] "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048] "EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-11 4085896] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576] . c:\users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer] 2013-09-11 03:09 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2013-08-29 00:23 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GG] 2014-06-02 16:07 4023360 ----a-w- c:\users\Privat\AppData\Local\GG\Application\gghub.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS] 2006-11-21 12:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcttime.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL] 2011-06-28 08:37 10127976 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2014-05-08 07:51 21444224 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2014-06-15 202080] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192] R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2014-08-07 50200] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696] R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys [2014-08-11 94304] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax86.sys [2014-08-07 22056] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-08-08 779536] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-11 414520] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2013-10-17 25696] S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-14 45024] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-08-11 144992] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-08 24184] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-08 67824] S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-08 71944] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-08-11 25184] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-10-17 25696] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-06-14 17:23 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 20:37] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ mStart Page = about:blank IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Zu Anti-Banner hinzufügen - c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\ FF - prefs.js: browser.search.selectedEngine - DivX Browser Bar DE Customized Web Search FF - prefs.js: keyword.URL - hxxp://trovi.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN57436081810220232&UM=2&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Notify-SDWinLogon - SDWinLogon.dll SafeBoot-CleanHlp SafeBoot-CleanHlp.sys MSConfigStartUp-fixghesj - c:\programdata\fixghesj.dat MSConfigStartUp-se - c:\users\Administrator\AppData\Roaming\SkypEmoticons\SE.exe MSConfigStartUp-THGuard - c:\program files\TrojanHunter 5.5\THGuard.exe MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe MSConfigStartUp-UhokrUbwuy - c:\programdata\UhokrUbwuy.dat MSConfigStartUp-xhcmah - c:\programdata\xhcmah.dat MSConfigStartUp-xndcavzi - c:\programdata\xndcavzi.dat AddRemove-{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1 - c:\program files\Ashampoo\Ashampoo Burning Studio 6 FREE\unins001.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe c:\windows\system32\lxctcoms.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\taskhost.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe c:\users\Privat\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe c:\users\Privat\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe c:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Desktop.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-08-12 22:07:21 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-08-12 20:07 . Vor Suchlauf: 14 Verzeichnis(se), 119.830.609.920 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 120.202.952.704 Bytes frei . - - End Of File - - 9DCD4842D60601F66DA8C5999FAEA7BB A36C5E4F47E84449FF07ED3517B43A31 |
13.08.2014, 19:29 | #7 |
/// the machine /// TB-Ausbilder | Avast - ....durch eine gruppenrichtlinie blockiert Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.08.2014, 22:07 | #8 |
| Avast - ....durch eine gruppenrichtlinie blockiert so bitte schon: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.08.2014 Suchlauf-Zeit: 21:17:53 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.13.06 Rootkit Datenbank: v2014.08.04.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 CPU: x86 Dateisystem: NTFS Benutzer: Privat Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 384973 Verstrichene Zeit: 10 Min, 54 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.ValueApps.A, HKU\S-1-5-21-176602296-3208371113-2143824810-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, In Quarantäne, [ad6d378f6c0f340234938980c1428f71], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 2 PUP.Optional.ValueApps.A, C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\valueApps, In Quarantäne, [c05aab1b3f3c8caadcb4c6f5e41e4ab6], PUP.Optional.ValueApps.A, C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\valueApps\CT3297265, In Quarantäne, [c05aab1b3f3c8caadcb4c6f5e41e4ab6], Dateien: 4 PUP.Optional.Multiplug, C:\ProgramData\saevee on\oLUa.exe, In Quarantäne, [59c1f1d5b5c62412201a7128d52cc13f], PUP.Optional.Multiplug, C:\ProgramData\Searcih-NeewTAb\MY_wzza.exe, In Quarantäne, [071365616219b97d06348a0ff50cc937], PUP.Optional.Trovi.A, C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN57436081810220232&UM=2&q=");), Ersetzt,[52c8fbcbf2890c2adf1d2ad410f40af6] PUP.Optional.Conduit.A, C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\prefs.js, Gut: (), Schlecht: (user_pref("CT3297265.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3297265&octid=CT3297265&ISID=ISID_ID&SearchSource=15&CUI=UN57436081810220232&Lay=1&UM=2\"}");), Ersetzt,[0515b0169edd37ff31acac53d034ab55] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.304 - Report created 13/08/2014 at 22:24:33 # Updated 08/08/2014 by Xplode # Operating System : Windows 7 Ultimate (32 bits) # Username : Privat - PRIVAT-PC # Running from : C:\Users\Privat\Downloads\adwcleaner_3.304.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\SearchProtect Folder Deleted : C:\Users\Privat\Favorites\AGI Folder Deleted : C:\ProgramData\Adblocker Folder Deleted : C:\ProgramData\saave OaN Folder Deleted : C:\ProgramData\saevee on Folder Deleted : C:\ProgramData\Searcch-NewTaab Folder Deleted : C:\ProgramData\Searcih-NeewTAb Folder Deleted : C:\Program Files\Adblocker Folder Deleted : C:\Program Files\saave OaN Folder Deleted : C:\Program Files\saevee on Folder Deleted : C:\Program Files\Searcch-NewTaab Folder Deleted : C:\Program Files\Searcih-NeewTAb Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Administrator\AppData\Local\torch Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Guest\AppData\Local\torch Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch Folder Deleted : C:\Users\Krystina\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Krystina\AppData\Local\torch Folder Deleted : C:\Users\Krystina\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Privat\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Privat\AppData\Local\torch Folder Deleted : C:\Users\Privat\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Privat\AppData\Roaming\pdfforge Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Smartbar Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\ValueApps Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\CT3297265 Folder Deleted : C:\Users\Krystina\AppData\Roaming\Mozilla\Firefox\Profiles\zzv8q9v5.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Extensions\{6dad39c6-f4ac-4984-8e9b-f666269b9eb1} ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297265 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3312523 Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1] Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\OCS Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar Key Deleted : HKLM\Software\Uniblue ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16545 -\\ Mozilla Firefox v31.0 (x86 de) [ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f1tdolai.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch"); Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch"); Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/21&hid=17936351540188775721&lg=EN&cc=DE&l=1&q="); Line Deleted : user_pref("browser.search.order.1", "WebSearch"); Line Deleted : user_pref("browser.search.order.1,S", "WebSearch"); Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch"); Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch"); Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/21&hid=17936351540188775721&lg=EN&cc=DE"); Line Deleted : user_pref("extensions.GU8QvuTGF6_.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...] Line Deleted : user_pref("extensions.Gy4AWk8lbSMf.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...] Line Deleted : user_pref("extensions.aHkHvU0cSjE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...] Line Deleted : user_pref("extensions.cdCZq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...] Line Deleted : user_pref("extensions.mIgwfxBE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...] Line Deleted : user_pref("extensions.rdmekPSun.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...] Line Deleted : user_pref("keyword.URL", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/21&hid=17936351540188775721&lg=EN&cc=DE&l=1&q="); [ File : C:\Users\Krystina\AppData\Roaming\Mozilla\Firefox\Profiles\zzv8q9v5.default\prefs.js ] [ File : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\prefs.js ] Line Deleted : user_pref("CT3297265.FF19Solved", "true"); Line Deleted : user_pref("CT3297265.FirstTime", "true"); Line Deleted : user_pref("CT3297265.FirstTimeFF3", "true"); Line Deleted : user_pref("CT3297265.RestartDialogFirstTime", "false"); Line Deleted : user_pref("CT3297265.RestartDialogShouldDisplay", "false"); Line Deleted : user_pref("CT3297265.UserID", "UN57436081810220232"); Line Deleted : user_pref("CT3297265.addressBarTakeOverEnabledInHidden", "true"); Line Deleted : user_pref("CT3297265.autoDisableScopes", -1); Line Deleted : user_pref("CT3297265.browser.search.defaultthis.engineName", "true"); Line Deleted : user_pref("CT3297265.countryCode", "DE"); Line Deleted : user_pref("CT3297265.defaultSearch", "true"); Line Deleted : user_pref("CT3297265.enableAlerts", "true"); Line Deleted : user_pref("CT3297265.enableFix404ByUser", "TRUE"); Line Deleted : user_pref("CT3297265.enableSearchFromAddressBar", "true"); Line Deleted : user_pref("CT3297265.firstTimeDialogOpened", "true"); Line Deleted : user_pref("CT3297265.fixPageNotFoundError", "true"); Line Deleted : user_pref("CT3297265.fixPageNotFoundErrorByUser", "true"); Line Deleted : user_pref("CT3297265.fixPageNotFoundErrorInHidden", "true"); Line Deleted : user_pref("CT3297265.fixUrls", true); Line Deleted : user_pref("CT3297265.fullUserID", "UN57436081810220232.UP.20130917191347"); Line Deleted : user_pref("CT3297265.installDate", "12/5/2013 16:55:51"); Line Deleted : user_pref("CT3297265.installId", "stub.exe"); Line Deleted : user_pref("CT3297265.installSessionId", "{9599E7CC-9D04-4489-BB32-FC4256F0A6BC}"); Line Deleted : user_pref("CT3297265.installSp", "true"); Line Deleted : user_pref("CT3297265.installType", "conduitnsisintegration"); Line Deleted : user_pref("CT3297265.installUsage", "2013-05-12T18:47:57.0452567+03:00"); Line Deleted : user_pref("CT3297265.installUsageEarly", "2013-05-12T18:47:56.4828251+03:00"); Line Deleted : user_pref("CT3297265.installerVersion", "1.4.2.3"); Line Deleted : user_pref("CT3297265.isCheckedStartAsHidden", true); Line Deleted : user_pref("CT3297265.isFirstTimeToolbarLoading", "false"); Line Deleted : user_pref("CT3297265.keyword", true); Line Deleted : user_pref("CT3297265.lastVersion", "10.33.0.505"); Line Deleted : user_pref("CT3297265.mam_gk_installer_preapproved.enc", "dHJ1ZQ=="); Line Deleted : user_pref("CT3297265.migrateAppsAndComponents", true); Line Deleted : user_pref("CT3297265.missingMachineIdSent", "true"); Line Deleted : user_pref("CT3297265.openThankYouPage", "false"); Line Deleted : user_pref("CT3297265.openUninstallPage", "true"); Line Deleted : user_pref("CT3297265.originalHomepage", "hxxp://www.google.de/"); Line Deleted : user_pref("CT3297265.originalSearchAddressUrl", ""); Line Deleted : user_pref("CT3297265.originalSearchEngine", "Ask.com"); Line Deleted : user_pref("CT3297265.performedDomainChangesMigration", "true"); Line Deleted : user_pref("CT3297265.revertSettingsEnabled", "false"); Line Deleted : user_pref("CT3297265.search.searchAppId", "130102701223206401"); Line Deleted : user_pref("CT3297265.search.searchCount", "2"); Line Deleted : user_pref("CT3297265.searchFromAddressBarEnabledByUser", "true"); Line Deleted : user_pref("CT3297265.searchInNewTabEnabledByUser", "true"); Line Deleted : user_pref("CT3297265.searchInNewTabEnabledInHidden", "true"); Line Deleted : user_pref("CT3297265.searchRevert", "false"); Line Deleted : user_pref("CT3297265.searchSuggestEnabledByUser", "true"); Line Deleted : user_pref("CT3297265.searchUserMode", "2"); Line Deleted : user_pref("CT3297265.serviceLayer_services_Configuration_lastUpdate", "1407960114351"); Line Deleted : user_pref("CT3297265.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1407527441852"); Line Deleted : user_pref("CT3297265.serviceLayer_services_appsMetadata_lastUpdate", "1407960113750"); Line Deleted : user_pref("CT3297265.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1407527441568"); Line Deleted : user_pref("CT3297265.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1368373696609"); Line Deleted : user_pref("CT3297265.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1368373697247"); Line Deleted : user_pref("CT3297265.serviceLayer_services_location_lastUpdate", "1378234817502"); Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.16.2.6_lastUpdate", "1378234817407"); Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.19.2.505_lastUpdate", "1379666522457"); Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380914120980"); Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.20.1.508_lastUpdate", "1389127912284"); Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.23.0.822_lastUpdate", "1397420866844"); Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.29.0.520_lastUpdate", "1401375991569"); Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.31.2.501_lastUpdate", "1407527441707"); Line Deleted : user_pref("CT3297265.serviceLayer_services_login_10.33.0.505_lastUpdate", "1407960113932"); Line Deleted : user_pref("CT3297265.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1407527441680"); Line Deleted : user_pref("CT3297265.serviceLayer_services_searchAPI_lastUpdate", "1407960114199"); Line Deleted : user_pref("CT3297265.serviceLayer_services_serviceMap_lastUpdate", "1407960113757"); Line Deleted : user_pref("CT3297265.serviceLayer_services_toolbarContextMenu_lastUpdate", "1407960113789"); Line Deleted : user_pref("CT3297265.serviceLayer_services_toolbarSettings_lastUpdate", "1407960113631"); Line Deleted : user_pref("CT3297265.serviceLayer_services_translation_lastUpdate", "1407960113773"); Line Deleted : user_pref("CT3297265.settingsINI", true); Line Deleted : user_pref("CT3297265.shouldFirstTimeDialog", "false"); Line Deleted : user_pref("CT3297265.showToolbarPermission", "false"); Line Deleted : user_pref("CT3297265.smartbar.CTID", "CT3297265"); Line Deleted : user_pref("CT3297265.smartbar.Uninstall", "0"); Line Deleted : user_pref("CT3297265.smartbar.homepage", "true"); Line Deleted : user_pref("CT3297265.smartbar.toolbarName", "DivX Browser Bar DE "); Line Deleted : user_pref("CT3297265.startPage", "true"); Line Deleted : user_pref("CT3297265.toolbarBornServerTime", "12-5-2013"); Line Deleted : user_pref("CT3297265.toolbarCurrentServerTime", "13-8-2014"); Line Deleted : user_pref("CT3297265.toolbarLoginClientTime", "Sun May 12 2013 17:48:17 GMT+0200"); Line Deleted : user_pref("CT3297265.versionFromInstaller", "10.16.2.6"); Line Deleted : user_pref("Smartbar.ConduitHomepagesList", ""); Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", ""); Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", ""); Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Line Deleted : user_pref("Smartbar.TBHomepagesList", ""); Line Deleted : user_pref("Smartbar.TBSearchEngineList", ""); Line Deleted : user_pref("Smartbar.TBSearchUrlList", ""); Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3297265"); Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2); Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3297265"); Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3297265&CUI=UN57436081810220232&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3297265&octid=CT3297265&SearchSource[...] Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN57436081810220232&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...] Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3297265"); Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3297265"); Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3297265&CUI=UN57436081810220232&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3297265&octid=CT3297265&SearchSource=61&CUI[...] Line Deleted : user_pref("smartbar.machineId", "R0ZPUMOHE87SUZOIXGRTSRSCBYVFCA83MQZSGDK2ADPFGWYAGCI3F6WGMOA/RPQJ8K0G2KTKNI7FBVSWBGCLAG"); Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3297265&CUI=UN57436081810220232&UM=2&SearchSource=13"); Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN57436081810220232&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329[...] Line Deleted : user_pref("valueApps.CT3297265.mam_gk_currentVersion", "312E31332E302E3137"); Line Deleted : user_pref("valueApps.CT3297265.mam_gk_currentVersion.storedInFile", false); Line Deleted : user_pref("valueApps.CT3297265.mam_gk_migrated_from_ls", "31"); Line Deleted : user_pref("valueApps.CT3297265.mam_gk_migrated_from_ls.storedInFile", false); Line Deleted : user_pref("valueApps.CT3297265.mam_gk_userBornDate", "4E2F41"); Line Deleted : user_pref("valueApps.CT3297265.mam_gk_userBornDate.storedInFile", false); -\\ Google Chrome v35.0.1916.153 ************************* AdwCleaner[R0].txt - [15606 octets] - [13/08/2014 22:04:48] AdwCleaner[S0].txt - [15790 octets] - [13/08/2014 22:24:33] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15851 octets] ########## [/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Ultimate x86 Ran by Privat on 13.08.2014 at 22:34:43,83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{166D820D-915D-47D1-A926-5FECE97F48C0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E10D3CF-AEA7-4A1C-BED2-CC137D173BB6} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Privat\appdata\locallow\boost_interprocess" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13.08.2014 at 22:43:54,44 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014 Ran by Privat (administrator) on PRIVAT-PC on 13-08-2014 22:50:00 Running from C:\Users\Privat\Desktop\Neuer Ordner Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe ( ) C:\Windows\System32\lxctcoms.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE () C:\Program Files\Lexmark 5400 Series\lxctmon.exe (Lexmark International Inc.) C:\Program Files\Lexmark 5400 Series\ezprint.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\TeamViewer_Service.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\TeamViewer_Desktop.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x573D51A2D7E5CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {F792531D-9E64-4113-AB12-FA02C0C3A494} URL = https://www.google.com/search?q={searchTerms} BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: https://www.google.com/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-29] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-08-11] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20] CHR Extension: (Google Drive) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20] CHR Extension: (YouTube) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20] CHR Extension: (Google Search) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20] CHR Extension: (Kaspersky URL Advisor) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-08-12] CHR Extension: (avast! Online Security) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-20] CHR Extension: (Safe Money) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-08-12] CHR Extension: (Virtual Keyboard) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-08-12] CHR Extension: (Google Wallet) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20] CHR Extension: (Gmail) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20] CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-01-20] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO) R2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( ) S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 TeamViewer9; c:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe [4661056 2014-07-02] (TeamViewer GmbH) S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-08-08] (Emsisoft GmbH) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-09] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-09] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-09] () S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-08-08] (Emsisoft GmbH) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-08-11] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-08-11] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-08-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-08-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-08-11] (Kaspersky Lab ZAO) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-13] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] () S3 catchme; \??\C:\Users\Privat\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Windows\ERUNT 2014-08-13 22:33 - 2014-08-13 22:33 - 01016261 _____ (Thisisu) C:\Users\Privat\Downloads\JRT.exe 2014-08-13 22:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-08-13 22:04 - 2014-08-13 22:24 - 00000000 ____D () C:\AdwCleaner 2014-08-12 23:12 - 2014-08-12 23:12 - 00000943 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk 2014-08-12 23:12 - 2014-08-12 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2 2014-08-12 23:11 - 2014-08-12 23:12 - 00000000 ____D () C:\Program Files\PDF Architect 2 2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Privat\Documents\PDF Architect 2 2014-08-12 23:09 - 2014-08-12 23:12 - 00000000 ____D () C:\Program Files\PDFCreator 2014-08-12 23:09 - 2014-08-12 23:09 - 00000949 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\PDF Architect 2 2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2014-08-12 23:09 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-08-12 23:09 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL 2014-08-12 23:09 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL 2014-08-12 23:09 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL 2014-08-12 23:09 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\MSCC2DE.DLL 2014-08-12 22:34 - 2014-08-12 22:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-12 21:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-12 21:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-12 21:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-12 21:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-12 21:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-12 21:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-12 21:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-12 21:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-12 21:38 - 2014-08-12 22:07 - 00000000 ____D () C:\Qoobox 2014-08-12 21:37 - 2014-08-12 22:02 - 00000000 ____D () C:\Windows\erdnt 2014-08-12 21:36 - 2014-08-12 21:36 - 05569662 ____R (Swearware) C:\Users\Privat\Downloads\ComboFix.exe 2014-08-12 21:25 - 2014-08-12 21:25 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-08-12 21:24 - 2014-08-12 21:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Privat\Downloads\revosetup95.exe 2014-08-12 21:21 - 2014-08-13 22:50 - 00000000 ____D () C:\Users\Privat\Desktop\Neuer Ordner 2014-08-12 18:49 - 2014-08-13 22:50 - 00000000 ____D () C:\FRST 2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-08-11 23:34 - 2014-08-11 23:56 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-08-11 23:34 - 2014-08-11 23:56 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-08-11 23:33 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-08-11 23:33 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2014-08-11 23:33 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2014-08-11 23:33 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2014-08-11 23:33 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2014-08-11 22:53 - 2014-08-13 22:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-08-11 22:53 - 2014-08-11 23:34 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan 2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe 2014-08-11 22:15 - 2014-08-11 22:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-11 22:15 - 2014-08-11 22:18 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-08-11 22:15 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2014-08-11 22:12 - 2014-08-11 22:14 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe 2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe 2014-08-09 01:08 - 2014-08-13 21:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-09 01:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-09 01:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 01:08 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe 2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe 2014-08-08 23:53 - 2014-08-09 00:43 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg 2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log 2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk 2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK 2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine 2014-08-08 22:27 - 2014-08-08 22:36 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe 2014-08-08 22:05 - 2014-08-08 22:06 - 00000000 ____D () C:\Program Files\stinger 2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe 2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia 2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini 2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer 2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe 2014-07-30 12:22 - 2014-08-01 09:13 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 22:50 - 2014-08-12 21:21 - 00000000 ____D () C:\Users\Privat\Desktop\Neuer Ordner 2014-08-13 22:50 - 2014-08-12 18:49 - 00000000 ____D () C:\FRST 2014-08-13 22:37 - 2013-05-27 09:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Windows\ERUNT 2014-08-13 22:34 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-13 22:34 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-13 22:33 - 2014-08-13 22:33 - 01016261 _____ (Thisisu) C:\Users\Privat\Downloads\JRT.exe 2014-08-13 22:29 - 2012-06-13 22:11 - 01533212 _____ () C:\Windows\WindowsUpdate.log 2014-08-13 22:26 - 2014-08-11 22:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-08-13 22:26 - 2012-12-29 19:29 - 00116962 _____ () C:\Windows\PFRO.log 2014-08-13 22:26 - 2012-12-29 18:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-08-13 22:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-13 22:26 - 2009-07-14 06:39 - 00123777 _____ () C:\Windows\setupact.log 2014-08-13 22:24 - 2014-08-13 22:04 - 00000000 ____D () C:\AdwCleaner 2014-08-13 22:02 - 2012-12-29 21:09 - 00001093 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-08-13 22:02 - 2012-12-29 21:09 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-13 21:58 - 2014-08-09 01:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 21:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-12 23:12 - 2014-08-12 23:12 - 00000943 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk 2014-08-12 23:12 - 2014-08-12 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2 2014-08-12 23:12 - 2014-08-12 23:11 - 00000000 ____D () C:\Program Files\PDF Architect 2 2014-08-12 23:12 - 2014-08-12 23:09 - 00000000 ____D () C:\Program Files\PDFCreator 2014-08-12 23:12 - 2014-04-14 22:54 - 00000000 ___RD () C:\Users\Privat\Dropbox 2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Privat\Documents\PDF Architect 2 2014-08-12 23:09 - 2014-08-12 23:09 - 00000949 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\PDF Architect 2 2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2014-08-12 22:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-12 22:34 - 2014-08-12 22:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-12 22:34 - 2013-07-03 09:36 - 00000000 ____D () C:\Program Files\Java 2014-08-12 22:30 - 2013-11-25 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-08-12 22:30 - 2012-12-29 21:22 - 00000000 ____D () C:\Program Files\DivX 2014-08-12 22:30 - 2012-12-29 21:20 - 00000000 ____D () C:\ProgramData\DivX 2014-08-12 22:07 - 2014-08-12 21:38 - 00000000 ____D () C:\Qoobox 2014-08-12 22:07 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-08-12 22:07 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-08-12 22:02 - 2014-08-12 21:37 - 00000000 ____D () C:\Windows\erdnt 2014-08-12 22:00 - 2014-04-14 22:50 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Dropbox 2014-08-12 21:59 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-08-12 21:58 - 2009-07-14 04:03 - 37224448 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-08-12 21:58 - 2009-07-14 04:03 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-08-12 21:50 - 2014-06-14 19:09 - 00000000 ____D () C:\ProgramData\TEMP 2014-08-12 21:36 - 2014-08-12 21:36 - 05569662 ____R (Swearware) C:\Users\Privat\Downloads\ComboFix.exe 2014-08-12 21:25 - 2014-08-12 21:25 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-08-12 21:24 - 2014-08-12 21:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Privat\Downloads\revosetup95.exe 2014-08-12 21:22 - 2014-04-20 19:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-11 23:56 - 2014-08-11 23:34 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-08-11 23:56 - 2014-08-11 23:34 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-08-11 23:56 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-08-11 23:56 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-08-11 23:56 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-08-11 23:34 - 2014-08-11 22:53 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-08-11 23:34 - 2012-06-13 22:14 - 01522236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-11 23:33 - 2012-12-29 19:18 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-08-11 22:57 - 2014-03-07 21:07 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-08-11 22:57 - 2014-03-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-11 22:57 - 2012-12-29 21:17 - 00000000 ____D () C:\ProgramData\Skype 2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan 2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe 2014-08-11 22:43 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-11 22:18 - 2014-08-11 22:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-08-11 22:14 - 2014-08-11 22:12 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe 2014-08-11 22:03 - 2013-11-29 19:46 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-11 21:59 - 2013-11-29 19:47 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-11 21:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2014-08-11 21:43 - 2014-06-21 21:04 - 00000000 ____D () C:\ProgramData\AppSnow 2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe 2014-08-11 12:49 - 2012-12-29 21:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\GG 2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-09 01:02 - 2014-01-15 11:54 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-09 01:02 - 2013-11-29 19:46 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-09 00:43 - 2014-08-08 23:53 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg 2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe 2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe 2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log 2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk 2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK 2014-08-08 22:37 - 2012-06-13 22:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-08 22:37 - 2012-06-13 22:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-08 22:36 - 2014-08-08 22:27 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe 2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine 2014-08-08 22:07 - 2014-06-14 19:19 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5 2014-08-08 22:06 - 2014-08-08 22:05 - 00000000 ____D () C:\Program Files\stinger 2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe 2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia 2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini 2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer 2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe 2014-08-08 21:24 - 2014-04-14 22:54 - 00001021 _____ () C:\Users\Privat\Desktop\Dropbox.lnk 2014-08-08 21:24 - 2014-04-14 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-01 09:13 - 2014-07-30 12:22 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp 2014-08-01 09:09 - 2013-03-13 15:21 - 00000000 ____D () C:\Users\Privat\Documents\Briefe Some content of TEMP: ==================== C:\Users\Privat\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu6u0dc.dll C:\Users\Privat\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 11:21 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014 Ran by Privat at 2014-08-13 22:50:33 Running from C:\Users\Privat\Desktop\Neuer Ordner Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC) Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.) GG (HKCU\...\GG) (Version: 11 - GG Network S.A.) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab) Kaspersky Security Scan (Version: 12.0.1.881 - Kaspersky Lab) Hidden Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH) PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden WinISO (HKLM\...\WinISO) (Version: 6.3.0.4722 - WinISO Computing Inc.) WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version: - ) WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-06-2014 19:43:17 Geplanter Prüfpunkt 28-07-2014 08:07:23 Geplanter Prüfpunkt 07-08-2014 09:28:41 Geplanter Prüfpunkt 08-08-2014 23:01:10 avast! antivirus system restore point 11-08-2014 19:58:16 avast! antivirus system restore point 11-08-2014 21:33:01 Windows Update 12-08-2014 19:29:21 Revo Uninstaller's restore point - SkypEmoticons 12-08-2014 21:11:32 Installed PDF Architect 2 View Module ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2014-08-12 21:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {22D86BC8-EA60-4BCD-97D7-94439E6FF99B} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe Task: {41CCEEF2-8660-4EAE-8A60-8075C4508786} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-08] (Adobe Systems Incorporated) Task: {850C1976-76C0-4E93-82EA-9729695A0D05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {AE0A3BD8-C696-45E4-98F5-9B640140218A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {BF2A583E-0C1A-4772-8BDC-128DE97A2365} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: {D6936D74-F0D2-4B87-A6BF-E193BCD06580} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-09] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-09 01:01 - 2014-08-09 01:01 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-08-13 20:59 - 2014-08-13 20:59 - 02797056 _____ () C:\Program Files\AVAST Software\Avast\defs\14081301\algo.dll 2013-01-05 17:28 - 2006-10-18 07:36 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll 2013-01-05 17:28 - 2006-10-18 06:30 - 00032768 _____ () C:\Program Files\Lexmark 5400 Series\ipcmt.dll 2013-01-05 17:28 - 2006-10-18 07:43 - 00012288 _____ () C:\Windows\System32\lxctpmrc.dll 2013-01-05 17:28 - 2006-11-13 05:35 - 00118784 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxctdrpp.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2013-01-05 17:28 - 2006-11-22 11:11 - 00291760 _____ () C:\Program Files\Lexmark 5400 Series\lxctmon.exe 2013-01-05 17:28 - 2006-08-08 16:54 - 00278528 _____ () C:\Program Files\Lexmark 5400 Series\lxctscw.dll 2013-01-05 17:28 - 2006-06-09 03:39 - 00143360 _____ () C:\Program Files\Lexmark 5400 Series\lxctdrec.dll 2013-01-05 17:28 - 2006-05-25 17:20 - 00241664 _____ () C:\Program Files\Lexmark 5400 Series\iptk.dll 2014-08-11 22:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-11 22:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-11 22:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-08-11 22:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2014-08-11 22:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-08-09 01:02 - 2014-08-09 01:02 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2006-08-08 16:58 - 2006-08-08 16:58 - 00692224 _____ () C:\Windows\system32\lxctdrs.dll 2006-08-14 18:17 - 2006-08-14 18:17 - 00065536 _____ () C:\Windows\system32\lxctcaps.dll 2006-05-03 15:31 - 2006-05-03 15:31 - 00061440 _____ () C:\Windows\system32\lxctcnv4.dll 2012-12-29 19:06 - 2004-09-18 09:43 - 00121856 _____ () C:\Program Files\WinRAR\rarext.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: GG => "C:\Users\Privat\AppData\Local\GG\Application\gghub.exe" MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun MSCONFIG\startupreg: LXCTCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-08-12 21:45:23.924 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-12 21:45:23.924 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Percentage of memory in use: 33% Total physical RAM: 3549.12 MB Available physical RAM: 2358.13 MB Total Pagefile: 7096.51 MB Available Pagefile: 5485.34 MB Total Virtual: 2047.88 MB Available Virtual: 1913.32 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.9 GB) (Free:112.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive g: (Bilder & Filme) (Fixed) (Total:100 GB) (Free:81.41 GB) NTFS Drive h: (Volume) (Fixed) (Total:166.02 GB) (Free:46.87 GB) NTFS Drive i: (Volume) (Fixed) (Total:199.74 GB) (Free:49.71 GB) NTFS Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 95B995B9) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=150 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 466 GB) (Disk ID: 11C911C9) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=166 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Viele Grüße Gutealtezeit |
14.08.2014, 13:23 | #9 |
/// the machine /// TB-Ausbilder | Avast - ....durch eine gruppenrichtlinie blockiertESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.08.2014, 14:24 | #10 |
| Avast - ....durch eine gruppenrichtlinie blockiert Werde es wohl leider erst morgen schaffen, da ich seit gestern beruflich unterwegs bin. |
16.08.2014, 10:04 | #11 |
/// the machine /// TB-Ausbilder | Avast - ....durch eine gruppenrichtlinie blockiert ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.08.2014, 20:52 | #12 |
| Avast - ....durch eine gruppenrichtlinie blockiert Hallo, sorry ich bin jetzt fast 1 Woche nicht da zu gekommen sich um meinen Rechner zu kümmern und hoffe wir können jetzt weiter machen. Anbei die benötigten Logs: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=670fdca411c9b84bb2ba5f8f13507f84 # engine=19772 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-08-21 07:28:43 # local_time=2014-08-21 09:28:43 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7600 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 97 7228 22905716 0 0 # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1292 16777213 100 100 7343 40127345 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 42778454 160280514 0 0 # scanned=177695 # found=36 # cleaned=36 # scan_time=4708 sh=AD3EB5C38E33919317F46331E93E669105497F07 ft=1 fh=f28f6a642fe78f79 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Extensions\{6dad39c6-f4ac-4984-8e9b-f666269b9eb1}\ctypes\FirefoxCtype.dll.vir" sh=545537DD6DF32D4ADCA7CD093735EB727CF3B98E ft=1 fh=c14d1e35487b28c7 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default\Extensions\{6dad39c6-f4ac-4984-8e9b-f666269b9eb1}\Plugins\npFirefoxPlugin.dll.vir" sh=6E1AF05E8736A01B06784AC8E182E296F6988930 ft=1 fh=955c114d470cbc4c vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\DivX_Browser_Bar_DE\hktbDivX.dll" sh=D48BE97123B04D44CD11E8A5A7A7EB0E49DA3DD0 ft=1 fh=e6d7e987a7677d06 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\DivX_Browser_Bar_DE\ldrtbDivX.dll" sh=BE144F65AA4ADF3D2100746839B6728914F947AE ft=1 fh=c557c62982098975 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\DivX_Browser_Bar_DE\tbDiv1.dll" sh=C3D54B5C6569F04C9E076AF7D441D6745BB98C4E ft=1 fh=aa1a0cb4f5da8738 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\DivX_Browser_Bar_DE\tbDivX.dll" sh=1B37BEC7610109F594112CFB3D31145270C9B448 ft=1 fh=40977a3eb07e85f1 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\MyAshampoo\hk64tbMyA0.dll" sh=D0ED81A632CE3D57C8B76105DA25F471D47B3E75 ft=1 fh=fc399cefd8e91d81 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\MyAshampoo\hktbMyA0.dll" sh=2AA1E2644D392689B767F9208ABD40C8CF9A0830 ft=1 fh=6a69b43ed4700d25 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\MyAshampoo\ldrtbMyA0.dll" sh=9D2D4D6F4434A89BCEEE7132C24890550E01479C ft=1 fh=2a05e04e6030aaf6 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\MyAshampoo\tbMyA0.dll" sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Krystina\AppData\LocalLow\MyAshampoo\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll" sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OH2PCQ8U\PDFCreator-1_7_3_setup.exe" sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\PDFCreator-1_7_0_setup.exe" sh=5FC37CF3593B0E1813ED9EF2E4770C879BD14276 ft=1 fh=c7322977c9844bd5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Chris-USB\!Sicherung\agnes\Desktop\Softonic-de3.exe" sh=078379F52A32E34A3CBAC7D6CE2AF06084680E86 ft=1 fh=4e25f64989058ae4 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Chris-USB\!Sicherung\Andreas\Desktop\media.player.codec.pack.v3.9.9.setup.exe" sh=525F6675380B7C73089B5C41F6E831656B948F32 ft=1 fh=92c112b62bbd807e vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Chris-USB\!Sicherung\Andreas\Eigene Dateien\driverupdater.exe" sh=3AFB53DDFC81A47E4335B232481F8D3A7469B1E5 ft=1 fh=73b161e50e1ad296 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\ministub.exe" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\Ashampoo_DE\ldrtbAsha.dll" sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\Ashampoo_DE\tbAsha.dll" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\ldrtbDVDV.dll" sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\tbDVDV.dll" sh=0497DEF079C91A14CC54EBDC7E9025BB245B78C0 ft=1 fh=3602d6868b043d08 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\ldrtbpc_0.dll" sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\ldrtbpc_2.dll" sh=B5A8BD03570AD4B64DA1F3B99889A84DC2E8BF18 ft=1 fh=62cf372c5a341a16 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\tbpc_0.dll" sh=32FE0A33D2A8505018E1F6B5F4DD06468B2A3931 ft=1 fh=1a7ec0b34028967e vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\tbpc_1.dll" sh=A48E9D09D891F94FB40BF74B611E1FB95D1ED6A0 ft=1 fh=d6588fdcf23534bf vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\tbpc_2.dll" sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="H:\!Altdaten\Krystina\Lokale Einstellungen\Anwendungsdaten\pc_gear_de\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll" sh=041AC80970175315F820806E4ADC7A209055B969 ft=1 fh=b227b26e3e0b6bfa vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\SoftonicDownloader_fuer_media-player-codec-pack.exe" sh=525F6675380B7C73089B5C41F6E831656B948F32 ft=1 fh=92c112b62bbd807e vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\!EigeneDateien\driverupdater.exe" sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Arnold-Dreambox\!Arnold-USB\Von Arnold-DM 8000\Image\vlc-1.0.0-win32.exe" sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Arnold-Dreambox\Lüfter und Bilder-DM8000\Dream.8000-Neu von Arnold\info von Arnold-DM 8000\Image\vlc-1.0.0-win32.exe" sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Arnold-Dreambox\Lüfter und Bilder-DM8000\Dream.DM-8000 - Bilder\Von Arnold für DM 8000\vlc-1.0.0-win32.exe" sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Arnold-Dreambox\Lüfter und Bilder-DM8000\Dream.DM-8000-Info\!Arnold-USB\Von Arnold-DM 8000\Image\vlc-1.0.0-win32.exe" sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Bilder\Bilder Draembox\Lüfter und Bilder-DM8000\Dream.8000-Neu von Arnold\info von Arnold-DM 8000\Image\vlc-1.0.0-win32.exe" sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Bilder\Bilder Draembox\Lüfter und Bilder-DM8000\Dream.DM-8000 - Bilder\Von Arnold für DM 8000\vlc-1.0.0-win32.exe" sh=67A3DB6815186ED4F07E9B59DDDCE03EEB82EE67 ft=1 fh=ce94d2bbb2c2f0cc vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Bilder\Bilder Draembox\Lüfter und Bilder-DM8000\Dream.DM-8000-Info\!Arnold-USB\Von Arnold-DM 8000\Image\vlc-1.0.0-win32.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 7 Update 65 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (31.0) Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe Kaspersky Lab Kaspersky Internet Security 14.0.0 klwtblfs.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014 Ran by Privat (administrator) on PRIVAT-PC on 21-08-2014 21:45:35 Running from C:\Users\Privat\Desktop\Neuer Ordner Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe ( ) C:\Windows\System32\lxctcoms.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE () C:\Program Files\Lexmark 5400 Series\lxctmon.exe (Lexmark International Inc.) C:\Program Files\Lexmark 5400 Series\ezprint.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Dropbox, Inc.) C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Users\Privat\AppData\Local\temp\TeamViewer\Version9\TeamViewer_Desktop.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [lxctmon.exe] => C:\Program Files\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] () HKLM\...\Run: [Lexmark 5400 Series Fax Server] => C:\Program Files\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] () HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-11] (AVAST Software) HKU\S-1-5-21-176602296-3208371113-2143824810-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632 2014-08-08] (Adobe Systems Incorporated) Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x573D51A2D7E5CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {F792531D-9E64-4113-AB12-FA02C0C3A494} URL = https://www.google.com/search?q={searchTerms} BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\x1ovaugy.default FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: https://www.google.com/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-29] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-08-11] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-08-11] Chrome: ======= CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter} CHR Extension: (Google Docs) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20] CHR Extension: (Google Drive) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20] CHR Extension: (Kaspersky Protection) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-08-15] CHR Extension: (YouTube) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20] CHR Extension: (Google-Suche) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-08-12] CHR Extension: (avast! Online Security) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-20] CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-08-12] CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-08-15] CHR Extension: (Virtual Keyboard) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-08-12] CHR Extension: (Google Wallet) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20] CHR Extension: (Google Mail) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20] CHR Extension: (Anti-Banner) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-08-15] CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-08-15] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO) R2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( ) S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-08-08] (Emsisoft GmbH) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-09] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-09] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-09] () S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-08-08] (Emsisoft GmbH) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-08-11] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-08-11] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-08-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-08-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-08-11] (Kaspersky Lab ZAO) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-13] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] () S3 catchme; \??\C:\Users\Privat\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-21 21:38 - 2014-08-21 21:38 - 00854417 _____ () C:\Users\Privat\Downloads\SecurityCheck.exe 2014-08-21 20:01 - 2014-08-21 20:01 - 00000000 ____D () C:\Program Files\ESET 2014-08-21 19:59 - 2014-08-21 19:59 - 02347384 _____ (ESET) C:\Users\Privat\Downloads\esetsmartinstaller_deu.exe 2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Windows\ERUNT 2014-08-13 22:33 - 2014-08-13 22:33 - 01016261 _____ (Thisisu) C:\Users\Privat\Downloads\JRT.exe 2014-08-13 22:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-08-13 22:04 - 2014-08-13 22:24 - 00000000 ____D () C:\AdwCleaner 2014-08-12 23:12 - 2014-08-12 23:12 - 00000943 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk 2014-08-12 23:12 - 2014-08-12 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2 2014-08-12 23:11 - 2014-08-12 23:12 - 00000000 ____D () C:\Program Files\PDF Architect 2 2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Privat\Documents\PDF Architect 2 2014-08-12 23:09 - 2014-08-12 23:12 - 00000000 ____D () C:\Program Files\PDFCreator 2014-08-12 23:09 - 2014-08-12 23:09 - 00000949 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\PDF Architect 2 2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2014-08-12 23:09 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-08-12 23:09 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL 2014-08-12 23:09 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL 2014-08-12 23:09 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL 2014-08-12 23:09 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\MSCC2DE.DLL 2014-08-12 22:34 - 2014-08-12 22:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-12 21:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-12 21:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-12 21:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-12 21:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-12 21:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-12 21:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-12 21:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-12 21:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-12 21:38 - 2014-08-12 22:07 - 00000000 ____D () C:\Qoobox 2014-08-12 21:37 - 2014-08-12 22:02 - 00000000 ____D () C:\Windows\erdnt 2014-08-12 21:36 - 2014-08-12 21:36 - 05569662 ____R (Swearware) C:\Users\Privat\Downloads\ComboFix.exe 2014-08-12 21:25 - 2014-08-12 21:25 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-08-12 21:24 - 2014-08-12 21:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Privat\Downloads\revosetup95.exe 2014-08-12 21:21 - 2014-08-21 21:45 - 00000000 ____D () C:\Users\Privat\Desktop\Neuer Ordner 2014-08-12 18:49 - 2014-08-21 21:45 - 00000000 ____D () C:\FRST 2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-08-11 23:34 - 2014-08-11 23:56 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-08-11 23:34 - 2014-08-11 23:56 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-08-11 23:33 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-08-11 23:33 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2014-08-11 23:33 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2014-08-11 23:33 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2014-08-11 23:33 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2014-08-11 22:53 - 2014-08-21 21:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-08-11 22:53 - 2014-08-11 23:34 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan 2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe 2014-08-11 22:15 - 2014-08-11 22:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-11 22:15 - 2014-08-11 22:18 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-08-11 22:15 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2014-08-11 22:12 - 2014-08-11 22:14 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe 2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe 2014-08-09 01:08 - 2014-08-13 21:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-09 01:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-09 01:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 01:08 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe 2014-08-09 00:04 - 2014-08-09 00:08 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe 2014-08-08 23:53 - 2014-08-09 00:43 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg 2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log 2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk 2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK 2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine 2014-08-08 22:27 - 2014-08-08 22:36 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe 2014-08-08 22:05 - 2014-08-08 22:06 - 00000000 ____D () C:\Program Files\stinger 2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe 2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia 2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini 2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer 2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe 2014-07-30 12:22 - 2014-08-01 09:13 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-21 21:46 - 2014-08-11 22:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-08-21 21:45 - 2014-08-12 21:21 - 00000000 ____D () C:\Users\Privat\Desktop\Neuer Ordner 2014-08-21 21:45 - 2014-08-12 18:49 - 00000000 ____D () C:\FRST 2014-08-21 21:38 - 2014-08-21 21:38 - 00854417 _____ () C:\Users\Privat\Downloads\SecurityCheck.exe 2014-08-21 21:37 - 2013-05-27 09:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-21 20:01 - 2014-08-21 20:01 - 00000000 ____D () C:\Program Files\ESET 2014-08-21 19:59 - 2014-08-21 19:59 - 02347384 _____ (ESET) C:\Users\Privat\Downloads\esetsmartinstaller_deu.exe 2014-08-21 19:33 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-21 19:33 - 2009-07-14 06:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-21 19:29 - 2012-06-13 22:11 - 01544117 _____ () C:\Windows\WindowsUpdate.log 2014-08-21 19:26 - 2014-04-14 22:54 - 00000000 ___RD () C:\Users\Privat\Dropbox 2014-08-21 19:26 - 2014-04-14 22:50 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Dropbox 2014-08-21 19:25 - 2012-12-29 18:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-08-21 19:25 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-21 19:25 - 2009-07-14 06:39 - 00124001 _____ () C:\Windows\setupact.log 2014-08-15 10:26 - 2014-04-14 22:54 - 00001021 _____ () C:\Users\Privat\Desktop\Dropbox.lnk 2014-08-15 10:26 - 2014-04-14 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-15 10:21 - 2012-12-29 21:18 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Skype 2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Windows\ERUNT 2014-08-13 22:33 - 2014-08-13 22:33 - 01016261 _____ (Thisisu) C:\Users\Privat\Downloads\JRT.exe 2014-08-13 22:26 - 2012-12-29 19:29 - 00116962 _____ () C:\Windows\PFRO.log 2014-08-13 22:24 - 2014-08-13 22:04 - 00000000 ____D () C:\AdwCleaner 2014-08-13 22:02 - 2012-12-29 21:09 - 00001093 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-08-13 22:02 - 2012-12-29 21:09 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-13 21:58 - 2014-08-09 01:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 21:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-12 23:12 - 2014-08-12 23:12 - 00000943 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk 2014-08-12 23:12 - 2014-08-12 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2 2014-08-12 23:12 - 2014-08-12 23:11 - 00000000 ____D () C:\Program Files\PDF Architect 2 2014-08-12 23:12 - 2014-08-12 23:09 - 00000000 ____D () C:\Program Files\PDFCreator 2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Privat\Documents\PDF Architect 2 2014-08-12 23:09 - 2014-08-12 23:09 - 00000949 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\PDF Architect 2 2014-08-12 23:09 - 2014-08-12 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2014-08-12 22:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-12 22:34 - 2014-08-12 22:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-12 22:34 - 2014-08-12 22:34 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-12 22:34 - 2014-08-12 22:34 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-12 22:34 - 2013-07-03 09:36 - 00000000 ____D () C:\Program Files\Java 2014-08-12 22:30 - 2013-11-25 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-08-12 22:30 - 2012-12-29 21:22 - 00000000 ____D () C:\Program Files\DivX 2014-08-12 22:30 - 2012-12-29 21:20 - 00000000 ____D () C:\ProgramData\DivX 2014-08-12 22:07 - 2014-08-12 21:38 - 00000000 ____D () C:\Qoobox 2014-08-12 22:07 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-08-12 22:07 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-08-12 22:02 - 2014-08-12 21:37 - 00000000 ____D () C:\Windows\erdnt 2014-08-12 21:59 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-08-12 21:58 - 2009-07-14 04:03 - 37224448 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-08-12 21:58 - 2009-07-14 04:03 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-08-12 21:58 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-08-12 21:50 - 2014-06-14 19:09 - 00000000 ____D () C:\ProgramData\TEMP 2014-08-12 21:36 - 2014-08-12 21:36 - 05569662 ____R (Swearware) C:\Users\Privat\Downloads\ComboFix.exe 2014-08-12 21:25 - 2014-08-12 21:25 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-08-12 21:24 - 2014-08-12 21:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Privat\Downloads\revosetup95.exe 2014-08-12 21:22 - 2014-04-20 19:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-11 23:56 - 2014-08-11 23:34 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-08-11 23:56 - 2014-08-11 23:34 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-08-11 23:56 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-08-11 23:56 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-08-11 23:56 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-08-11 23:36 - 2014-08-11 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-08-11 23:35 - 2014-08-11 23:35 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-08-11 23:34 - 2014-08-11 22:53 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-08-11 23:34 - 2012-06-13 22:14 - 01522236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-11 23:33 - 2012-12-29 19:18 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-08-11 22:57 - 2014-03-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-11 22:57 - 2012-12-29 21:17 - 00000000 ____D () C:\ProgramData\Skype 2014-08-11 22:53 - 2014-08-11 22:53 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan 2014-08-11 22:48 - 2014-08-11 22:48 - 00416576 _____ (Kaspersky Lab) C:\Users\Privat\Downloads\kaspersky.exe 2014-08-11 22:43 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-11 22:18 - 2014-08-11 22:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-08-11 22:15 - 2014-08-11 22:15 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-08-11 22:15 - 2014-08-11 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-08-11 22:14 - 2014-08-11 22:12 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Privat\Downloads\spybot-2.4.exe 2014-08-11 22:03 - 2013-11-29 19:46 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-11 21:59 - 2013-11-29 19:47 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-11 21:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2014-08-11 21:43 - 2014-06-21 21:04 - 00000000 ____D () C:\ProgramData\AppSnow 2014-08-11 21:18 - 2014-08-11 21:18 - 01366203 _____ () C:\Users\Privat\Downloads\adwcleaner_3.304.exe 2014-08-11 12:49 - 2012-12-29 21:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\GG 2014-08-09 01:08 - 2014-08-09 01:08 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-09 01:08 - 2014-08-09 01:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-09 01:06 - 2014-08-09 01:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-09 01:02 - 2014-08-09 01:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-09 01:02 - 2014-08-09 01:02 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-09 01:02 - 2014-01-15 11:54 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-09 01:02 - 2013-11-29 19:46 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-09 01:02 - 2013-11-29 19:46 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-09 00:43 - 2014-08-08 23:53 - 00007605 _____ () C:\Users\Privat\AppData\Local\Resmon.ResmonCfg 2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe 2014-08-09 00:08 - 2014-08-09 00:04 - 91906368 _____ (AVAST Software) C:\Users\Privat\Downloads\avast_free_antivirus_setup_9_0_2021.exe 2014-08-08 23:40 - 2014-08-08 23:40 - 00017252 _____ () C:\EamClean.log 2014-08-08 22:45 - 2014-08-08 22:45 - 00000546 _____ () C:\Users\Privat\Desktop\Emsisoft Emergency Kit.lnk 2014-08-08 22:45 - 2014-08-08 22:45 - 00000000 ____D () C:\EEK 2014-08-08 22:37 - 2012-06-13 22:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-08 22:37 - 2012-06-13 22:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-08 22:36 - 2014-08-08 22:27 - 198408592 _____ () C:\Users\Privat\Downloads\EmsisoftEmergencyKit.exe 2014-08-08 22:30 - 2014-08-08 22:30 - 00000000 ____D () C:\Quarantine 2014-08-08 22:07 - 2014-06-14 19:19 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5 2014-08-08 22:06 - 2014-08-08 22:05 - 00000000 ____D () C:\Program Files\stinger 2014-08-08 22:02 - 2014-08-08 22:02 - 01101648 _____ () C:\Users\Privat\Downloads\McAfee Labs Stinger 32 Bit - CHIP-Installer.exe 2014-08-08 22:01 - 2014-08-08 22:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\Macromedia 2014-08-08 21:54 - 2014-08-08 21:54 - 00000032 _____ () C:\Windows\system32\thxcfg.ini 2014-08-08 21:49 - 2014-08-08 21:49 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TeamViewer 2014-08-08 21:48 - 2014-08-08 21:48 - 04663368 _____ (TeamViewer) C:\Users\Privat\Desktop\TeamviewerQS_de.exe 2014-08-01 09:13 - 2014-07-30 12:22 - 00000000 ____D () C:\Users\Privat\Documents\Businessplan Philipp 2014-08-01 09:09 - 2013-03-13 15:21 - 00000000 ____D () C:\Users\Privat\Documents\Briefe Some content of TEMP: ==================== C:\Users\Privat\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2itymi.dll C:\Users\Privat\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 11:21 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2014 Ran by Privat at 2014-08-21 21:46:27 Running from C:\Users\Privat\Desktop\Neuer Ordner Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC) Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) GG (HKCU\...\GG) (Version: 11 - GG Network S.A.) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab) Kaspersky Security Scan (Version: 12.0.1.881 - Kaspersky Lab) Hidden Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH) PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden WinISO (HKLM\...\WinISO) (Version: 6.3.0.4722 - WinISO Computing Inc.) WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version: - ) WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-176602296-3208371113-2143824810-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Privat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-06-2014 19:43:17 Geplanter Prüfpunkt 28-07-2014 08:07:23 Geplanter Prüfpunkt 07-08-2014 09:28:41 Geplanter Prüfpunkt 08-08-2014 23:01:10 avast! antivirus system restore point 11-08-2014 19:58:16 avast! antivirus system restore point 11-08-2014 21:33:01 Windows Update 12-08-2014 19:29:21 Revo Uninstaller's restore point - SkypEmoticons 12-08-2014 21:11:32 Installed PDF Architect 2 View Module ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2014-08-12 21:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {22D86BC8-EA60-4BCD-97D7-94439E6FF99B} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe Task: {41CCEEF2-8660-4EAE-8A60-8075C4508786} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-08] (Adobe Systems Incorporated) Task: {850C1976-76C0-4E93-82EA-9729695A0D05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {AE0A3BD8-C696-45E4-98F5-9B640140218A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {BF2A583E-0C1A-4772-8BDC-128DE97A2365} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: {D6936D74-F0D2-4B87-A6BF-E193BCD06580} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-09] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-09 01:01 - 2014-08-09 01:01 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-08-15 09:32 - 2014-08-15 09:32 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081500\algo.dll 2014-08-21 19:26 - 2014-08-21 19:26 - 02800128 _____ () C:\Program Files\AVAST Software\Avast\defs\14082100\algo.dll 2013-01-05 17:28 - 2006-10-18 07:36 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll 2013-01-05 17:28 - 2006-10-18 06:30 - 00032768 _____ () C:\Program Files\Lexmark 5400 Series\ipcmt.dll 2013-01-05 17:28 - 2006-10-18 07:43 - 00012288 _____ () C:\Windows\System32\lxctpmrc.dll 2013-01-05 17:28 - 2006-11-13 05:35 - 00118784 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxctdrpp.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2003-07-11 03:09 - 2003-07-11 03:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll 2013-01-05 17:28 - 2006-11-22 11:11 - 00291760 _____ () C:\Program Files\Lexmark 5400 Series\lxctmon.exe 2013-01-05 17:28 - 2006-08-08 16:54 - 00278528 _____ () C:\Program Files\Lexmark 5400 Series\lxctscw.dll 2013-01-05 17:28 - 2006-06-09 03:39 - 00143360 _____ () C:\Program Files\Lexmark 5400 Series\lxctdrec.dll 2013-01-05 17:28 - 2006-05-25 17:20 - 00241664 _____ () C:\Program Files\Lexmark 5400 Series\iptk.dll 2014-08-09 01:02 - 2014-08-09 01:02 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-08-21 19:26 - 2014-08-21 19:26 - 00043008 _____ () c:\users\privat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2itymi.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Privat\AppData\Roaming\Dropbox\bin\libcef.dll 2014-08-11 22:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-11 22:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-11 22:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2006-08-08 16:58 - 2006-08-08 16:58 - 00692224 _____ () C:\Windows\system32\lxctdrs.dll 2006-08-14 18:17 - 2006-08-14 18:17 - 00065536 _____ () C:\Windows\system32\lxctcaps.dll 2006-05-03 15:31 - 2006-05-03 15:31 - 00061440 _____ () C:\Windows\system32\lxctcnv4.dll 2014-08-11 22:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2014-08-11 22:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-04-20 19:33 - 2014-08-12 21:22 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: GG => "C:\Users\Privat\AppData\Local\GG\Application\gghub.exe" MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun MSCONFIG\startupreg: LXCTCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/15/2014 09:32:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1 Name des fehlerhaften Moduls: TeamViewer_Service.exe, Version: 9.0.29947.0, Zeitstempel: 0x53b3dcf1 Ausnahmecode: 0x40000015 Fehleroffset: 0x0029bc69 ID des fehlerhaften Prozesses: 0xbf4 Startzeit der fehlerhaften Anwendung: 0xTeamViewer_Service.exe0 Pfad der fehlerhaften Anwendung: TeamViewer_Service.exe1 Pfad des fehlerhaften Moduls: TeamViewer_Service.exe2 Berichtskennung: TeamViewer_Service.exe3 System errors: ============= Error: (08/21/2014 08:29:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (08/21/2014 08:28:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (08/21/2014 08:28:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (08/21/2014 08:19:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (08/21/2014 08:19:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (08/21/2014 08:19:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (08/21/2014 08:19:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (08/21/2014 07:28:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/21/2014 07:26:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/21/2014 07:26:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Microsoft Office Sessions: ========================= Error: (08/15/2014 09:32:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: TeamViewer_Service.exe9.0.29947.053b3dcf1TeamViewer_Service.exe9.0.29947.053b3dcf1400000150029bc69bf401cfb85b0d7df43ac:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exec:\users\privat\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe5c760e99-244e-11e4-b720-386077e3971b CodeIntegrity Errors: =================================== Date: 2014-08-12 21:45:23.924 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-12 21:45:23.924 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Percentage of memory in use: 57% Total physical RAM: 3549.12 MB Available physical RAM: 1491.13 MB Total Pagefile: 7096.51 MB Available Pagefile: 4798.02 MB Total Virtual: 2047.88 MB Available Virtual: 1910.39 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.9 GB) (Free:111.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive g: (Bilder & Filme) (Fixed) (Total:100 GB) (Free:81.44 GB) NTFS Drive h: (Volume) (Fixed) (Total:166.02 GB) (Free:46.89 GB) NTFS Drive i: (Volume) (Fixed) (Total:199.74 GB) (Free:49.84 GB) NTFS Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 95B995B9) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=149.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 11C911C9) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=166 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=199.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
22.08.2014, 19:19 | #13 |
/// the machine /// TB-Ausbilder | Avast - ....durch eine gruppenrichtlinie blockiert Java updaten. Windows updaten, da fehlt ein Servicepack!! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |