| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tr/agent.83648 und andere wie TR/Crypt gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.10.2014, 18:57
| #1 |
 |  tr/agent.83648 und andere wie TR/Crypt gefunden Hallo, ich habe Avira meinen PC mal scannen lassen und habe Trojaner und Adware endeckt (mehere), welche jetzt aber alle in Quaranten sind . Trotzdem habe ich immer noch Angst das nicht alles wieder ok ist da bei meinem PC sich öfter Programme sich für kurze Zeit aufhängen . Darum bitte ich hier um Rat da ich Angst habe etwas falsch zu machen . |
|
07.10.2014, 19:11
| #2 |
| /// the machine /// TB-Ausbilder    |  tr/agent.83648 und andere wie TR/Crypt gefunden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
07.10.2014, 20:03
| #3 |
| | tr/agent.83648 und andere wie TR/Crypt gefunden FRST Logfile:
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Tim (administrator) on TIM-PC on 07-10-2014 20:18:05
Running from C:\Users\Tim\Downloads
Loaded Profile: Tim (Available profiles: Tim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.223\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.7\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.112\deploy\LolClient.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-04] (Google Inc.)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [SSync] => C:\Users\Tim\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [OMESupervisor] => C:\Users\Tim\AppData\Local\omesuperv.exe [2239256 2013-12-24] ()
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [OscarEditor] => "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Amazon Cloud Player] => C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [301b5fcf8ce2fab8868e80b6c1f912fe] => "C:\Users\Tim\AppData\Local\Temp\System.exe" .. <===== ATTENTION
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [MK LOL] => "C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe" -auto
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [MKLOL] => "C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe" -auto
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Spotify] => C:\Users\Tim\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-02] (Spotify Ltd)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-02] (Spotify Ltd)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [SCheck] => C:\Users\Tim\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Snoozer] => C:\Users\Tim\AppData\Roaming\Snz\Snz.exe [1620065 2014-09-06] ()
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [DataMgr] => C:\Users\Tim\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-05-20] (HTTO Group, Ltd.)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Intermediate] => C:\Users\Tim\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Sixth] => C:\Users\Tim\AppData\Roaming\Sixth\Sixth.exe [63618 2014-08-19] ()
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Seventh] => C:\Users\Tim\AppData\Roaming\Seventh\Seventh.exe [83648 2014-08-19] ()
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\MountPoints2: {0aa5e12c-1319-11e3-88b2-b0c79a4b80f6} - G:\autorun.exe
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\MountPoints2: {2ee0df5d-db81-11e3-b3f5-d43d7e9a9617} - G:\autorun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [224728 2014-09-29] (Client Connect LTD)
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [181720 2014-09-29] (Client Connect LTD)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41EE424A6361CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=55&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&SSPV=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.fastosearch.info/?pid=1565&r=2014/06/08&hid=12904392686512448467&lg=EN&cc=DE&unqvl=55
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a10918-135&apn_uid=3558326840134419&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=138&itype=a&ver=12521&tm=347&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=1565&r=2014/06/08&hid=12904392686512448467&lg=EN&cc=DE&unqvl=55
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a10918-135&apn_uid=3558326840134419&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=138&itype=a&ver=12521&tm=347&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=1565&r=2014/06/08&hid=12904392686512448467&lg=EN&cc=DE&unqvl=55
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=58&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&q={searchTerms}&SSPV=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=58&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=B66B00873155B06F&affID=119357&tsp=4960
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a10918-135&apn_uid=3558326840134419&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=138&itype=a&ver=12521&tm=347&src=ds&p={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=1565&r=2014/06/08&hid=12904392686512448467&lg=EN&cc=DE&unqvl=55
BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Movies Toolbar (Dist. by Somoto Ltd.) -> {3444c3c5-6c56-4a16-a453-832b05bf6ea4} -> C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll No File
BHO-x32: DealPly Shopping -> {3728ba43-f94f-42a4-9e8d-00b930d1db28} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=55&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&SSPV=
FF SelectedSearchEngine: Trovi search
FF DefaultSearchEngine: FBDownloader Search
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p14_serp_ff_de_display?ie=UTF8&tagbase=bds-p14&tag=bds-p14-serp-de-ff-21&tbrId=v1_abb-channel-14_824b8ec2eec444daa4e1bb35160161a6_16_37_20130721_DE_ff_ab_&query=
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\BitGuard.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\search.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\WebSearch.xml
FF Extension: LyricsFolder - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\116 [2013-06-21]
FF Extension: LyricsWoofer - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\122 [2013-07-15]
FF Extension: LyricsWoofer - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\128 [2013-08-18]
FF Extension: LyricsFolder - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\130 [2013-08-26]
FF Extension: Feven 1.5 - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com [2013-11-20]
FF Extension: Amazon Browser Bar - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\abb@amazon.com [2013-07-21]
FF Extension: Avira Savings Advisor - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\ciuvo-extension@avira.de [2014-01-23]
FF Extension: Shopping-Chip - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\oaxqtmb3ecp@si-iyr.edu [2013-12-20]
FF Extension: Yahoo! Toolbar - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-09-02]
FF Extension: DealPly Shopping - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\{d4a5fd5b-2243-4a66-9f96-9e488a2a4147} [2013-06-20]
FF Extension: OfferMosquito - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\om@offermosquito.com.xpi [2013-12-19]
FF Extension: WebCake - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\plugin@getwebcake.com.xpi [2013-08-24]
FF Extension: Simple New Tab - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-06-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{c052547f-f958-4865-852b-1a05276bead4}] - C:\Program Files (x86)\LyricsFolder\130.xpi
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-02-05]
CHR Extension: (Avira Sparberater) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-01-24]
CHR Extension: (OfferMosquito) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk [2013-12-28]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaaimdcedbpbcjjbbnfcbbjcngmomic] - C:\Users\Tim\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx [2013-08-19]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCake\WebCakeLayers.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [lmgddjncmooacfihfmikfohkldcjjgml] - C:\Program Files (x86)\LyricsFolder\130.crx [2013-12-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-24] (Perfect World Entertainment Inc)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-11-05] () [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3014616 2014-09-29] (Client Connect LTD)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4868640 2013-08-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-14] ()
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8228240 2012-09-19] (Realtek Semiconductor Corp.)
S1 ajycpdri; \??\C:\Windows\system32\drivers\ajycpdri.sys [X]
S1 ddddhjup; \??\C:\Windows\system32\drivers\ddddhjup.sys [X]
S3 dump_wmimmc; \??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [X]
S1 ebdyyzoi; \??\C:\Windows\system32\drivers\ebdyyzoi.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 fqnirfvl; \??\C:\Windows\system32\drivers\fqnirfvl.sys [X]
S1 gfjkjpfk; \??\C:\Windows\system32\drivers\gfjkjpfk.sys [X]
S1 gkxbvqyo; \??\C:\Windows\system32\drivers\gkxbvqyo.sys [X]
S1 hyptngcc; \??\C:\Windows\system32\drivers\hyptngcc.sys [X]
S1 jwucfrnp; \??\C:\Windows\system32\drivers\jwucfrnp.sys [X]
S1 qmsfutqv; \??\C:\Windows\system32\drivers\qmsfutqv.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S1 tbrbiaza; \??\C:\Windows\system32\drivers\tbrbiaza.sys [X]
S1 tkhaqghs; \??\C:\Windows\system32\drivers\tkhaqghs.sys [X]
S1 toirfogb; \??\C:\Windows\system32\drivers\toirfogb.sys [X]
S1 ufuiaexx; \??\C:\Windows\system32\drivers\ufuiaexx.sys [X]
S1 vcnetjuh; \??\C:\Windows\system32\drivers\vcnetjuh.sys [X]
S1 wrijkzzv; \??\C:\Windows\system32\drivers\wrijkzzv.sys [X]
S1 xivgvwbn; \??\C:\Windows\system32\drivers\xivgvwbn.sys [X]
S1 yacabajr; \??\C:\Windows\system32\drivers\yacabajr.sys [X]
S1 zbfgcayp; \??\C:\Windows\system32\drivers\zbfgcayp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-07 20:18 - 2014-10-07 20:18 - 00032826 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-10-07 20:17 - 2014-10-07 20:18 - 00000000 ____D () C:\FRST
2014-10-07 20:17 - 2014-10-07 20:17 - 02109952 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-10-07 18:12 - 2014-10-07 18:12 - 00000221 _____ () C:\Users\Tim\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
2014-10-07 18:09 - 2014-10-07 18:11 - 00000000 ____D () C:\Users\Tim\Desktop\mw3 hacks
2014-10-06 18:17 - 2014-10-06 18:17 - 00070352 _____ () C:\Users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 18:16 - 2014-10-07 17:04 - 00000336 _____ () C:\Windows\setupact.log
2014-10-06 18:16 - 2014-10-06 18:16 - 00000304 _____ () C:\Windows\PFRO.log
2014-10-06 18:16 - 2014-10-06 18:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-05 21:48 - 2014-10-05 21:59 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Wise Disk Cleaner
2014-10-05 21:48 - 2014-10-05 21:48 - 00001211 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2014-10-05 21:48 - 2014-10-05 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2014-10-05 21:48 - 2014-10-05 21:48 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-10-05 21:35 - 2014-10-05 21:35 - 00000000 ____D () C:\Users\Tim\Documents\FLiNGTrainer
2014-10-05 19:08 - 2014-10-05 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-04 23:30 - 2014-10-06 22:54 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\OBS
2014-10-04 23:30 - 2014-10-04 23:30 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-10-04 23:30 - 2014-10-04 23:30 - 00000000 ____D () C:\Program Files\OBS
2014-10-04 23:29 - 2014-10-04 23:39 - 00000000 ____D () C:\Users\Tim\Desktop\twitch
2014-10-04 20:34 - 2014-10-04 20:34 - 00000000 ____D () C:\Users\Tim\Documents\WB Games
2014-10-04 15:43 - 2014-10-04 15:43 - 00000222 _____ () C:\Users\Tim\Desktop\Middle-earth Shadow of Mordor.url
2014-09-30 19:18 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 19:18 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\StunlockStudios
2014-09-29 21:10 - 2014-09-29 21:10 - 00000000 ____D () C:\Users\Tim\Desktop\hack iss
2014-09-27 12:48 - 2014-09-27 12:48 - 00000222 _____ () C:\Users\Tim\Desktop\Dead Island Epidemic.url
2014-09-24 17:18 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 17:18 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 21:20 - 2014-09-21 21:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\Akamai
2014-09-20 17:04 - 2014-09-20 17:04 - 00000222 _____ () C:\Users\Tim\Desktop\Scribblenauts Unmasked.url
2014-09-15 19:50 - 2014-10-07 17:05 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Seventh
2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Snz
2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Sixth
2014-09-10 22:55 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 22:55 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 22:55 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 22:55 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 22:55 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 22:55 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 22:55 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 22:55 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 22:55 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 22:55 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 22:55 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 22:55 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 22:55 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 22:55 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 22:55 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 22:55 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 22:55 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 22:55 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 22:55 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 22:55 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 22:55 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 22:55 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 22:55 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 22:55 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 22:55 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 22:55 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 22:55 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 22:55 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 22:55 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 22:55 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 22:55 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 22:55 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 22:55 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 22:55 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 22:55 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 22:55 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 22:55 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 22:55 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 22:55 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 22:55 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 22:55 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 22:55 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 22:55 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 22:55 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 22:55 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 22:55 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 22:55 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 22:55 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 22:55 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 22:55 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 22:55 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 22:55 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 22:55 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 22:55 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 22:55 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 22:55 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:36 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:36 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 14:26 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:26 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:26 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:26 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 14:25 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:25 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:25 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:25 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:25 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-08 11:23 - 2014-09-08 11:23 - 00000000 ____D () C:\Users\Tim\AppData\Local\onlysearch
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-07 20:14 - 2013-06-04 21:51 - 01948791 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 19:59 - 2013-06-04 22:21 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2014-10-07 19:52 - 2013-06-17 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-07 19:31 - 2013-06-04 22:50 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000UA.job
2014-10-07 19:23 - 2014-07-18 22:58 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Spotify
2014-10-07 19:23 - 2013-06-04 22:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-07 17:13 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 17:13 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 17:05 - 2014-01-05 13:32 - 00000000 ____D () C:\Users\Tim\AppData\Local\LogMeIn Hamachi
2014-10-07 17:04 - 2013-06-05 15:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-07 17:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 18:19 - 2014-07-18 22:58 - 00000000 ____D () C:\Users\Tim\AppData\Local\Spotify
2014-10-05 21:56 - 2014-07-04 21:32 - 00000000 ____D () C:\Users\Tim\Tracing
2014-10-05 21:54 - 2014-02-05 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles
2014-10-05 21:54 - 2013-12-07 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-05 21:54 - 2013-11-05 21:03 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-10-05 21:54 - 2013-11-01 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher
2014-10-05 21:54 - 2013-09-21 20:18 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-10-05 21:54 - 2013-09-09 20:22 - 00000000 ____D () C:\Users\Tim\AppData\Local\CrashDumps
2014-10-05 21:54 - 2013-06-20 16:10 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2014-10-05 21:54 - 2013-06-04 22:45 - 00000000 ____D () C:\Windows\Panther
2014-10-05 21:35 - 2014-08-07 23:43 - 00000000 ____D () C:\Users\Tim\Desktop\saveedit_r237
2014-10-05 19:08 - 2014-03-16 01:38 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-05 19:08 - 2013-06-04 22:41 - 00000000 ____D () C:\ProgramData\Skype
2014-10-05 19:08 - 2013-05-06 18:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-04 16:31 - 2013-06-04 22:50 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000Core.job
2014-10-04 15:43 - 2014-06-14 22:58 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-02 16:43 - 2014-07-20 18:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-10-02 16:36 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-29 21:09 - 2014-06-03 18:40 - 00123392 ___SH () C:\Users\Tim\Desktop\Thumbs.db
2014-09-26 23:36 - 2013-08-01 22:17 - 00000000 ____D () C:\ProgramData\Origin
2014-09-26 20:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 18:35 - 2013-10-29 15:24 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-09-26 17:45 - 2014-03-13 15:13 - 00001185 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-09-26 17:33 - 2013-08-01 22:17 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-23 20:52 - 2013-06-17 18:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 20:52 - 2013-06-17 18:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 20:52 - 2013-06-17 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 12:54 - 2014-07-29 22:03 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\.minecraft
2014-09-15 16:13 - 2013-06-05 15:36 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\SCheck
2014-09-15 16:13 - 2013-06-05 15:36 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Intermediate
2014-09-15 16:13 - 2013-06-05 15:36 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DataMgr
2014-09-10 22:54 - 2013-06-04 23:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 22:54 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 22:54 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 22:53 - 2013-06-04 22:59 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-10 22:53 - 2013-06-04 22:56 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 22:53 - 2009-07-14 07:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 22:52 - 2013-08-15 22:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:52 - 2013-06-04 22:56 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 22:52 - 2013-06-04 22:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 22:37 - 2013-06-08 12:45 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 22:36 - 2014-05-06 23:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 14:05 - 2013-10-04 16:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 14:04 - 2014-09-05 15:56 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 14:04 - 2014-01-23 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 14:04 - 2014-01-23 21:39 - 00000000 ____D () C:\Program Files (x86)\Avira
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2014-03-23 01:42] - [2011-08-19 17:39] - 2388992 ____A (Microsoft Corporation) 7A688948605A6E4261653E2B4D87F0B2
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-26 20:14
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Tim at 2014-10-07 20:18:36
Running from C:\Users\Tim\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
Amazon Browser Settings (HKLM-x32\...\Amazon Browser Settings) (Version: 3.0 - Amazon)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Divinity II - Ego Draconis (HKLM-x32\...\Divinity II - Ego Draconis_is1) (Version: - dtp)
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - )
Duel of Champions (HKLM-x32\...\MMDoC-PDCLive) (Version: - Ubisoft)
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FileZilla Client 3.8.1 (HKCU\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
FreeFixer (HKLM-x32\...\FreeFixer1.11) (Version: 1.11 - Kephyr)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Goodbye Deponia Demo (HKLM-x32\...\Steam App 262880) (Version: - Daedalic Entertainment)
Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.76 - Google Inc.)
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.1.0.0 - Infernum Productions AG)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025F0}) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 51 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
MK LOL (HKCU\...\MK LOL) (Version: - )
Mouse Editor (HKLM-x32\...\InstallShield_{3A4218DE-B9DB-4AD5-9DB2-5853D3AA0335}) (Version: 12.08.0006 - Ihr Firmenname)
MOUSE Editor (x32 Version: 12.08.0006 - Ihr Firmenname) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movies Toolbar for Chrome (Dist. by Somoto Ltd.) (HKLM-x32\...\somotomoviestoolbar1CR) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Movies Toolbar for Internet Explorer (Dist. by Somoto Ltd.) (HKLM-x32\...\somotomoviestoolbar1IE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 24.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 de)) (Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.2.0 - Electronic Arts)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Scribblenauts Unmasked (HKLM-x32\...\Steam App 249870) (Version: - 5th Cell Media)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.25.52 - Client Connect LTD) <==== ATTENTION
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2326.4 - Hi-Rez Studios)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SW-Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}) (Version: - Certified Publisher) <==== ATTENTION
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tamagotchi Simulator 2.5 (HKLM-x32\...\TamagotchiSimulator2.5) (Version: - )
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Final Hours Of Mass Effect 3 (HKLM-x32\...\com.TheFinalHoursOfMassEffect3) (Version: 1.0 - UNKNOWN)
The Final Hours Of Mass Effect 3 (x32 Version: 1.0 - UNKNOWN) Hidden
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.7.2 - Electronic Arts)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.4 - Ubisoft)
Trials Evolution Gold Edition (x32 Version: 1.0.0.4 - Ubisoft) Hidden
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.8400.10186 - Realtek Semiconductor Corp.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.24 - NCH Software)
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Disk Cleaner 8.31 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
Wizard101(DE) (HKCU\...\Wizard101(DE)_is1) (Version: - Gameforge 4D GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-55065230-3091527404-1719944264-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-55065230-3091527404-1719944264-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-55065230-3091527404-1719944264-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tim\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-55065230-3091527404-1719944264-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tim\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-55065230-3091527404-1719944264-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-55065230-3091527404-1719944264-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tim\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-55065230-3091527404-1719944264-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tim\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-55065230-3091527404-1719944264-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
04-10-2014 13:54:13 Windows Update
05-10-2014 17:00:15 Windows-Sicherung
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {18853759-5267-4956-A2E2-583E0A9D4CBA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3129A4BA-0346-4265-8962-8D4729A9F2DF} - System32\Tasks\Dealply => C:\Users\Tim\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4F258A46-800D-4878-A174-D1C81C579426} - System32\Tasks\EPUpdater => C:\Users\Tim\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {4F7502F1-7C96-4B6F-8BD4-212D745B1096} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {5D7070C9-FE35-4C21-BEE4-6314EF267B7E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {62B05F26-C5F2-4576-B7B9-489DC395ADE7} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: {6D305F0D-0584-4826-905B-63B58C1C77EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000Core => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-04] (Google Inc.)
Task: {8DC2B2D7-EC0D-4AD0-A63C-A77A66DF57F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BD795517-E915-40D9-9365-87880CFDC258} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {DBDDD4A4-A7BD-4943-BF3D-BCC2D2AD2BA7} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {F541D8D9-4086-49E8-A6E4-FCFF84872F21} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000UA => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-04] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Tim\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000Core.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000UA.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-13 17:56 - 2014-06-14 20:12 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-21 20:24 - 2013-03-21 20:24 - 00222368 _____ () C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
2013-06-12 18:11 - 2014-05-20 20:15 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-05-20 20:16 - 2014-09-25 20:20 - 02453496 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.223\deploy\LoLLauncher.exe
2014-09-25 20:20 - 2014-09-25 20:20 - 04081656 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.7\deploy\LoLPatcher.exe
2014-05-20 20:33 - 2014-05-20 20:33 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.112\deploy\LolClient.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-01-17 16:04 - 2014-01-11 12:28 - 00715544 _____ () C:\Users\Tim\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-17 16:04 - 2014-01-11 12:28 - 00100120 _____ () C:\Users\Tim\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-17 16:04 - 2014-01-11 12:29 - 04055320 _____ () C:\Users\Tim\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-17 16:04 - 2014-01-11 12:29 - 00399640 _____ () C:\Users\Tim\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-17 16:04 - 2014-01-11 12:28 - 01634584 _____ () C:\Users\Tim\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2014-09-25 20:20 - 2014-09-25 20:20 - 01636856 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.7\deploy\RiotLauncher.dll
2014-09-10 14:16 - 2014-09-10 14:16 - 42975744 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.7\deploy\libcef.dll
2014-09-10 14:16 - 2014-09-10 14:16 - 01559552 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.7\deploy\icui18n.dll
2014-09-10 14:16 - 2014-09-10 14:16 - 01241088 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.7\deploy\icuuc.dll
2014-09-10 14:16 - 2014-09-10 14:16 - 04945408 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.7\deploy\v8.dll
2014-09-25 20:20 - 2014-09-25 20:20 - 01712640 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.7\deploy\RiotRadsIO.dll
2014-05-20 20:32 - 2014-05-20 20:32 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.112\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-55065230-3091527404-1719944264-500 - Administrator - Disabled)
Gast (S-1-5-21-55065230-3091527404-1719944264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-55065230-3091527404-1719944264-1002 - Limited - Enabled)
Tim (S-1-5-21-55065230-3091527404-1719944264-1000 - Administrator - Enabled) => C:\Users\Tim
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/07/2014 05:04:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/06/2014 06:17:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2014 09:41:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Borderlands2.exe, Version: 1.0.29.41124, Zeitstempel: 0x5395f78a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x53c20006
ID des fehlerhaften Prozesses: 0x1bec
Startzeit der fehlerhaften Anwendung: 0xBorderlands2.exe0
Pfad der fehlerhaften Anwendung: Borderlands2.exe1
Pfad des fehlerhaften Moduls: Borderlands2.exe2
Berichtskennung: Borderlands2.exe3
Error: (10/05/2014 06:48:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2014 11:16:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 03:37:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2014 07:01:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2014 11:14:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/02/2014 04:37:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/01/2014 06:07:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (10/03/2014 11:18:41 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (10/02/2014 04:43:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (10/02/2014 04:37:30 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "TIM-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 25.98.176.28
registriert werden. Der Computer mit IP-Adresse 25.98.34.216 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (10/02/2014 04:37:30 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{A2F42940-56AE-4442-94C0-1D76CEF62EC6} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (10/01/2014 06:14:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (09/29/2014 09:11:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (09/29/2014 08:12:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (09/28/2014 03:11:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (09/26/2014 01:58:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (09/25/2014 08:22:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Microsoft Office Sessions:
=========================
Error: (10/07/2014 05:04:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/06/2014 06:17:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2014 09:41:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Borderlands2.exe1.0.29.411245395f78aunknown0.0.0.000000000c000000553c200061bec01cfe0d41bccb7d5C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exeunknown9844c3e0-4cc7-11e4-b5e8-d43d7e9a9617
Error: (10/05/2014 06:48:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2014 11:16:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 03:37:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2014 07:01:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2014 11:14:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/02/2014 04:37:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/01/2014 06:07:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 16317.39 MB
Available physical RAM: 11814.96 MB
Total Pagefile: 32632.97 MB
Available Pagefile: 28098.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:920.13 GB) (Free:397.31 GB) NTFS
Drive f: (System) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7467C893)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=27)
==================== End Of Log ============================
 |
|
08.10.2014, 12:56
| #4 |
| /// the machine /// TB-Ausbilder | tr/agent.83648 und andere wie TR/Crypt gefunden Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2014, 16:51
| #5 |
| | tr/agent.83648 und andere wie TR/Crypt gefundenCode:
ATTFilter ComboFix 14-10-04.01 - Tim 08.10.2014 17:35:41.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16317.12784 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.css
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.html
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.js
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\programdata\3c203e593f31_c
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\cf66GQnt9.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\GTAx.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\m9Pq4Zi.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\Fa_KEe597.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\r424nLF6.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\cf66GQnt9.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\GTAx.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\m9Pq4Zi.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\Fa_KEe597.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\newtab.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\r424nLF6.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\cf66GQnt9.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjlagginjfknomjllljogocemfdlohd\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\GTAx.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\144\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\m9Pq4Zi.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\geafgdhifneonddmdjidffffbceklekf\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\Fa_KEe597.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfaanlhckpjjaoihijmailfafkceodc\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlllmlbdbfjadalfmkakinfldpknlkd\2.1\r424nLF6.js
c:\users\Tim\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Tim\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Tim\AppData\Local\omesuperv.exe
c:\users\Tim\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Tim\AppData\Local\TempDIR
c:\users\Tim\AppData\Local\TempDIR\Offercast2810_NDV_.exe
c:\users\Tim\AppData\Local\wuauclt.exe
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome.manifest
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\asyncDB.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\background.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\browserAction.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\contextMenu.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\dbManager.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\dom_bg.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\fileManager.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\firefox.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\firefoxNotifications.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\firefoxOmnibox.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\message.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\pageAction.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\request.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\tabs.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\webRequest.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\background.html
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\baseObject.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\browser.xul
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\console.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\consts.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\delegate.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\extensionDataStore.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\folderIOWrapper.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\httpObserver.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\IDBWrapper.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\installer.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\logFile.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\prefs.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\progressListenerObserver.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\registry.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\reloadObserver.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\reports.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\requestObject.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\searchSettings.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\uninstallObserver.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\updateManager.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\utils.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\xhr.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\dialog.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\main.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\options.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\options.xul
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\search_dialog.xul
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\defaults\preferences\prefs.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\manifest.xml
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins.json
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\1_base.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\101_cortica_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\102_dealply_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\103_intext_5_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\105_corticas_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\108_icm_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\116_ads_only_5_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\119_similar_web_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\120_luck_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\129_widdit_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\138_getdeal_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\17_jQuery.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\170_icm1_5_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\182_openUrl.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\189_active_sanity.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\190_pops_5_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\21_debug.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\22_resources.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\28_initializer.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\47_resources_background.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\64_appApiMessage.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\7_hooks.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\72_appApiValidation.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\92_superfish_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\98_omniCommands.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\userCode\background.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\userCode\extension.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\install.rdf
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\locale\en-US\translations.dtd
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button1.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button2.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button3.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button4.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button5.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\crossrider_statusbar.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon128.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon16.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon24.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon48.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\panelarrow-up.png
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\popup.html
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\skin.css
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\update.css
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\oaxqtmb3ecp@si-iyr.edu
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\oaxqtmb3ecp@si-iyr.edu\bootstrap.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\oaxqtmb3ecp@si-iyr.edu\chrome.manifest
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\oaxqtmb3ecp@si-iyr.edu\content\bg.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\oaxqtmb3ecp@si-iyr.edu\install.rdf
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\search.xml
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\trovi-search.xml
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\WebSearch.xml
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CltMngSvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-08 bis 2014-10-08 ))))))))))))))))))))))))))))))
.
.
2014-10-08 15:41 . 2014-10-08 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-08 15:18 . 2014-10-08 15:18 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-10-07 18:17 . 2014-10-07 18:19 -------- d-----w- C:\FRST
2014-10-05 19:48 . 2014-10-05 19:59 -------- d-----w- c:\users\Tim\AppData\Roaming\Wise Disk Cleaner
2014-10-05 19:48 . 2014-10-05 19:48 -------- d-----w- c:\program files (x86)\Wise
2014-10-05 17:08 . 2014-10-05 17:08 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-10-04 21:30 . 2014-10-06 20:54 -------- d-----w- c:\users\Tim\AppData\Roaming\OBS
2014-10-04 21:30 . 2014-10-04 21:30 -------- d-----w- c:\program files\OBS
2014-09-30 17:18 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-30 17:18 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-29 19:13 . 2014-09-29 19:13 -------- d-----w- c:\users\Tim\AppData\Roaming\StunlockStudios
2014-09-24 15:18 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 15:18 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-21 19:20 . 2014-09-21 19:21 -------- d-----w- c:\users\Tim\AppData\Local\Akamai
2014-09-15 17:50 . 2014-10-07 22:01 -------- d-----w- c:\users\Tim\AppData\Roaming\Seventh
2014-09-15 14:13 . 2014-09-15 14:13 -------- d-----w- c:\users\Tim\AppData\Roaming\Sixth
2014-09-15 14:13 . 2014-09-15 14:13 -------- d-----w- c:\users\Tim\AppData\Roaming\Snz
2014-09-10 20:36 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 20:36 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 12:26 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 12:26 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 12:26 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 12:26 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 12:25 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 12:25 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 12:25 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 12:25 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 12:25 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 12:25 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 12:25 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-08 15:24 . 2014-07-14 16:23 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-09-29 06:46 . 2014-09-29 06:46 224728 ----a-w- c:\windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-09-23 18:52 . 2013-06-17 16:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 18:52 . 2013-06-17 16:43 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-10 20:37 . 2013-06-08 10:45 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-06 10:12 . 2014-09-06 10:12 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 02:07 . 2014-09-05 14:16 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-05 14:16 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-09-05 14:16 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-07-27 21:10 . 2014-07-27 21:10 6688 ----a-w- c:\windows\movexe.exe
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 19:52 . 2014-02-18 12:29 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-14 02:02 . 2014-08-13 12:03 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 12:03 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-04 19:21 220632 ----a-w- c:\users\Tim\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-04 19:21 220632 ----a-w- c:\users\Tim\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-04 19:21 220632 ----a-w- c:\users\Tim\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSync"="c:\users\Tim\AppData\Roaming\SSync\SSync.exe" [2013-04-09 36864]
"Amazon Cloud Player"="c:\users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-03-07 3168576]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-09-23 1938112]
"Spotify"="c:\users\Tim\AppData\Roaming\Spotify\Spotify.exe" [2014-10-02 6553144]
"Spotify Web Helper"="c:\users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-02 1514040]
"SCheck"="c:\users\Tim\AppData\Roaming\SCheck\SCheck.exe" [2013-12-09 37376]
"Snoozer"="c:\users\Tim\AppData\Roaming\Snz\Snz.exe" [2014-09-06 1620065]
"DataMgr"="c:\users\Tim\AppData\Roaming\DataMgr\DataMgr.exe" [2013-05-20 168848]
"Intermediate"="c:\users\Tim\AppData\Roaming\Intermediate\Intermediate.exe" [2013-12-09 37376]
"Sixth"="c:\users\Tim\AppData\Roaming\Sixth\Sixth.exe" [2014-08-19 63618]
"Akamai NetSession Interface"="c:\users\Tim\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-06 751184]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-09-04 3802448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R1 ajycpdri;ajycpdri;c:\windows\system32\drivers\ajycpdri.sys;c:\windows\SYSNATIVE\drivers\ajycpdri.sys [x]
R1 ddddhjup;ddddhjup;c:\windows\system32\drivers\ddddhjup.sys;c:\windows\SYSNATIVE\drivers\ddddhjup.sys [x]
R1 ebdyyzoi;ebdyyzoi;c:\windows\system32\drivers\ebdyyzoi.sys;c:\windows\SYSNATIVE\drivers\ebdyyzoi.sys [x]
R1 fqnirfvl;fqnirfvl;c:\windows\system32\drivers\fqnirfvl.sys;c:\windows\SYSNATIVE\drivers\fqnirfvl.sys [x]
R1 gfjkjpfk;gfjkjpfk;c:\windows\system32\drivers\gfjkjpfk.sys;c:\windows\SYSNATIVE\drivers\gfjkjpfk.sys [x]
R1 gkxbvqyo;gkxbvqyo;c:\windows\system32\drivers\gkxbvqyo.sys;c:\windows\SYSNATIVE\drivers\gkxbvqyo.sys [x]
R1 hyptngcc;hyptngcc;c:\windows\system32\drivers\hyptngcc.sys;c:\windows\SYSNATIVE\drivers\hyptngcc.sys [x]
R1 jwucfrnp;jwucfrnp;c:\windows\system32\drivers\jwucfrnp.sys;c:\windows\SYSNATIVE\drivers\jwucfrnp.sys [x]
R1 qmsfutqv;qmsfutqv;c:\windows\system32\drivers\qmsfutqv.sys;c:\windows\SYSNATIVE\drivers\qmsfutqv.sys [x]
R1 tbrbiaza;tbrbiaza;c:\windows\system32\drivers\tbrbiaza.sys;c:\windows\SYSNATIVE\drivers\tbrbiaza.sys [x]
R1 tkhaqghs;tkhaqghs;c:\windows\system32\drivers\tkhaqghs.sys;c:\windows\SYSNATIVE\drivers\tkhaqghs.sys [x]
R1 toirfogb;toirfogb;c:\windows\system32\drivers\toirfogb.sys;c:\windows\SYSNATIVE\drivers\toirfogb.sys [x]
R1 ufuiaexx;ufuiaexx;c:\windows\system32\drivers\ufuiaexx.sys;c:\windows\SYSNATIVE\drivers\ufuiaexx.sys [x]
R1 vcnetjuh;vcnetjuh;c:\windows\system32\drivers\vcnetjuh.sys;c:\windows\SYSNATIVE\drivers\vcnetjuh.sys [x]
R1 wrijkzzv;wrijkzzv;c:\windows\system32\drivers\wrijkzzv.sys;c:\windows\SYSNATIVE\drivers\wrijkzzv.sys [x]
R1 xivgvwbn;xivgvwbn;c:\windows\system32\drivers\xivgvwbn.sys;c:\windows\SYSNATIVE\drivers\xivgvwbn.sys [x]
R1 yacabajr;yacabajr;c:\windows\system32\drivers\yacabajr.sys;c:\windows\SYSNATIVE\drivers\yacabajr.sys [x]
R1 zbfgcayp;zbfgcayp;c:\windows\system32\drivers\zbfgcayp.sys;c:\windows\SYSNATIVE\drivers\zbfgcayp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys;c:\windows\SYSNATIVE\drivers\SPPD.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 rtsuvc;USB Video Device;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-17 18:52]
.
2014-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000Core.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-04 20:49]
.
2014-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000UA.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-04 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-04 19:21 244696 ----a-w- c:\users\Tim\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-04 19:21 244696 ----a-w- c:\users\Tim\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-04 19:21 244696 ----a-w- c:\users\Tim\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=55&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&SSPV=
mDefault_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = hxxp://websearch.fastosearch.info/?pid=1565&r=2014/06/08&hid=12904392686512448467&lg=EN&cc=DE&unqvl=55
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{3728ba43-f94f-42a4-9e8d-00b930d1db28} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-{3444c3c5-6c56-4a16-a453-832b05bf6ea4} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-OMESupervisor - c:\users\Tim\AppData\Local\omesuperv.exe
Wow6432Node-HKCU-Run-OscarEditor - c:\program files (x86)\MOUSE Editor\MouseEditor.exe
Wow6432Node-HKCU-Run-MK LOL - c:\program files (x86)\MKJogo\MK IM\Bin\MKIM.exe
Wow6432Node-HKCU-Run-MKLOL - c:\program files (x86)\MKJogo\MK IM\Bin\MKIM.exe
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - (no file)
Toolbar-10 - (no file)
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Cheat Engine 6.4_is1 - c:\program files (x86)\Cheat Engine 6.4\unins000.exe
AddRemove-Dxtory2.0_is1 - c:\program files (x86)\ExKode\Dxtory2.0\unins000.exe
AddRemove-FreeFixer1.11 - c:\program files\FreeFixer\uninstall.exe
AddRemove-Mozilla Firefox 24.0 (x86 de) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
AddRemove-Open Broadcaster Software - c:\program files (x86)\OBS\uninstall.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\BFH Beta\pbsvc.exe
AddRemove-MK LOL - c:\program files (x86)\MKJogo\MK IM\Bin\uInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,17,8a,3e,a6,9b,a2,4e,a3,83,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,17,8a,3e,a6,9b,a2,4e,a3,83,a8,\
.
[HKEY_USERS\S-1-5-21-55065230-3091527404-1719944264-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-55065230-3091527404-1719944264-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-08 17:49:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-10-08 15:49
.
Vor Suchlauf: 18 Verzeichnis(se), 424.315.080.704 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 423.721.943.040 Bytes frei
.
- - End Of File - - 5B5C7BF2B691EE5E61EC954D95C6730F
A36C5E4F47E84449FF07ED3517B43A31
|
|
09.10.2014, 10:54
| #6 |
| /// the machine /// TB-Ausbilder | tr/agent.83648 und andere wie TR/Crypt gefunden Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> tr/agent.83648 und andere wie TR/Crypt gefunden |
|
09.10.2014, 12:44
| #7 |
| | tr/agent.83648 und andere wie TR/Crypt gefunden Hier schon mal das mdam.txt die restligen Sachen schicke ich ihnen nachher da ich noch kur zur Arbeit muss. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 09.10.2014 Scan Time: 12:58:59 Logfile: asd.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.09.05 Rootkit Database: v2014.10.08.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Tim Scan Type: Threat Scan Result: Completed Objects Scanned: 381233 Time Elapsed: 12 min, 11 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe, 2676, Delete-on-Reboot, [9f0ab0628defdc5a81a787de0004b749] Modules: 0 (No malicious items detected) Registry Keys: 61 PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, Quarantined, [a306e131b9c33cfa845038656c96bf41], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, Quarantined, [a306e131b9c33cfa845038656c96bf41], PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\APPID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}, Quarantined, [43669082fc80b383d0248f42d032cd33], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}, Quarantined, [43669082fc80b383d0248f42d032cd33], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [3a6ff41e7b0182b4e30f2aa75da513ed], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [3a6ff41e7b0182b4e30f2aa75da513ed], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [eebb1cf6c1bb0d297b50ddf5b44e4bb5], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [eebb1cf6c1bb0d297b50ddf5b44e4bb5], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [634652c02c500d29207c455812f0f40c], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [634652c02c500d29207c455812f0f40c], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, Quarantined, [d7d2070b2953ab8b6d86a928a65cb44c], PUP.Optional.Snapdo.T, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [e3c625eda8d43bfba3c800d5b250d42c], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [e3c625eda8d43bfba3c800d5b250d42c], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [49606ba7c1bb8ea802b1acec9d658c74], PUP.Optional.Babylon.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [adfcc64c2f4d42f4c2c2c9cfc240758b], PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [852420f2fb8174c25dd464358f730ef2], PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [852420f2fb8174c25dd464358f730ef2], PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [852420f2fb8174c25dd464358f730ef2], PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}, Quarantined, [4069c052afcd62d47fa76f64f50d6a96], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [793017fb81fb2e084deb01d129d9ec14], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [bcedad651765d95d96a3c60c4ab8b64a], PUP.Optional.Linkey.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [f9b00f0386f6092deff99dfe0df54ab6], PUP.Optional.WebCake.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.AmazonTB.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Updater Service for AMZN, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon Browser Settings, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.DomaIQ.A, HKLM\SOFTWARE\DomaIQ, Quarantined, [6940a2705f1da492e65fcc7fc43fb34d], PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\APPID\WebCakeIEClient.DLL, Quarantined, [abfe18fa017b290d6f1906523aca8878], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [5e4b6da57408b68079cdaac0a55fe61a], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [b9f0b0626f0d999da34252302bd9d12f], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [c7e2e62c5b214ee8e9fbb9c96c98619f], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [614858baccb050e6337c65c6d03313ed], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, Quarantined, [e2c768aa8fed51e50c16d05d8c776898], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [c0e929e94d2f59dd202cda6f04ff9868], PUP.Optional.NationZoom.A, HKLM\SOFTWARE\WOW6432NODE\nationzoomSoftware, Quarantined, [3a6f72a01369082e84370b6305ff28d8], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [e3c6ac66cab27abc02ae50c849ba758b], PUP.Optional.SWBooster.A, HKLM\SOFTWARE\WOW6432NODE\SW-Booster, Quarantined, [c9e0b2602c508ea83525a6814ab9c838], PUP.Optional.SystemK.A, HKLM\SOFTWARE\WOW6432NODE\SystemK, Quarantined, [5a4fc84a7efeef47d4c3908de91a4bb5], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\WebCakeIEClient.DLL, Quarantined, [b4f517fbf08c3402d3b5a8b0f11306fa], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjoijdanhaiflhibkljeklcghcmmfffh, Quarantined, [4762d73b146880b60d82f365ea1abb45], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [d3d6d73b7c002a0cd96d5b0fe123a957], PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [e6c3858d3f3d53e3fd4c8df36c98a55b], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, Quarantined, [901967ab0973af87dc6d211a20e3c040], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [6e3bef23304c76c030f2f52edf2425db], PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27, Quarantined, [2782d73b3a429a9c034b6719fd075ea2], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, Quarantined, [4366898964181323e97ad04e867dbf41], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [5554f919e5976fc715e866f9e02449b7], PUP.Optional.Iminent.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Quarantined, [cadf868c9ce0b086d37a4efb10f31ae6], PUP.Optional.Ividi.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [5c4dde34b3c98caab7fbda6e14ef52ae], PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, Quarantined, [238647cbd2aa76c065b1959b4eb5b64a], PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\somotomoviestoolbar1, Quarantined, [8821b75b98e484b2def358d5c43f02fe], PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\somotomoviestoolbar1, Quarantined, [2188c9494c307abcbf13101d6e9560a0], PUP.Optional.DealPly.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY, Quarantined, [8326ad65334923138e7cadb36c98a45c], PUP.Optional.AlexaTB.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, Quarantined, [24856ea4562684b2cf5780e51ce8e020], PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gbmdkmlcnbapgegninelmjbfibaghdmk, Quarantined, [6f3ad0423a42270fbb5d0c2454afa759], PUP.Optional.InstallCore.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [bbee4fc3c4b8ba7ccb903f099f641fe1], PUP.Optional.InstallCore.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [68414ec48bf1c4725954ef6f29db9f61], PUP.Optional.WebSearchInfo, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [7b2ee929acd0fb3ba131501cc04424dc], PUP.Optional.Softonic.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [7b2e8b87f686c373fc9dce6912f155ab], PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [4564fd15e49852e400508bd9a55fc33d], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [b1f85eb4f08c60d6ce5340e3ef14e020], PUP.Optional.WebPlayer.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WEBPLAYER, Quarantined, [2287c74b423adc5ae30dad74c43fe21e], Registry Values: 11 PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{3444C3C5-6C56-4A16-A453-832B05BF6EA4}, Movies Toolbar (Dist. by Somoto Ltd.), Quarantined, [4069c052afcd62d47fa76f64f50d6a96] PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}, Quarantined, [1198ac66a9d34aec4dd93c97748e8080], PUP.Optional.DataMgr.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DataMgr, "C:\Users\Tim\AppData\Roaming\DataMgr\DataMgr.exe", Quarantined, [5158d73b43395fd7128bd1af38cc7888] PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [783135dd334984b2321f59be8a79768a] PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [9118ec2697e565d143451072867ea25e] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [9f0a967cb4c839fd460b67b00102db25] PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27|svn, SW-Sustainer, Quarantined, [2782d73b3a429a9c034b6719fd075ea2] PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, Quarantined, [4366898964181323e97ad04e867dbf41] PUP.Optional.DealPly.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY|Partner, airi, Quarantined, [8326ad65334923138e7cadb36c98a45c] PUP.Optional.InstallCore.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, Quarantined, [68414ec48bf1c4725954ef6f29db9f61] PUP.Optional.WebPlayer.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WEBPLAYER|AppsHat, 1, Quarantined, [2287c74b423adc5ae30dad74c43fe21e] Registry Data: 7 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[9b0e1cf61765cb6b2a7f28f07293f20e] PUP.Optional.NationZoom.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}),Replaced,[6c3de72b4b310e289d6cda35fb0a6d93] PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://websearch.fastosearch.info/?pid=1565&r=2014/06/08&hid=12904392686512448467&lg=EN&cc=DE&unqvl=55, Good: (www.google.com), Bad: (hxxp://websearch.fastosearch.info/?pid=1565&r=2014/06/08&hid=12904392686512448467&lg=EN&cc=DE&unqvl=55),Replaced,[a702d042c5b762d4fd119679749106fa] PUP.Optional.NationZoom, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}),Replaced,[1396eb27bbc1f83e4aa1f325a75e8f71] PUP.Optional.Trovi.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=55&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&SSPV=, Good: (www.google.com), Bad: (hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=55&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&SSPV=),Replaced,[eabfdb37334969cd22cc2fde3cc9ca36] PUP.Optional.Snapdo, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013, Good: (www.google.com), Bad: (hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013),Replaced,[8029848ec3b978be5cca40d8bc49e11f] PUP.Optional.Snapdo, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013, Good: (www.google.com), Bad: (hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013),Replaced,[941547cb7a0267cf55d2e92f1de87090] Folders: 67 PUP.Optional.WebPlayer.A, C:\Users\Tim\AppData\Local\WebPlayer, Quarantined, [e8c1fd1596e6340241ad71b09271ee12], PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [f9b0c84a99e32a0c6f3bff4516edd828], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Local\Amazon Browser Bar, Quarantined, [0a9f040e681469cd1a0d8fd627dd53ad], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar, Delete-on-Reboot, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.DealPly.A, C:\Users\Tim\AppData\Roaming\Dealply, Quarantined, [fcad1af8473547ef51da578e2ad828d8], PUP.Optional.DealPly.A, C:\Users\Tim\AppData\Roaming\Dealply\UpdateProc, Quarantined, [fcad1af8473547ef51da578e2ad828d8], PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, Quarantined, [ccdd54bebac2da5c10483baa4db5966a], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy\26F90EA5A1B3420FB0393DE4C8C176E2, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy\CE1591B83F5048689DF39A7A635D836F, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy\E34C31C13F8C4CA0B3C77179A0942DAF, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.NextLive.A, C:\Users\Tim\AppData\Roaming\newnext.me, Quarantined, [4a5f888a8af282b4b94df9eef50d7f81], PUP.Optional.NextLive.A, C:\Users\Tim\AppData\Roaming\newnext.me\cache, Quarantined, [4a5f888a8af282b4b94df9eef50d7f81], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\components, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\buttons, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\buttons\sparkline, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\de_DE, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\es_ES, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\fr_FR, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\it_IT, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\ja_JP, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\zh_CN, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\oemdefault, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\defaults, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\defaults\preferences, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\en-US, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\zh-CN, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\META-INF, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bubblebox, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.Datamngr.A, C:\Users\Tim\AppData\LocalLow\DataMngr, Quarantined, [703918fa46365dd9dcd7f0fb857d8e72], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito, Quarantined, [f7b2888add9fd462b8abb63ece347090], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\Local\somotomoviestoolbar1, Quarantined, [0a9f947e88f40b2b79931adc2ed42ad6], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\Local\somotomoviestoolbar1\GC, Quarantined, [0a9f947e88f40b2b79931adc2ed42ad6], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.SearchProtect.A, C:\Users\Tim\AppData\Local\SearchProtect, Quarantined, [4564e0326f0d7bbb38ce6b9060a235cb], PUP.Optional.SearchProtect.A, C:\Users\Tim\AppData\Local\SearchProtect\SearchProtect, Quarantined, [4564e0326f0d7bbb38ce6b9060a235cb], PUP.Optional.SearchProtect.A, C:\Users\Tim\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [4564e0326f0d7bbb38ce6b9060a235cb], PUP.Optional.SWBooster.A, C:\ProgramData\Supersoftware App\SW-Booster, Quarantined, [2b7e29e9fc80d4620edb6d8ef70bf50b], PUP.Optional.MultiPlug.A, C:\ProgramData\save onn, Quarantined, [6049b260e6965bdb2c4f26d6946e01ff], PUP.Optional.SystemSpeedup, C:\Users\Tim\AppData\Roaming\systweak\ssd, Quarantined, [208930e29ce09c9ab95451ad51b1e917], PUP.Optional.OnlySearch, C:\Users\Tim\AppData\Local\onlysearch, Quarantined, [eabfe032fd7fb680f8b147c2de254fb1], PUP.Optional.OnlySearch, C:\Users\Tim\AppData\Local\onlysearch\onlysearch, Quarantined, [eabfe032fd7fb680f8b147c2de254fb1], PUP.Optional.OnlySearch, C:\Users\Tim\AppData\Local\onlysearch\onlysearch\1.3.12.9, Quarantined, [eabfe032fd7fb680f8b147c2de254fb1], PUP.Optional.SearchResultsTB.A, C:\Users\Tim\AppData\LocalLow\searchresultstb, Quarantined, [0d9c09091d5f4aec87598c7e20e3768a], Files: 370 PUP.Optional.SuperSoftwareApp.A, C:\ProgramData\InstallMate\{17264FB8-48C3-4997-AB7C-00E1CCC56D4E}\Custom.dll, Quarantined, [a405b75b96e6ff37dfe61339c43cf808], PUP.Optional.Conduit.A, C:\Users\Tim\AppData\Roaming\OpenCandy\26F90EA5A1B3420FB0393DE4C8C176E2\sp-downloader.exe, Quarantined, [decb54be245834027371b27d6a9733cd], PUP.Optional.Searchprotect, C:\Program Files (x86)\Amazon Browser Bar\search_protect.exe, Quarantined, [0c9db95904785ed89852cc6203fe926e], PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, Quarantined, [3178bf5395e7a39361749906689907f9], PUP.Optional.WebPlayer.A, C:\Users\Tim\AppData\Local\WebPlayer\installer.js, Quarantined, [e8c1fd1596e6340241ad71b09271ee12], PUP.Optional.WebPlayer.A, C:\Users\Tim\AppData\Local\WebPlayer\common.js, Quarantined, [e8c1fd1596e6340241ad71b09271ee12], PUP.Optional.WebPlayer.A, C:\Users\Tim\AppData\Local\WebPlayer\Uninstall.exe, Quarantined, [e8c1fd1596e6340241ad71b09271ee12], PUP.Optional.BitGuard.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\BitGuard.xml, Quarantined, [a504fd15b4c8270f43fba5800300649c], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\Dealply, Quarantined, [10999e74a5d7cc6a3c7bdc49e71c7888], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, Quarantined, [b2f7070bd7a5ea4cc9ee0025ae554fb1], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baodmgdpdoelldjmkhknbolcldnfjegg_0.localstorage, Quarantined, [8b1e16fcc6b621154ec335f754af3bc5], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\om@offermosquito.com.xpi, Quarantined, [5059759d710b14227d9c50e0f70c47b9], PUP.Optional.Iminent.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [6a3fd240df9d181e40ebf141c73cd927], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpfeggemggokijeahnacacopejaabljl_0.localstorage, Quarantined, [3d6c3fd396e658decc44f14a1de651af], PUP.Optional.DefaultSearch.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\default-search.xml, Quarantined, [2b7e4cc66e0e63d3a59d0b308d76fa06], PUP.Optional.Babylon.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\babylon.xml, Quarantined, [aefb2be7a0dcc373415040fdf21148b8], PUP.Optional.WebSearch.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\Web Search.xml, Quarantined, [3079b55d3f3d73c37d1ae15d996ac040], PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [f9b0c84a99e32a0c6f3bff4516edd828], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Local\Amazon Browser Bar\protect.xml, Quarantined, [0a9f040e681469cd1a0d8fd627dd53ad], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.ini, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\installer.xml, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe, Delete-on-Reboot, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\uninstall.exe, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\uninstall.ico, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\uninstall.json, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\update.xml, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\Delta.ico, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\BabMaint.exe, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\BUSolution.dll, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\chu.js, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\enhancedNT.dll, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\GUninstaller.exe, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\SetupParams.ini, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\sqlite3.dll, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.DataMgr.A, C:\Users\Tim\AppData\Roaming\DataMgr\DataMgr.exe, Quarantined, [5158d73b43395fd7128bd1af38cc7888], PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [b2f77e9409731521a1470f7346be50b0], PUP.Optional.DealPly.A, C:\Users\Tim\AppData\Roaming\Dealply\UpdateProc\config.dat, Quarantined, [fcad1af8473547ef51da578e2ad828d8], PUP.Optional.DealPly.A, C:\Users\Tim\AppData\Roaming\Dealply\UpdateProc\TTL.DAT, Quarantined, [fcad1af8473547ef51da578e2ad828d8], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy\CE1591B83F5048689DF39A7A635D836F\TuneUp2014GER1day-de-DE-p4v1.exe, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy\E34C31C13F8C4CA0B3C77179A0942DAF\TuneUpUtilities2013-2200218_de-DE.exe, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.NextLive.A, C:\Users\Tim\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [4a5f888a8af282b4b94df9eef50d7f81], PUP.Optional.NextLive.A, C:\Users\Tim\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [4a5f888a8af282b4b94df9eef50d7f81], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\chrome.manifest, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\install.rdf, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\components\herb.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\components\herb.xpt, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\components\utility.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\components\utility.xpt, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\extensions-4.0.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\about.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\alxtb2ff.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\alxtb2ff.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\Bestseller.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\bestsellers.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\button.css, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\button.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\buttons.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\buttons.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\cba.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\close.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\cs.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\default.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\Department.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\dialogWrapper.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\ellipsis.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\extension-uninstall.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\extensions.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\feedUrls.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\giurls.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\inject_api.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\install.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\install.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\myamazon.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\newreleases.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\option.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\option1.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\option2.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\options.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\overlay.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\overlay.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\product.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\results.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\search.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\searches.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\search_conf.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\toolbar.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\toolbar1.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\buttons\sparkline\sparkline.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Cancel-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\firstrun.css, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\firstrun.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\firstrun.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\firstupdate.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\firstupdate.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Up-Arrow.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\de_DE\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\es_ES\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\fr_FR\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\it_IT\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\ja_JP\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\zh_CN\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\oemdefault\toolbar.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\defaults\preferences\buttons.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\defaults\preferences\install.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\defaults\preferences\preferences.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\en-US\branding.dtd, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\en-US\branding.properties, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\zh-CN\branding.dtd, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\zh-CN\branding.properties, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\META-INF\manifest.mf, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\META-INF\zigbert.rsa, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\META-INF\zigbert.sf, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\hotsearches.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo-down.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\1px-trans.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\a-smile-sm.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\about.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\add.ico, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\ai_bg.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa_internet.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alxtb2ff.css, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonbasket.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazongift.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonheart.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonlogo.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonmusic.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonorders.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonsearch.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonwishlist.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazon_logo_small-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazon_logo_small.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amzn-tb-options-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amzn-tb-options.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\hoturls-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\hoturls.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\icon.ico, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\install.css, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\installed.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\ip-blocked.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\logo-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\logo.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\middot.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\myamazon.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo-up-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo-up.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\star.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\tl.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\tl.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\tl_arrow.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\tr.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\tr.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\twitter-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\twitter-new.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\twitter.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\twitterimdb-new.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\twitterimdb.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\update-arrow-down.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\url.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\wayback-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\wayback.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\wishlist.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\an_amazon_company.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\arrowdown.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\arrowdown_white.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\a_com_border.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bl.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bl.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\blank.htm, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\br.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\br.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\catalog-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\catalog.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\china_comment.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\china_globe.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\close.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\comment.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\default.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\hb.ico, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\hotsearches-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\overlay.css, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\related-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\related.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rss.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\search-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\search-icon.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\search.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\separator.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\shim.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\shim_new.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo-down-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\1.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\2.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\3.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\4.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\6.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\7.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\8.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\9.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\a.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\b.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\c.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\d.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\e.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\f.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\g.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph1.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph10.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph2.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph3.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph4.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph6.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph7.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph8.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph9.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\h.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\x.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\amazonlogo-small.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-0.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-0.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-1.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-1.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-2.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-2.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-3.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-3.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-4.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-4.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-5.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\stars.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault\amazonJQ.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault\amazonlogo.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault\countryMap.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault\DefaultButton.htm, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault\toolbar-sprite-HTML.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bubblebox\description.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bubblebox\img-bublebox-bottom.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bubblebox\img-bublebox-middle.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bubblebox\img-bublebox-top.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\btn-close-over.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\btn-close.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxB.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxL.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxLB.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxLT.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxPK.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxR.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxRB.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxRT.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxRT2.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxT.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\spinner.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\1.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\2.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\3.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\4.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\6.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\7.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\8.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\9.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\a.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\b.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\c.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\d.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\e.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\f.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\x.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.0.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.0.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.1.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.1.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.2.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.2.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.3.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.3.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.4.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.4.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.5.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.unrated.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\write-disabled.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\write-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\write.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\000202.ldb, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\000222.ldb, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\000226.log, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\CURRENT, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOCK, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOG, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOG.old, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\MANIFEST-000224, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\ads.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\contextualClickProcessor.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\country.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\deferredXhr.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\dependencies.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\icon.png, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\main.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\manifest.json, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\ping.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\pingurl.txt, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\rmPopup.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams.json, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sss.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\tracking.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\utils.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams\background.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams\content.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx, Quarantined, [f7b2888add9fd462b8abb63ece347090], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx, Quarantined, [0a9f947e88f40b2b79931adc2ed42ad6], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\apnuserid.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\appid.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\dtx.ini, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\geodata.xml, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\guid.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\preferences.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\setupCfg.xml, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\sysid.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\trackid.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\000005.sst, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\000006.log, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\CURRENT, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\LOCK, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\LOG, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\LOG.old, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\MANIFEST-000004, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.SearchProtect.A, C:\Users\Tim\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [4564e0326f0d7bbb38ce6b9060a235cb], PUP.Optional.SWBooster.A, C:\ProgramData\Supersoftware App\SW-Booster\860614263.ini, Quarantined, [2b7e29e9fc80d4620edb6d8ef70bf50b], PUP.Optional.SystemSpeedup, C:\Users\Tim\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [208930e29ce09c9ab95451ad51b1e917], PUP.Optional.Trovi, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Trovi search");), Replaced,[5b4ef51dd6a6ad8920b080cb778ed32d] PUP.Optional.Trovi.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=55&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&SSPV=");), Replaced,[139651c195e783b3b7a629237491b44c] PUP.Optional.Trovi.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32");), Replaced,[3c6d7b973943d462580683c957aeea16] PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "142763724fa6757dc7a5a39a97b4a000");), Replaced,[6049b0624b31ec4a635b54f82dd88e72] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), Replaced,[6e3b060c1a6224124095e76506fff20e] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), Replaced,[d6d3e52dcbb149ed716479d3be476b95] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Replaced,[b2f7c949f587c57195402f1d4bbab34d] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), Replaced,[beeb43cfb6c63ff79b3a46061ee7b749] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "de");), Replaced,[6445789a0d6f0135a62f99b33fc68b75] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), Replaced,[e8c12fe305777bbbd7fe6ae2c63f5ca4] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), Replaced,[abfe5bb775077abc05d0321ab451a759] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "b66ba37f00000000000000873155b06f");), Replaced,[61488d85621a6ec89144440815f005fb] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15917");), Replaced,[4762ee24a0dcab8be1f495b727dedc24] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), Replaced,[b9f03dd5e5970a2cc90ce3699e67b947] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), Replaced,[7a2f4fc32d4f42f4b61f61eb10f5817f] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), Replaced,[8227dd3581fbff37b91c91bb8184fd03] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), Replaced,[09a06da56c100135cd08c686d431956b] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), Replaced,[6b3edb376418ed4930a52c2014f1639d] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), Replaced,[8c1d26ec304c9f97399cbc9032d37e82] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), Replaced,[1b8e6da593e9e74ff2e34a025fa6ee12] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), Replaced,[bfea26ec324a7bbbc312b29a06ff44bc] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.22.0");), Replaced,[e6c3a969b8c4d165379ef55791746f91] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.22.020:26:43");), Replaced,[199024eedaa2db5bf2e3e3699f66a35d] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.22.0");), Replaced,[6247e62cff7d251118bdf05c897c6b95] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babExt", "");), Replaced,[2c7ddd35c6b6c76fbb1a8bc1a461b947] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4960");), Replaced,[8f1a5db5f08c82b4fadb91bb51b4669a] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.srcExt", "ss");), Replaced,[7336957dc8b48ea8449137157d88e818] Physical Sectors: 0 (No malicious items detected) (end) |
|
09.10.2014, 12:45
| #8 |
| | tr/agent.83648 und andere wie TR/Crypt gefunden Hier schon mal das mdam.txt die restligen Sachen schicke ich ihnen nachher da ich noch kur zur Arbeit muss. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 09.10.2014 Scan Time: 12:58:59 Logfile: asd.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.09.05 Rootkit Database: v2014.10.08.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Tim Scan Type: Threat Scan Result: Completed Objects Scanned: 381233 Time Elapsed: 12 min, 11 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe, 2676, Delete-on-Reboot, [9f0ab0628defdc5a81a787de0004b749] Modules: 0 (No malicious items detected) Registry Keys: 61 PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, Quarantined, [a306e131b9c33cfa845038656c96bf41], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, Quarantined, [a306e131b9c33cfa845038656c96bf41], PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\APPID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}, Quarantined, [43669082fc80b383d0248f42d032cd33], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}, Quarantined, [43669082fc80b383d0248f42d032cd33], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [3a6ff41e7b0182b4e30f2aa75da513ed], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [3a6ff41e7b0182b4e30f2aa75da513ed], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [eebb1cf6c1bb0d297b50ddf5b44e4bb5], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [eebb1cf6c1bb0d297b50ddf5b44e4bb5], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [634652c02c500d29207c455812f0f40c], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [634652c02c500d29207c455812f0f40c], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, Quarantined, [d7d2070b2953ab8b6d86a928a65cb44c], PUP.Optional.Snapdo.T, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [e3c625eda8d43bfba3c800d5b250d42c], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [e3c625eda8d43bfba3c800d5b250d42c], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [49606ba7c1bb8ea802b1acec9d658c74], PUP.Optional.Babylon.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [adfcc64c2f4d42f4c2c2c9cfc240758b], PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [852420f2fb8174c25dd464358f730ef2], PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [852420f2fb8174c25dd464358f730ef2], PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [852420f2fb8174c25dd464358f730ef2], PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}, Quarantined, [4069c052afcd62d47fa76f64f50d6a96], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [793017fb81fb2e084deb01d129d9ec14], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [bcedad651765d95d96a3c60c4ab8b64a], PUP.Optional.Linkey.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [f9b00f0386f6092deff99dfe0df54ab6], PUP.Optional.WebCake.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.AmazonTB.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Updater Service for AMZN, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon Browser Settings, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.DomaIQ.A, HKLM\SOFTWARE\DomaIQ, Quarantined, [6940a2705f1da492e65fcc7fc43fb34d], PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\APPID\WebCakeIEClient.DLL, Quarantined, [abfe18fa017b290d6f1906523aca8878], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [5e4b6da57408b68079cdaac0a55fe61a], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [b9f0b0626f0d999da34252302bd9d12f], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [c7e2e62c5b214ee8e9fbb9c96c98619f], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [614858baccb050e6337c65c6d03313ed], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, Quarantined, [e2c768aa8fed51e50c16d05d8c776898], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [c0e929e94d2f59dd202cda6f04ff9868], PUP.Optional.NationZoom.A, HKLM\SOFTWARE\WOW6432NODE\nationzoomSoftware, Quarantined, [3a6f72a01369082e84370b6305ff28d8], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [e3c6ac66cab27abc02ae50c849ba758b], PUP.Optional.SWBooster.A, HKLM\SOFTWARE\WOW6432NODE\SW-Booster, Quarantined, [c9e0b2602c508ea83525a6814ab9c838], PUP.Optional.SystemK.A, HKLM\SOFTWARE\WOW6432NODE\SystemK, Quarantined, [5a4fc84a7efeef47d4c3908de91a4bb5], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\WebCakeIEClient.DLL, Quarantined, [b4f517fbf08c3402d3b5a8b0f11306fa], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjoijdanhaiflhibkljeklcghcmmfffh, Quarantined, [4762d73b146880b60d82f365ea1abb45], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [d3d6d73b7c002a0cd96d5b0fe123a957], PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [e6c3858d3f3d53e3fd4c8df36c98a55b], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, Quarantined, [901967ab0973af87dc6d211a20e3c040], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [6e3bef23304c76c030f2f52edf2425db], PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27, Quarantined, [2782d73b3a429a9c034b6719fd075ea2], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, Quarantined, [4366898964181323e97ad04e867dbf41], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [5554f919e5976fc715e866f9e02449b7], PUP.Optional.Iminent.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Quarantined, [cadf868c9ce0b086d37a4efb10f31ae6], PUP.Optional.Ividi.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [5c4dde34b3c98caab7fbda6e14ef52ae], PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, Quarantined, [238647cbd2aa76c065b1959b4eb5b64a], PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\somotomoviestoolbar1, Quarantined, [8821b75b98e484b2def358d5c43f02fe], PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\somotomoviestoolbar1, Quarantined, [2188c9494c307abcbf13101d6e9560a0], PUP.Optional.DealPly.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY, Quarantined, [8326ad65334923138e7cadb36c98a45c], PUP.Optional.AlexaTB.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, Quarantined, [24856ea4562684b2cf5780e51ce8e020], PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gbmdkmlcnbapgegninelmjbfibaghdmk, Quarantined, [6f3ad0423a42270fbb5d0c2454afa759], PUP.Optional.InstallCore.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [bbee4fc3c4b8ba7ccb903f099f641fe1], PUP.Optional.InstallCore.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [68414ec48bf1c4725954ef6f29db9f61], PUP.Optional.WebSearchInfo, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [7b2ee929acd0fb3ba131501cc04424dc], PUP.Optional.Softonic.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [7b2e8b87f686c373fc9dce6912f155ab], PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [4564fd15e49852e400508bd9a55fc33d], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [b1f85eb4f08c60d6ce5340e3ef14e020], PUP.Optional.WebPlayer.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WEBPLAYER, Quarantined, [2287c74b423adc5ae30dad74c43fe21e], Registry Values: 11 PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{3444C3C5-6C56-4A16-A453-832B05BF6EA4}, Movies Toolbar (Dist. by Somoto Ltd.), Quarantined, [4069c052afcd62d47fa76f64f50d6a96] PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}, Quarantined, [1198ac66a9d34aec4dd93c97748e8080], PUP.Optional.DataMgr.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DataMgr, "C:\Users\Tim\AppData\Roaming\DataMgr\DataMgr.exe", Quarantined, [5158d73b43395fd7128bd1af38cc7888] PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [783135dd334984b2321f59be8a79768a] PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [9118ec2697e565d143451072867ea25e] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [9f0a967cb4c839fd460b67b00102db25] PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27|svn, SW-Sustainer, Quarantined, [2782d73b3a429a9c034b6719fd075ea2] PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, Quarantined, [4366898964181323e97ad04e867dbf41] PUP.Optional.DealPly.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY|Partner, airi, Quarantined, [8326ad65334923138e7cadb36c98a45c] PUP.Optional.InstallCore.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, Quarantined, [68414ec48bf1c4725954ef6f29db9f61] PUP.Optional.WebPlayer.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WEBPLAYER|AppsHat, 1, Quarantined, [2287c74b423adc5ae30dad74c43fe21e] Registry Data: 7 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[9b0e1cf61765cb6b2a7f28f07293f20e] PUP.Optional.NationZoom.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}),Replaced,[6c3de72b4b310e289d6cda35fb0a6d93] PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://websearch.fastosearch.info/?pid=1565&r=2014/06/08&hid=12904392686512448467&lg=EN&cc=DE&unqvl=55, Good: (www.google.com), Bad: (hxxp://websearch.fastosearch.info/?pid=1565&r=2014/06/08&hid=12904392686512448467&lg=EN&cc=DE&unqvl=55),Replaced,[a702d042c5b762d4fd119679749106fa] PUP.Optional.NationZoom, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.nationzoom.com/web/?type=ds&ts=1386433470&from=smt&uid=TOSHIBAXDT01ACA100_332MLJ0PSXX332MLJ0PSX&q={searchTerms}),Replaced,[1396eb27bbc1f83e4aa1f325a75e8f71] PUP.Optional.Trovi.A, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=55&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&SSPV=, Good: (www.google.com), Bad: (hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=55&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&SSPV=),Replaced,[eabfdb37334969cd22cc2fde3cc9ca36] PUP.Optional.Snapdo, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013, Good: (www.google.com), Bad: (hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013),Replaced,[8029848ec3b978be5cca40d8bc49e11f] PUP.Optional.Snapdo, HKU\S-1-5-21-55065230-3091527404-1719944264-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013, Good: (www.google.com), Bad: (hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b567ea09-1f92-4c71-8aae-d0a160bc4759&searchtype=ds&q={searchTerms}&installDate=19/08/2013),Replaced,[941547cb7a0267cf55d2e92f1de87090] Folders: 67 PUP.Optional.WebPlayer.A, C:\Users\Tim\AppData\Local\WebPlayer, Quarantined, [e8c1fd1596e6340241ad71b09271ee12], PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [f9b0c84a99e32a0c6f3bff4516edd828], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Local\Amazon Browser Bar, Quarantined, [0a9f040e681469cd1a0d8fd627dd53ad], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar, Delete-on-Reboot, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.DealPly.A, C:\Users\Tim\AppData\Roaming\Dealply, Quarantined, [fcad1af8473547ef51da578e2ad828d8], PUP.Optional.DealPly.A, C:\Users\Tim\AppData\Roaming\Dealply\UpdateProc, Quarantined, [fcad1af8473547ef51da578e2ad828d8], PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, Quarantined, [ccdd54bebac2da5c10483baa4db5966a], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy\26F90EA5A1B3420FB0393DE4C8C176E2, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy\CE1591B83F5048689DF39A7A635D836F, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy\E34C31C13F8C4CA0B3C77179A0942DAF, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.NextLive.A, C:\Users\Tim\AppData\Roaming\newnext.me, Quarantined, [4a5f888a8af282b4b94df9eef50d7f81], PUP.Optional.NextLive.A, C:\Users\Tim\AppData\Roaming\newnext.me\cache, Quarantined, [4a5f888a8af282b4b94df9eef50d7f81], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\components, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\buttons, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\buttons\sparkline, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\de_DE, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\es_ES, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\fr_FR, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\it_IT, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\ja_JP, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\zh_CN, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\oemdefault, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\defaults, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\defaults\preferences, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\en-US, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\zh-CN, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\META-INF, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bubblebox, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.Datamngr.A, C:\Users\Tim\AppData\LocalLow\DataMngr, Quarantined, [703918fa46365dd9dcd7f0fb857d8e72], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito, Quarantined, [f7b2888add9fd462b8abb63ece347090], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\Local\somotomoviestoolbar1, Quarantined, [0a9f947e88f40b2b79931adc2ed42ad6], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\Local\somotomoviestoolbar1\GC, Quarantined, [0a9f947e88f40b2b79931adc2ed42ad6], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.SearchProtect.A, C:\Users\Tim\AppData\Local\SearchProtect, Quarantined, [4564e0326f0d7bbb38ce6b9060a235cb], PUP.Optional.SearchProtect.A, C:\Users\Tim\AppData\Local\SearchProtect\SearchProtect, Quarantined, [4564e0326f0d7bbb38ce6b9060a235cb], PUP.Optional.SearchProtect.A, C:\Users\Tim\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [4564e0326f0d7bbb38ce6b9060a235cb], PUP.Optional.SWBooster.A, C:\ProgramData\Supersoftware App\SW-Booster, Quarantined, [2b7e29e9fc80d4620edb6d8ef70bf50b], PUP.Optional.MultiPlug.A, C:\ProgramData\save onn, Quarantined, [6049b260e6965bdb2c4f26d6946e01ff], PUP.Optional.SystemSpeedup, C:\Users\Tim\AppData\Roaming\systweak\ssd, Quarantined, [208930e29ce09c9ab95451ad51b1e917], PUP.Optional.OnlySearch, C:\Users\Tim\AppData\Local\onlysearch, Quarantined, [eabfe032fd7fb680f8b147c2de254fb1], PUP.Optional.OnlySearch, C:\Users\Tim\AppData\Local\onlysearch\onlysearch, Quarantined, [eabfe032fd7fb680f8b147c2de254fb1], PUP.Optional.OnlySearch, C:\Users\Tim\AppData\Local\onlysearch\onlysearch\1.3.12.9, Quarantined, [eabfe032fd7fb680f8b147c2de254fb1], PUP.Optional.SearchResultsTB.A, C:\Users\Tim\AppData\LocalLow\searchresultstb, Quarantined, [0d9c09091d5f4aec87598c7e20e3768a], Files: 370 PUP.Optional.SuperSoftwareApp.A, C:\ProgramData\InstallMate\{17264FB8-48C3-4997-AB7C-00E1CCC56D4E}\Custom.dll, Quarantined, [a405b75b96e6ff37dfe61339c43cf808], PUP.Optional.Conduit.A, C:\Users\Tim\AppData\Roaming\OpenCandy\26F90EA5A1B3420FB0393DE4C8C176E2\sp-downloader.exe, Quarantined, [decb54be245834027371b27d6a9733cd], PUP.Optional.Searchprotect, C:\Program Files (x86)\Amazon Browser Bar\search_protect.exe, Quarantined, [0c9db95904785ed89852cc6203fe926e], PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, Quarantined, [3178bf5395e7a39361749906689907f9], PUP.Optional.WebPlayer.A, C:\Users\Tim\AppData\Local\WebPlayer\installer.js, Quarantined, [e8c1fd1596e6340241ad71b09271ee12], PUP.Optional.WebPlayer.A, C:\Users\Tim\AppData\Local\WebPlayer\common.js, Quarantined, [e8c1fd1596e6340241ad71b09271ee12], PUP.Optional.WebPlayer.A, C:\Users\Tim\AppData\Local\WebPlayer\Uninstall.exe, Quarantined, [e8c1fd1596e6340241ad71b09271ee12], PUP.Optional.BitGuard.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\BitGuard.xml, Quarantined, [a504fd15b4c8270f43fba5800300649c], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\Dealply, Quarantined, [10999e74a5d7cc6a3c7bdc49e71c7888], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, Quarantined, [b2f7070bd7a5ea4cc9ee0025ae554fb1], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baodmgdpdoelldjmkhknbolcldnfjegg_0.localstorage, Quarantined, [8b1e16fcc6b621154ec335f754af3bc5], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\om@offermosquito.com.xpi, Quarantined, [5059759d710b14227d9c50e0f70c47b9], PUP.Optional.Iminent.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [6a3fd240df9d181e40ebf141c73cd927], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpfeggemggokijeahnacacopejaabljl_0.localstorage, Quarantined, [3d6c3fd396e658decc44f14a1de651af], PUP.Optional.DefaultSearch.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\default-search.xml, Quarantined, [2b7e4cc66e0e63d3a59d0b308d76fa06], PUP.Optional.Babylon.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\babylon.xml, Quarantined, [aefb2be7a0dcc373415040fdf21148b8], PUP.Optional.WebSearch.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\Web Search.xml, Quarantined, [3079b55d3f3d73c37d1ae15d996ac040], PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [f9b0c84a99e32a0c6f3bff4516edd828], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll, Quarantined, [8a1fd63c84f830060c81c7910afad62a], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Local\Amazon Browser Bar\protect.xml, Quarantined, [0a9f040e681469cd1a0d8fd627dd53ad], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.ini, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\installer.xml, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe, Delete-on-Reboot, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\uninstall.exe, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\uninstall.ico, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\uninstall.json, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\update.xml, Quarantined, [9f0ab0628defdc5a81a787de0004b749], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\Delta.ico, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\BabMaint.exe, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\BUSolution.dll, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\chu.js, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\enhancedNT.dll, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\GUninstaller.exe, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\SetupParams.ini, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\BabSolution\Shared\sqlite3.dll, Quarantined, [dacf35dd720a52e4fe94df9d35cfe31d], PUP.Optional.DataMgr.A, C:\Users\Tim\AppData\Roaming\DataMgr\DataMgr.exe, Quarantined, [5158d73b43395fd7128bd1af38cc7888], PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [b2f77e9409731521a1470f7346be50b0], PUP.Optional.DealPly.A, C:\Users\Tim\AppData\Roaming\Dealply\UpdateProc\config.dat, Quarantined, [fcad1af8473547ef51da578e2ad828d8], PUP.Optional.DealPly.A, C:\Users\Tim\AppData\Roaming\Dealply\UpdateProc\TTL.DAT, Quarantined, [fcad1af8473547ef51da578e2ad828d8], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy\CE1591B83F5048689DF39A7A635D836F\TuneUp2014GER1day-de-DE-p4v1.exe, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.OpenCandy, C:\Users\Tim\AppData\Roaming\OpenCandy\E34C31C13F8C4CA0B3C77179A0942DAF\TuneUpUtilities2013-2200218_de-DE.exe, Quarantined, [a60365ad037945f18fd2c421ca3853ad], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak, Quarantined, [93165cb60478e84e99f2fbea33cfb14f], PUP.Optional.NextLive.A, C:\Users\Tim\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [4a5f888a8af282b4b94df9eef50d7f81], PUP.Optional.NextLive.A, C:\Users\Tim\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [4a5f888a8af282b4b94df9eef50d7f81], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\chrome.manifest, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\install.rdf, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\components\herb.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\components\herb.xpt, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\components\utility.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\components\utility.xpt, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\extensions-4.0.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\about.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\alxtb2ff.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\alxtb2ff.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\Bestseller.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\bestsellers.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\button.css, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\button.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\buttons.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\buttons.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\cba.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\close.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\cs.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\default.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\Department.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\dialogWrapper.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\ellipsis.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\extension-uninstall.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\extensions.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\feedUrls.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\giurls.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\inject_api.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\install.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\install.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\myamazon.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\newreleases.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\option.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\option1.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\option2.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\options.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\overlay.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\overlay.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\product.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\results.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\search.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\searches.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\search_conf.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\toolbar.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\toolbar1.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\buttons\sparkline\sparkline.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Cancel-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\firstrun.css, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\firstrun.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\firstrun.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\firstupdate.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\firstupdate.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Up-Arrow.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\de_DE\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\es_ES\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\fr_FR\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\it_IT\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\ja_JP\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\firstrun\Buttons\zh_CN\Continue-button.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\content\oemdefault\toolbar.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\defaults\preferences\buttons.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\defaults\preferences\install.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\defaults\preferences\preferences.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\en-US\branding.dtd, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\en-US\branding.properties, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\zh-CN\branding.dtd, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\locale\zh-CN\branding.properties, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\META-INF\manifest.mf, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\META-INF\zigbert.rsa, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\META-INF\zigbert.sf, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\hotsearches.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo-down.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\1px-trans.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\a-smile-sm.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\about.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\add.ico, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\ai_bg.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa_internet.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alxtb2ff.css, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonbasket.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazongift.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonheart.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonlogo.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonmusic.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonorders.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonsearch.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazonwishlist.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazon_logo_small-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amazon_logo_small.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amzn-tb-options-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\amzn-tb-options.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\hoturls-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\hoturls.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\icon.ico, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\install.css, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\installed.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\ip-blocked.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\logo-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\logo.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\middot.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\myamazon.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo-up-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo-up.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\star.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\tl.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\tl.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\tl_arrow.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\tr.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\tr.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\twitter-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\twitter-new.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\twitter.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\twitterimdb-new.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\twitterimdb.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\update-arrow-down.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\url.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\wayback-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\wayback.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\wishlist.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\an_amazon_company.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\arrowdown.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\arrowdown_white.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\a_com_border.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bl.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bl.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\blank.htm, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\br.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\br.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\catalog-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\catalog.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\china_comment.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\china_globe.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\close.xul, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\comment.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\default.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\hb.ico, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\hotsearches-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\overlay.css, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\related-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\related.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rss.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\search-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\search-icon.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\search.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\separator.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\shim.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\shim_new.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\siteinfo-down-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\1.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\2.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\3.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\4.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\6.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\7.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\8.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\9.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\a.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\b.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\c.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\d.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\e.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\f.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\g.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph1.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph10.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph2.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph3.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph4.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph6.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph7.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph8.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\graph9.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\h.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\alexa\x.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\amazonlogo-small.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-0.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-0.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-1.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-1.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-2.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-2.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-3.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-3.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-4.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-4.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\star-5.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\images\stars.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault\amazonJQ.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault\amazonlogo.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault\countryMap.js, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault\DefaultButton.htm, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\oemdefault\toolbar-sprite-HTML.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bubblebox\description.xml, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bubblebox\img-bublebox-bottom.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bubblebox\img-bublebox-middle.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\bubblebox\img-bublebox-top.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\btn-close-over.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\btn-close.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxB.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxL.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxLB.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxLT.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxPK.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxR.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxRB.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxRT.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxRT2.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\img-boxT.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\gadget\spinner.gif, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\1.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\2.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\3.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\4.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\6.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\7.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\8.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\9.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\a.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\b.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\c.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\d.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\e.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\f.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\rank\x.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.0.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.0.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.1.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.1.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.2.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.2.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.3.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.3.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.4.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.4.5.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.5.0.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\stars.unrated.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\write-disabled.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\write-hover.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.AmazonTB.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com\skin\reviews\write.png, Quarantined, [f9b0b55d136930060ea58e5c946e51af], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\000202.ldb, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\000222.ldb, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\000226.log, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\CURRENT, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOCK, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOG, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOG.old, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\MANIFEST-000224, Quarantined, [1396a36f790346f03f347d6f50b2be42], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\ads.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\contextualClickProcessor.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\country.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\deferredXhr.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\dependencies.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\icon.png, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\main.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\manifest.json, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\ping.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\pingurl.txt, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\rmPopup.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams.json, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sss.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\tracking.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\utils.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams\background.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams\content.js, Quarantined, [edbcf0220a72092df66c7084e71b30d0], PUP.Optional.OfferMosquito.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx, Quarantined, [f7b2888add9fd462b8abb63ece347090], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx, Quarantined, [0a9f947e88f40b2b79931adc2ed42ad6], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\apnuserid.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\appid.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\dtx.ini, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\geodata.xml, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\guid.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\preferences.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\setupCfg.xml, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\sysid.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.MoviesToolBar.A, C:\Users\Tim\AppData\LocalLow\somotomoviestoolbar1\trackid.dat, Quarantined, [6f3ac94947352f07cc427a7c7d85cc34], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\000005.sst, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\000006.log, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\CURRENT, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\LOCK, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\LOG, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\LOG.old, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\baodmgdpdoelldjmkhknbolcldnfjegg\MANIFEST-000004, Quarantined, [8c1d3bd72755c3738c82f5037a888c74], PUP.Optional.SearchProtect.A, C:\Users\Tim\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [4564e0326f0d7bbb38ce6b9060a235cb], PUP.Optional.SWBooster.A, C:\ProgramData\Supersoftware App\SW-Booster\860614263.ini, Quarantined, [2b7e29e9fc80d4620edb6d8ef70bf50b], PUP.Optional.SystemSpeedup, C:\Users\Tim\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [208930e29ce09c9ab95451ad51b1e917], PUP.Optional.Trovi, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Trovi search");), Replaced,[5b4ef51dd6a6ad8920b080cb778ed32d] PUP.Optional.Trovi.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=55&CUI=&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32&SSPV=");), Replaced,[139651c195e783b3b7a629237491b44c] PUP.Optional.Trovi.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MD9FA8ED2-3985-4317-99CC-AE8EAED9EFC5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPAC1CE425-77E8-4B7C-90C6-A9D2F041ED32");), Replaced,[3c6d7b973943d462580683c957aeea16] PUP.Optional.CrossRider.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "142763724fa6757dc7a5a39a97b4a000");), Replaced,[6049b0624b31ec4a635b54f82dd88e72] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), Replaced,[6e3b060c1a6224124095e76506fff20e] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), Replaced,[d6d3e52dcbb149ed716479d3be476b95] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Replaced,[b2f7c949f587c57195402f1d4bbab34d] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), Replaced,[beeb43cfb6c63ff79b3a46061ee7b749] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "de");), Replaced,[6445789a0d6f0135a62f99b33fc68b75] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), Replaced,[e8c12fe305777bbbd7fe6ae2c63f5ca4] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), Replaced,[abfe5bb775077abc05d0321ab451a759] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "b66ba37f00000000000000873155b06f");), Replaced,[61488d85621a6ec89144440815f005fb] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15917");), Replaced,[4762ee24a0dcab8be1f495b727dedc24] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), Replaced,[b9f03dd5e5970a2cc90ce3699e67b947] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), Replaced,[7a2f4fc32d4f42f4b61f61eb10f5817f] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), Replaced,[8227dd3581fbff37b91c91bb8184fd03] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), Replaced,[09a06da56c100135cd08c686d431956b] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), Replaced,[6b3edb376418ed4930a52c2014f1639d] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), Replaced,[8c1d26ec304c9f97399cbc9032d37e82] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), Replaced,[1b8e6da593e9e74ff2e34a025fa6ee12] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), Replaced,[bfea26ec324a7bbbc312b29a06ff44bc] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.22.0");), Replaced,[e6c3a969b8c4d165379ef55791746f91] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.22.020:26:43");), Replaced,[199024eedaa2db5bf2e3e3699f66a35d] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.22.0");), Replaced,[6247e62cff7d251118bdf05c897c6b95] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babExt", "");), Replaced,[2c7ddd35c6b6c76fbb1a8bc1a461b947] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4960");), Replaced,[8f1a5db5f08c82b4fadb91bb51b4669a] PUP.Optional.Delta.A, C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.srcExt", "ss");), Replaced,[7336957dc8b48ea8449137157d88e818] Physical Sectors: 0 (No malicious items detected) (end) |
|
09.10.2014, 16:44
| #9 |
| | tr/agent.83648 und andere wie TR/Crypt gefundenCode:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 09/10/2014 um 17:31:14
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Tim - TIM-PC
# Gestartet von : C:\Users\Tim\Desktop\AdwCleaner_3.311.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Users\Tim\AppData\Local\FreeFixer
Ordner Gelöscht : C:\Users\Tim\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Tim\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Tim\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Tim\AppData\LocalLow\Minibar
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\fbDownloader
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\FreeFixer
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Seventh
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Sixth
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
Ordner Gelöscht : C:\Users\Tim\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\{D4A5FD5B-2243-4A66-9F96-9E488A2A4147}
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\128
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\130
Datei Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\plugin@getwebcake.com.xpi
Datei Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\snt@dotlabs.co.xpi
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Tim\daemonprocess.txt
Datei Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\invalidprefs.js
Datei Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\BrowserDefender.xml
Datei Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\searchplugins\fbdownloader_search.xml
***** [ Tasks ] *****
Task Gelöscht : Dealply
Task Gelöscht : DealPlyUpdate
Task Gelöscht : Desk 365 RunAsStdUser
Task Gelöscht : GoforFilesUpdate
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Sixth]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKCU\Software\SIEN SA
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKCU\Software\90d88be53feb17
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-649636217
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-msn-emoticons-pack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-msn-emoticons-pack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3728BA43-F94F-42A4-9E8D-00B930D1DB28}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3728BA43-F94F-42A4-9E8D-00B930D1DB28}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\SafetyNut
Schlüssel Gelöscht : HKLM\SOFTWARE\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeFixer1.11
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("extensions.3323.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "shoppinghelper");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "b567ea09-1f92-4c71-8aae-d0a160bc4759");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "19/08/2013");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "shoppinghelper");
Zeile gelöscht : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"AppsHat\",\"description\":\"AppsHat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%affi[...]
Zeile gelöscht : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]
Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "3553");
Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");
Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"update_interval\":1029,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");
Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1386271405762 - processInstallationUpgrade - isUpgrade: false\n1386271405762 - processBrowserLoad - Bad mappingListJsonString: null\n1386271407263 - onFlagInfo[...]
Zeile gelöscht : user_pref("extensions.wajam.unique_id", "08E8352B4DD003C5ACC1511995B714C0");
Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Zeile gelöscht : user_pref("extensions.wajam.version", "1.26");
Zeile gelöscht : user_pref("extentions.webcake.installId", "934b18f3-afd5-4634-a1f9-46262db50978");
Zeile gelöscht : user_pref("om.config", "{\"active\":true,\"name\":\"twde\",\"id\":25,\"dispId\":\"CH-25\",\"aboutLink\":\"\",\"trackingGeneral\":false,\"xhrDomains\":[\"become\",\"shopzilla\",\"twenga\",\"bizrate\",\[...]
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "FBDownloader Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=");
-\\ Google Chrome v
[ Datei : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : aaaaimdcedbpbcjjbbnfcbbjcngmomic
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : gbmdkmlcnbapgegninelmjbfibaghdmk
*************************
AdwCleaner[R0].txt - [27376 octets] - [09/10/2014 17:22:40]
AdwCleaner[S0].txt - [25617 octets] - [09/10/2014 17:31:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25678 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tim on 09.10.2014 at 17:39:24,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\Shopping-Chip
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Program Files (x86)\qualitink"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.10.2014 at 17:41:12,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Tim (administrator) on TIM-PC on 09-10-2014 17:43:00
Running from C:\Users\Tim\Downloads
Loaded Profile: Tim (Available profiles: Tim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Amazon Cloud Player] => C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Spotify] => C:\Users\Tim\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-02] (Spotify Ltd)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-02] (Spotify Ltd)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41EE424A6361CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a10918-135&apn_uid=3558326840134419&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p14_serp_ff_de_display?ie=UTF8&tagbase=bds-p14&tag=bds-p14-serp-de-ff-21&tbrId=v1_abb-channel-14_824b8ec2eec444daa4e1bb35160161a6_16_37_20130721_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: LyricsFolder - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\116 [2013-06-21]
FF Extension: LyricsWoofer - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\122 [2013-07-15]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-06-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{c052547f-f958-4865-852b-1a05276bead4}] - C:\Program Files (x86)\LyricsFolder\130.xpi
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\snt@dotlabs.co.xpi [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\om@offermosquito.com.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-02-05]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [lmgddjncmooacfihfmikfohkldcjjgml] - C:\Program Files (x86)\LyricsFolder\130.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-24] (Perfect World Entertainment Inc)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-11-05] () [File not signed]
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4868640 2013-08-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-14] ()
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8228240 2012-09-19] (Realtek Semiconductor Corp.)
S1 ajycpdri; \??\C:\Windows\system32\drivers\ajycpdri.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ddddhjup; \??\C:\Windows\system32\drivers\ddddhjup.sys [X]
S3 dump_wmimmc; \??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [X]
S1 ebdyyzoi; \??\C:\Windows\system32\drivers\ebdyyzoi.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 fqnirfvl; \??\C:\Windows\system32\drivers\fqnirfvl.sys [X]
S1 gfjkjpfk; \??\C:\Windows\system32\drivers\gfjkjpfk.sys [X]
S1 gkxbvqyo; \??\C:\Windows\system32\drivers\gkxbvqyo.sys [X]
S1 hyptngcc; \??\C:\Windows\system32\drivers\hyptngcc.sys [X]
S1 jwucfrnp; \??\C:\Windows\system32\drivers\jwucfrnp.sys [X]
S1 qmsfutqv; \??\C:\Windows\system32\drivers\qmsfutqv.sys [X]
S1 tbrbiaza; \??\C:\Windows\system32\drivers\tbrbiaza.sys [X]
S1 tkhaqghs; \??\C:\Windows\system32\drivers\tkhaqghs.sys [X]
S1 toirfogb; \??\C:\Windows\system32\drivers\toirfogb.sys [X]
S1 ufuiaexx; \??\C:\Windows\system32\drivers\ufuiaexx.sys [X]
S1 vcnetjuh; \??\C:\Windows\system32\drivers\vcnetjuh.sys [X]
S1 wrijkzzv; \??\C:\Windows\system32\drivers\wrijkzzv.sys [X]
S1 xivgvwbn; \??\C:\Windows\system32\drivers\xivgvwbn.sys [X]
S1 yacabajr; \??\C:\Windows\system32\drivers\yacabajr.sys [X]
S1 zbfgcayp; \??\C:\Windows\system32\drivers\zbfgcayp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-09 17:41 - 2014-10-09 17:41 - 00001167 _____ () C:\Users\Tim\Desktop\JRT.txt
2014-10-09 17:39 - 2014-10-09 17:39 - 00000000 ____D () C:\Windows\ERUNT
2014-10-09 17:22 - 2014-10-09 17:31 - 00000000 ____D () C:\AdwCleaner
2014-10-09 13:43 - 2014-10-09 13:43 - 00098525 _____ () C:\Users\Tim\Desktop\asd.txt
2014-10-09 13:33 - 2014-10-09 13:33 - 01705755 _____ (Thisisu) C:\Users\Tim\Downloads\JRT.exe
2014-10-09 13:00 - 2014-10-09 13:00 - 01375089 _____ () C:\Users\Tim\Downloads\AdwCleaner_3.311.exe
2014-10-09 13:00 - 2014-10-09 13:00 - 01375089 _____ () C:\Users\Tim\Desktop\AdwCleaner_3.311.exe
2014-10-09 12:58 - 2014-10-09 13:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 12:58 - 2014-10-09 12:58 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-09 12:58 - 2014-10-09 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-09 12:58 - 2014-10-09 12:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 12:58 - 2014-10-09 12:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-09 12:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-09 12:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-09 12:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 12:57 - 2014-10-09 12:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-08 17:49 - 2014-10-08 17:49 - 00069828 _____ () C:\ComboFix.txt
2014-10-08 17:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-08 17:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-08 17:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-08 17:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-08 17:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-08 17:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-08 17:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-08 17:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-08 17:31 - 2014-10-08 17:49 - 00000000 ____D () C:\Qoobox
2014-10-08 17:31 - 2014-10-08 17:47 - 00000000 ____D () C:\Windows\erdnt
2014-10-08 17:30 - 2014-10-08 17:29 - 05582481 ____R (Swearware) C:\Users\Tim\Desktop\ComboFix.exe
2014-10-08 17:29 - 2014-10-08 17:29 - 00003254 _____ () C:\Windows\System32\Tasks\{A83988EB-3058-4914-8DF9-0FDF0FCA5B92}
2014-10-08 17:27 - 2014-10-08 17:29 - 05582481 _____ (Swearware) C:\Users\Tim\Downloads\ComboFix.exe
2014-10-08 17:18 - 2014-10-08 17:18 - 00001271 _____ () C:\Users\Tim\Desktop\Revo Uninstaller.lnk
2014-10-08 17:18 - 2014-10-08 17:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-08 17:17 - 2014-10-08 17:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tim\Downloads\revosetup95.exe
2014-10-08 17:17 - 2014-10-08 17:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tim\Desktop\revosetup95.exe
2014-10-07 20:19 - 2014-10-07 20:19 - 00051375 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-10-07 20:19 - 2014-10-07 20:19 - 00038834 _____ () C:\Users\Tim\Desktop\Addition.txt
2014-10-07 20:18 - 2014-10-09 17:43 - 00019275 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-10-07 20:18 - 2014-10-07 20:19 - 00038834 _____ () C:\Users\Tim\Downloads\Addition.txt
2014-10-07 20:17 - 2014-10-09 17:43 - 00000000 ____D () C:\FRST
2014-10-07 20:17 - 2014-10-07 20:17 - 02109952 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-10-07 18:12 - 2014-10-07 18:12 - 00000221 _____ () C:\Users\Tim\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
2014-10-07 18:09 - 2014-10-07 18:11 - 00000000 ____D () C:\Users\Tim\Desktop\mw3 hacks
2014-10-06 18:17 - 2014-10-06 18:17 - 00070352 _____ () C:\Users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 18:16 - 2014-10-09 17:35 - 00001232 _____ () C:\Windows\setupact.log
2014-10-06 18:16 - 2014-10-09 17:34 - 00148772 _____ () C:\Windows\PFRO.log
2014-10-06 18:16 - 2014-10-06 18:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-05 21:48 - 2014-10-05 21:59 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Wise Disk Cleaner
2014-10-05 21:48 - 2014-10-05 21:48 - 00001211 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2014-10-05 21:48 - 2014-10-05 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2014-10-05 21:48 - 2014-10-05 21:48 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-10-05 21:35 - 2014-10-05 21:35 - 00000000 ____D () C:\Users\Tim\Documents\FLiNGTrainer
2014-10-05 19:08 - 2014-10-05 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-04 23:30 - 2014-10-06 22:54 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\OBS
2014-10-04 23:30 - 2014-10-04 23:30 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-10-04 23:30 - 2014-10-04 23:30 - 00000000 ____D () C:\Program Files\OBS
2014-10-04 23:29 - 2014-10-04 23:39 - 00000000 ____D () C:\Users\Tim\Desktop\twitch
2014-10-04 20:34 - 2014-10-04 20:34 - 00000000 ____D () C:\Users\Tim\Documents\WB Games
2014-10-04 15:43 - 2014-10-04 15:43 - 00000222 _____ () C:\Users\Tim\Desktop\Middle-earth Shadow of Mordor.url
2014-09-30 19:18 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 19:18 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\StunlockStudios
2014-09-29 21:10 - 2014-09-29 21:10 - 00000000 ____D () C:\Users\Tim\Desktop\hack iss
2014-09-27 12:48 - 2014-09-27 12:48 - 00000222 _____ () C:\Users\Tim\Desktop\Dead Island Epidemic.url
2014-09-24 17:18 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 17:18 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 21:20 - 2014-09-21 21:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\Akamai
2014-09-20 17:04 - 2014-09-20 17:04 - 00000222 _____ () C:\Users\Tim\Desktop\Scribblenauts Unmasked.url
2014-09-10 22:55 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 22:55 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 22:55 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 22:55 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 22:55 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 22:55 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 22:55 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 22:55 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 22:55 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 22:55 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 22:55 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 22:55 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 22:55 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 22:55 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 22:55 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 22:55 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 22:55 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 22:55 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 22:55 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 22:55 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 22:55 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 22:55 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 22:55 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 22:55 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 22:55 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 22:55 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 22:55 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 22:55 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 22:55 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 22:55 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 22:55 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 22:55 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 22:55 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 22:55 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 22:55 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 22:55 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 22:55 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 22:55 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 22:55 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 22:55 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 22:55 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 22:55 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 22:55 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 22:55 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 22:55 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 22:55 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 22:55 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 22:55 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 22:55 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 22:55 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 22:55 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 22:55 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 22:55 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 22:55 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 22:55 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 22:55 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:36 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:36 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 14:26 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:26 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:26 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:26 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 14:25 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:25 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:25 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:25 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:25 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-09 17:43 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 17:43 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 17:40 - 2013-06-04 21:51 - 02059457 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 17:38 - 2014-07-18 22:58 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Spotify
2014-10-09 17:36 - 2014-01-05 13:32 - 00000000 ____D () C:\Users\Tim\AppData\Local\LogMeIn Hamachi
2014-10-09 17:35 - 2013-06-04 22:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-09 17:34 - 2013-06-05 15:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-09 17:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 17:31 - 2013-09-21 20:18 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-10-09 17:31 - 2013-06-04 22:50 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000UA.job
2014-10-09 17:31 - 2013-06-04 22:11 - 00000000 ____D () C:\Users\Tim
2014-10-09 17:30 - 2013-06-04 22:50 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000Core.job
2014-10-09 17:21 - 2013-06-17 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 13:34 - 2014-06-08 18:45 - 00000000 ____D () C:\ProgramData\Supersoftware App
2014-10-09 12:58 - 2014-02-18 14:29 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-09 12:58 - 2014-01-23 21:39 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-09 12:58 - 2014-01-23 21:39 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-08 23:42 - 2013-06-04 22:21 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2014-10-08 17:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-08 17:38 - 2013-06-20 16:10 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-08 17:34 - 2013-06-04 22:59 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-10-08 17:21 - 2014-01-23 21:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-06 18:19 - 2014-07-18 22:58 - 00000000 ____D () C:\Users\Tim\AppData\Local\Spotify
2014-10-05 21:56 - 2014-07-04 21:32 - 00000000 ____D () C:\Users\Tim\Tracing
2014-10-05 21:54 - 2014-02-05 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles
2014-10-05 21:54 - 2013-12-07 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-05 21:54 - 2013-11-05 21:03 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-10-05 21:54 - 2013-11-01 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher
2014-10-05 21:54 - 2013-09-09 20:22 - 00000000 ____D () C:\Users\Tim\AppData\Local\CrashDumps
2014-10-05 21:54 - 2013-06-04 22:45 - 00000000 ____D () C:\Windows\Panther
2014-10-05 21:35 - 2014-08-07 23:43 - 00000000 ____D () C:\Users\Tim\Desktop\saveedit_r237
2014-10-05 19:08 - 2014-03-16 01:38 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-05 19:08 - 2013-06-04 22:41 - 00000000 ____D () C:\ProgramData\Skype
2014-10-05 19:08 - 2013-05-06 18:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-04 15:43 - 2014-06-14 22:58 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-02 16:36 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-29 21:09 - 2014-06-03 18:40 - 00123392 ___SH () C:\Users\Tim\Desktop\Thumbs.db
2014-09-26 23:36 - 2013-08-01 22:17 - 00000000 ____D () C:\ProgramData\Origin
2014-09-26 20:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 18:35 - 2013-10-29 15:24 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-09-26 17:45 - 2014-03-13 15:13 - 00001185 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-09-26 17:33 - 2013-08-01 22:17 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-23 20:52 - 2013-06-17 18:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 20:52 - 2013-06-17 18:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 20:52 - 2013-06-17 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-21 12:54 - 2014-07-29 22:03 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\.minecraft
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-10 22:54 - 2013-06-04 23:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 22:54 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 22:54 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 22:53 - 2009-07-14 07:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 22:52 - 2013-08-15 22:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:37 - 2013-06-08 12:45 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 22:36 - 2014-05-06 23:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 14:05 - 2013-10-04 16:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 14:04 - 2014-09-05 15:56 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 14:04 - 2014-01-23 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2014-03-23 01:42] - [2011-08-19 17:39] - 2388992 ____A (Microsoft Corporation) 7A688948605A6E4261653E2B4D87F0B2
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-26 20:14
==================== End Of Log ============================
--- --- --- |
|
10.10.2014, 11:41
| #10 |
| /// the machine /// TB-Ausbilder | tr/agent.83648 und andere wie TR/Crypt gefundenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2014, 12:46
| #11 |
| | tr/agent.83648 und andere wie TR/Crypt gefundenCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=776a4520528a4148b345a75ccfb983ab
# engine=20538
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-10 08:09:50
# local_time=2014-10-10 10:09:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 29341 25619815 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 28245 164601640 0 0
# scanned=480044
# found=65
# cleaned=0
# scan_time=20757
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=1EBBE5C91F6F590AE0EF12DA575424B6B7E64EC3 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\plugin@getwebcake.com.xpi.vir"
sh=3221817B4753369C1583BF8F5CC875EF562CB6C5 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\{D4A5FD5B-2243-4A66-9F96-9E488A2A4147}\chrome\content\dealplyshopping.xul.vir"
sh=7671FBBD26BCEECB772D1A26CC7B1911B7A20E3E ft=1 fh=4fd638d5eab7a926 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=25D44FF5F6B9F7D359DA78BD9FE9ADD7C6F5FCC2 ft=1 fh=609894aae6752dad vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=A5C60B7C48446993361D0167BFF6A414D28C11BE ft=1 fh=7279011a7953cfbf vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=58807952BB234090B1AAA00A6BACA12FAC3988BB ft=1 fh=87db562cf8411ab0 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=474872169A077D88008CBCB9578B3FF4CF154D69 ft=1 fh=0f71e6f84709ddc8 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=C2B0A401F2F9F819A3AD01F684906391EC3FE980 ft=1 fh=736419a4758c9f56 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=6FD1997B553A8BEA5FA5C692151D6F2CD43C328D ft=1 fh=c230efd03bc1965f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=8D773D84F543A7230DB4F6C6469196EA0059C9EC ft=1 fh=f189fb1a55e354f2 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=559E37D82C179E37BD686A766C6B0AABCEAC90F2 ft=1 fh=82436b9c51167a8e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=58C3F42D04D646EB15C73F8558B7A6FC8CE26A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\101_cortica_m.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\102_dealply_m.js.vir"
sh=FDBA68AA29F1385C6CD0465F45934AF7BAB39721 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=894D0F3EAAC59911117C997B029F44332D42491B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\108_icm_m.js.vir"
sh=6EF5B1448DE7B0A1263E32EBA7DC2AFE502C8FB4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\120_luck_m.js.vir"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=05480BD17A63333789D1E425879FBF083C177A99 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\129_widdit_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=BB51F0B482DCE267913B695EBCDD1E9AF79583A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=83D599FA708D26F2F1D43E847C2CD2AA9AB540E6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=6BAE4634957305EA02B0FED1E9CDDBE6A14914E0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=0729BA2080FB482AD0CCFFA9EB2B1BFEBB7DE4F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\189_active_sanity.js.vir"
sh=981BAB53F6F158BB5F89B0A202EC0FB975258A4F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=EBC6B605C382391DB57EAF46206ADD0D7CEBF803 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=213D5B8FB754B838DF91E9FE2EDFB1E3A3A60900 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir"
sh=5B3338E8C3C20A95C180626940F7C6BC46D49F5D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=81ECD53ECC5EB6E17063A90F3EB31526347E730F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\92_superfish_m.js.vir"
sh=BFD0F29067CAE71544784708FE5554D6518AD6AD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=41A3E53270A3A7754343E79FB9D5C85A1D7AD84C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\oaxqtmb3ecp@si-iyr.edu\content\bg.js.vir"
sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]"
sh=E4333469F3070D049E4FDA053756B96B9F59569B ft=1 fh=5e9b3d881266bb41 vn="Win32/Distromatic evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1]"
sh=63981687FFC14608CDAE65C7EFEA1B24ACAF1DF4 ft=1 fh=c82ffca9f6717ccb vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]"
sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]"
sh=E4333469F3070D049E4FDA053756B96B9F59569B ft=1 fh=5e9b3d881266bb41 vn="Win32/Distromatic evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1]"
sh=63981687FFC14608CDAE65C7EFEA1B24ACAF1DF4 ft=1 fh=c82ffca9f6717ccb vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]"
sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\Windows.old.000\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=D6CF7460A4F696A0E053E042B09C92A7970F30BD ft=1 fh=3da28455addb719c vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\Windows.old.000\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Wise Disk Cleaner 8.31
Java 7 Update 67
Java SE Development Kit 7 Update 51
Adobe Flash Player 15.0.0.152
Mozilla Firefox 24.0 Firefox out of Date!
Google Chrome 31.0.1650.63
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Tim (administrator) on TIM-PC on 10-10-2014 22:37:21
Running from C:\Users\Tim\Downloads
Loaded Profile: Tim (Available profiles: Tim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Tim\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.224\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.8\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.112\deploy\LolClient.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Amazon Cloud Player] => C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Spotify] => C:\Users\Tim\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-02] (Spotify Ltd)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-02] (Spotify Ltd)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-55065230-3091527404-1719944264-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41EE424A6361CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a10918-135&apn_uid=3558326840134419&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p14_serp_ff_de_display?ie=UTF8&tagbase=bds-p14&tag=bds-p14-serp-de-ff-21&tbrId=v1_abb-channel-14_824b8ec2eec444daa4e1bb35160161a6_16_37_20130721_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: LyricsFolder - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\116 [2013-06-21]
FF Extension: LyricsWoofer - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\122 [2013-07-15]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-06-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{c052547f-f958-4865-852b-1a05276bead4}] - C:\Program Files (x86)\LyricsFolder\130.xpi
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\snt@dotlabs.co.xpi [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\om@offermosquito.com.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-02-05]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [lmgddjncmooacfihfmikfohkldcjjgml] - C:\Program Files (x86)\LyricsFolder\130.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-24] (Perfect World Entertainment Inc)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-11-05] () [File not signed]
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4868640 2013-08-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-14] ()
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8228240 2012-09-19] (Realtek Semiconductor Corp.)
S1 ajycpdri; \??\C:\Windows\system32\drivers\ajycpdri.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ddddhjup; \??\C:\Windows\system32\drivers\ddddhjup.sys [X]
S3 dump_wmimmc; \??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [X]
S1 ebdyyzoi; \??\C:\Windows\system32\drivers\ebdyyzoi.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 fqnirfvl; \??\C:\Windows\system32\drivers\fqnirfvl.sys [X]
S1 gfjkjpfk; \??\C:\Windows\system32\drivers\gfjkjpfk.sys [X]
S1 gkxbvqyo; \??\C:\Windows\system32\drivers\gkxbvqyo.sys [X]
S1 hyptngcc; \??\C:\Windows\system32\drivers\hyptngcc.sys [X]
S1 jwucfrnp; \??\C:\Windows\system32\drivers\jwucfrnp.sys [X]
S1 qmsfutqv; \??\C:\Windows\system32\drivers\qmsfutqv.sys [X]
S1 tbrbiaza; \??\C:\Windows\system32\drivers\tbrbiaza.sys [X]
S1 tkhaqghs; \??\C:\Windows\system32\drivers\tkhaqghs.sys [X]
S1 toirfogb; \??\C:\Windows\system32\drivers\toirfogb.sys [X]
S1 ufuiaexx; \??\C:\Windows\system32\drivers\ufuiaexx.sys [X]
S1 vcnetjuh; \??\C:\Windows\system32\drivers\vcnetjuh.sys [X]
S1 wrijkzzv; \??\C:\Windows\system32\drivers\wrijkzzv.sys [X]
S1 xivgvwbn; \??\C:\Windows\system32\drivers\xivgvwbn.sys [X]
S1 yacabajr; \??\C:\Windows\system32\drivers\yacabajr.sys [X]
S1 zbfgcayp; \??\C:\Windows\system32\drivers\zbfgcayp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-10 22:32 - 2014-10-10 22:31 - 00854417 _____ () C:\Users\Tim\Desktop\SecurityCheck.exe
2014-10-10 22:31 - 2014-10-10 22:31 - 00854417 _____ () C:\Users\Tim\Downloads\SecurityCheck.exe
2014-10-10 14:02 - 2014-10-10 14:02 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_deu.exe
2014-10-09 18:15 - 2014-10-09 18:15 - 06099029 _____ () C:\Users\Tim\Downloads\ScamberZLauncher_1.3.9_Alpha.rar
2014-10-09 17:39 - 2014-10-09 17:39 - 00000000 ____D () C:\Windows\ERUNT
2014-10-09 17:22 - 2014-10-09 17:31 - 00000000 ____D () C:\AdwCleaner
2014-10-09 13:33 - 2014-10-09 13:33 - 01705755 _____ (Thisisu) C:\Users\Tim\Downloads\JRT.exe
2014-10-09 13:00 - 2014-10-09 13:00 - 01375089 _____ () C:\Users\Tim\Downloads\AdwCleaner_3.311.exe
2014-10-09 12:58 - 2014-10-09 13:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 12:58 - 2014-10-09 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-09 12:58 - 2014-10-09 12:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 12:58 - 2014-10-09 12:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-09 12:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-09 12:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-09 12:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 12:57 - 2014-10-09 12:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-08 17:49 - 2014-10-08 17:49 - 00069828 _____ () C:\ComboFix.txt
2014-10-08 17:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-08 17:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-08 17:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-08 17:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-08 17:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-08 17:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-08 17:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-08 17:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-08 17:31 - 2014-10-08 17:49 - 00000000 ____D () C:\Qoobox
2014-10-08 17:31 - 2014-10-08 17:47 - 00000000 ____D () C:\Windows\erdnt
2014-10-08 17:29 - 2014-10-08 17:29 - 00003254 _____ () C:\Windows\System32\Tasks\{A83988EB-3058-4914-8DF9-0FDF0FCA5B92}
2014-10-08 17:27 - 2014-10-08 17:29 - 05582481 _____ (Swearware) C:\Users\Tim\Downloads\ComboFix.exe
2014-10-08 17:18 - 2014-10-08 17:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-08 17:17 - 2014-10-08 17:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tim\Downloads\revosetup95.exe
2014-10-07 20:18 - 2014-10-10 22:37 - 00020426 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-10-07 20:18 - 2014-10-07 20:19 - 00038834 _____ () C:\Users\Tim\Downloads\Addition.txt
2014-10-07 20:17 - 2014-10-10 22:37 - 00000000 ____D () C:\FRST
2014-10-07 20:17 - 2014-10-07 20:17 - 02109952 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-10-07 18:12 - 2014-10-07 18:12 - 00000221 _____ () C:\Users\Tim\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
2014-10-06 18:17 - 2014-10-06 18:17 - 00070352 _____ () C:\Users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 18:16 - 2014-10-10 15:53 - 00002912 _____ () C:\Windows\setupact.log
2014-10-06 18:16 - 2014-10-09 17:34 - 00148772 _____ () C:\Windows\PFRO.log
2014-10-06 18:16 - 2014-10-06 18:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-05 21:48 - 2014-10-05 21:59 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Wise Disk Cleaner
2014-10-05 21:48 - 2014-10-05 21:48 - 00001211 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2014-10-05 21:48 - 2014-10-05 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2014-10-05 21:48 - 2014-10-05 21:48 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-10-05 21:35 - 2014-10-05 21:35 - 00000000 ____D () C:\Users\Tim\Documents\FLiNGTrainer
2014-10-05 19:08 - 2014-10-05 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-04 23:30 - 2014-10-06 22:54 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\OBS
2014-10-04 23:30 - 2014-10-04 23:30 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-10-04 23:30 - 2014-10-04 23:30 - 00000000 ____D () C:\Program Files\OBS
2014-10-04 23:29 - 2014-10-04 23:39 - 00000000 ____D () C:\Users\Tim\Desktop\twitch
2014-10-04 20:34 - 2014-10-04 20:34 - 00000000 ____D () C:\Users\Tim\Documents\WB Games
2014-10-04 15:43 - 2014-10-04 15:43 - 00000222 _____ () C:\Users\Tim\Desktop\Middle-earth Shadow of Mordor.url
2014-09-30 19:18 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 19:18 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\StunlockStudios
2014-09-29 21:10 - 2014-09-29 21:10 - 00000000 ____D () C:\Users\Tim\Desktop\hack iss
2014-09-27 12:48 - 2014-09-27 12:48 - 00000222 _____ () C:\Users\Tim\Desktop\Dead Island Epidemic.url
2014-09-24 17:18 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 17:18 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 21:20 - 2014-09-21 21:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\Akamai
2014-09-20 17:04 - 2014-09-20 17:04 - 00000222 _____ () C:\Users\Tim\Desktop\Scribblenauts Unmasked.url
2014-09-10 22:55 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 22:55 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 22:55 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 22:55 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 22:55 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 22:55 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 22:55 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 22:55 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 22:55 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 22:55 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 22:55 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 22:55 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 22:55 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 22:55 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 22:55 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 22:55 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 22:55 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 22:55 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 22:55 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 22:55 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 22:55 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 22:55 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 22:55 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 22:55 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 22:55 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 22:55 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 22:55 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 22:55 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 22:55 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 22:55 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 22:55 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 22:55 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 22:55 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 22:55 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 22:55 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 22:55 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 22:55 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 22:55 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 22:55 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 22:55 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 22:55 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 22:55 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 22:55 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 22:55 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 22:55 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 22:55 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 22:55 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 22:55 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 22:55 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 22:55 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 22:55 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 22:55 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 22:55 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 22:55 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 22:55 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 22:55 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:36 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:36 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 14:26 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:26 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:26 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:26 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 14:25 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:25 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:25 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:25 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:25 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-10 22:34 - 2013-06-04 22:21 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2014-10-10 22:31 - 2013-06-04 22:50 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000UA.job
2014-10-10 21:52 - 2013-06-17 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 20:13 - 2013-06-04 21:51 - 01056633 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 16:31 - 2013-06-04 22:50 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55065230-3091527404-1719944264-1000Core.job
2014-10-10 15:40 - 2014-07-18 22:58 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Spotify
2014-10-10 15:07 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 15:07 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 14:11 - 2014-07-18 22:58 - 00000000 ____D () C:\Users\Tim\AppData\Local\Spotify
2014-10-10 13:55 - 2014-01-05 13:32 - 00000000 ____D () C:\Users\Tim\AppData\Local\LogMeIn Hamachi
2014-10-10 13:55 - 2013-06-04 22:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-10 13:54 - 2013-06-05 15:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-10 13:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 20:03 - 2014-02-02 11:02 - 00000000 ____D () C:\Users\Tim\AppData\Local\Battle.net
2014-10-09 19:34 - 2014-02-02 11:02 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Battle.net
2014-10-09 19:17 - 2014-04-25 23:07 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-09 19:12 - 2014-02-02 11:02 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-09 17:31 - 2013-09-21 20:18 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-10-09 17:31 - 2013-06-05 15:36 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Common
2014-10-09 17:31 - 2013-06-04 22:11 - 00000000 ____D () C:\Users\Tim
2014-10-09 13:34 - 2014-06-08 18:45 - 00000000 ____D () C:\ProgramData\Supersoftware App
2014-10-09 12:58 - 2014-02-18 14:29 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-09 12:58 - 2014-01-23 21:39 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-09 12:58 - 2014-01-23 21:39 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-08 17:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-08 17:38 - 2013-06-20 16:10 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-08 17:34 - 2013-06-04 22:59 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-10-08 17:21 - 2014-01-23 21:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-05 21:56 - 2014-07-04 21:32 - 00000000 ____D () C:\Users\Tim\Tracing
2014-10-05 21:54 - 2014-02-05 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles
2014-10-05 21:54 - 2013-12-07 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-05 21:54 - 2013-11-05 21:03 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-10-05 21:54 - 2013-11-01 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher
2014-10-05 21:54 - 2013-09-09 20:22 - 00000000 ____D () C:\Users\Tim\AppData\Local\CrashDumps
2014-10-05 21:54 - 2013-06-04 22:45 - 00000000 ____D () C:\Windows\Panther
2014-10-05 21:35 - 2014-08-07 23:43 - 00000000 ____D () C:\Users\Tim\Desktop\saveedit_r237
2014-10-05 19:08 - 2014-03-16 01:38 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-05 19:08 - 2013-06-04 22:41 - 00000000 ____D () C:\ProgramData\Skype
2014-10-05 19:08 - 2013-05-06 18:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-04 15:43 - 2014-06-14 22:58 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-02 16:36 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-29 21:09 - 2014-06-03 18:40 - 00123392 ___SH () C:\Users\Tim\Desktop\Thumbs.db
2014-09-26 23:36 - 2013-08-01 22:17 - 00000000 ____D () C:\ProgramData\Origin
2014-09-26 20:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 18:35 - 2013-10-29 15:24 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-09-26 17:45 - 2014-03-13 15:13 - 00001185 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-09-26 17:33 - 2013-08-01 22:17 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-23 20:52 - 2013-06-17 18:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 20:52 - 2013-06-17 18:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 20:52 - 2013-06-17 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-21 12:54 - 2014-07-29 22:03 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\.minecraft
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-10 22:54 - 2013-06-04 23:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 22:54 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 22:54 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 22:53 - 2009-07-14 07:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 22:52 - 2013-08-15 22:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:37 - 2013-06-08 12:45 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 22:36 - 2014-05-06 23:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2014-03-23 01:42] - [2011-08-19 17:39] - 2388992 ____A (Microsoft Corporation) 7A688948605A6E4261653E2B4D87F0B2
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-26 20:14
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Geändert von 123_Benutzer (11.10.2014 um 12:48 Uhr) Grund: war nicht für die Nachricht bestimmt sry :) |
|
12.10.2014, 10:07
| #12 | |
| /// the machine /// TB-Ausbilder | tr/agent.83648 und andere wie TR/Crypt gefunden Ordner windows.old löschen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\snt@dotlabs.co.xpi [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\om@offermosquito.com.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 ebdyyzoi; \??\C:\Windows\system32\drivers\ebdyyzoi.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 fqnirfvl; \??\C:\Windows\system32\drivers\fqnirfvl.sys [X]
S1 gfjkjpfk; \??\C:\Windows\system32\drivers\gfjkjpfk.sys [X]
S1 gkxbvqyo; \??\C:\Windows\system32\drivers\gkxbvqyo.sys [X]
S1 hyptngcc; \??\C:\Windows\system32\drivers\hyptngcc.sys [X]
S1 jwucfrnp; \??\C:\Windows\system32\drivers\jwucfrnp.sys [X]
S1 qmsfutqv; \??\C:\Windows\system32\drivers\qmsfutqv.sys [X]
S1 tbrbiaza; \??\C:\Windows\system32\drivers\tbrbiaza.sys [X]
S1 tkhaqghs; \??\C:\Windows\system32\drivers\tkhaqghs.sys [X]
S1 toirfogb; \??\C:\Windows\system32\drivers\toirfogb.sys [X]
S1 ufuiaexx; \??\C:\Windows\system32\drivers\ufuiaexx.sys [X]
S1 vcnetjuh; \??\C:\Windows\system32\drivers\vcnetjuh.sys [X]
S1 wrijkzzv; \??\C:\Windows\system32\drivers\wrijkzzv.sys [X]
S1 xivgvwbn; \??\C:\Windows\system32\drivers\xivgvwbn.sys [X]
S1 yacabajr; \??\C:\Windows\system32\drivers\yacabajr.sys [X]
S1 zbfgcayp; \??\C:\Windows\system32\drivers\zbfgcayp.sys [X]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2014, 15:39
| #13 |
| | tr/agent.83648 und andere wie TR/Crypt gefunden Die windows.old Ordner habe ich schon geleert kann den Ordner aber ich löschen Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Tim at 2014-10-12 14:30:30 Run:1
Running from C:\Users\Tim\Desktop
Loaded Profile: Tim (Available profiles: Tim)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com [Not Found] FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found] FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\snt@dotlabs.co.xpi [Not Found] FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\om@offermosquito.com.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S1 ebdyyzoi; \??\C:\Windows\system32\drivers\ebdyyzoi.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S1 fqnirfvl; \??\C:\Windows\system32\drivers\fqnirfvl.sys [X] S1 gfjkjpfk; \??\C:\Windows\system32\drivers\gfjkjpfk.sys [X] S1 gkxbvqyo; \??\C:\Windows\system32\drivers\gkxbvqyo.sys [X] S1 hyptngcc; \??\C:\Windows\system32\drivers\hyptngcc.sys [X] S1 jwucfrnp; \??\C:\Windows\system32\drivers\jwucfrnp.sys [X] S1 qmsfutqv; \??\C:\Windows\system32\drivers\qmsfutqv.sys [X] S1 tbrbiaza; \??\C:\Windows\system32\drivers\tbrbiaza.sys [X] S1 tkhaqghs; \??\C:\Windows\system32\drivers\tkhaqghs.sys [X] S1 toirfogb; \??\C:\Windows\system32\drivers\toirfogb.sys [X] S1 ufuiaexx; \??\C:\Windows\system32\drivers\ufuiaexx.sys [X] S1 vcnetjuh; \??\C:\Windows\system32\drivers\vcnetjuh.sys [X] S1 wrijkzzv; \??\C:\Windows\system32\drivers\wrijkzzv.sys [X] S1 xivgvwbn; \??\C:\Windows\system32\drivers\xivgvwbn.sys [X] S1 yacabajr; \??\C:\Windows\system32\drivers\yacabajr.sys [X] S1 zbfgcayp; \??\C:\Windows\system32\drivers\zbfgcayp.sys [X]
*****************
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S1 ebdyyzoi; \??\C:\Windows\system32\drivers\ebdyyzoi.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S1 fqnirfvl; \??\C:\Windows\system32\drivers\fqnirfvl.sys [X] S1 gfjkjpfk; \??\C:\Windows\system32\drivers\gfjkjpfk.sys [X] S1 gkxbvqyo; \??\C:\Windows\system32\drivers\gkxbvqyo.sys [X] S1 hyptngcc; \??\C:\Windows\system32\drivers\hyptngcc.sys [X] S1 jwucfrnp; \??\C:\Windows\system32\drivers\jwucfrnp.sys [X] S1 qmsfutqv; \??\C:\Windows\system32\drivers\qmsfutqv.sys [X] S1 tbrbiaza; \??\C:\Windows\system32\drivers\tbrbiaza.sys [X] S1 tkhaqghs; \??\C:\Windows\system32\drivers\tkhaqghs.sys [X] S1 toirfogb; \??\C:\Windows\system32\drivers\toirfogb.sys [X] S1 ufuiaexx; \??\C:\Windows\system32\drivers\ufuiaexx.sys [X] S1 vcnetjuh; \??\C:\Windows\system32\drivers\vcnetjuh.sys [X] S1 wrijkzzv; \??\C:\Windows\system32\drivers\wrijkzzv.sys [X] S1 xivgvwbn; \??\C:\Windows\system32\drivers\xivgvwbn.sys [X] S1 yacabajr; \??\C:\Windows\system32\drivers\yacabajr.sys [X] S1 zbfgcayp; \??\C:\Windows\system32\drivers\zbfgcayp.sys not found.
==== End of Fixlog ====
Dateiname: explorer.exe Erkennungsrate: 0 / 52 das ich soll nicht heißen sry |
|
13.10.2014, 13:10
| #14 |
| /// the machine /// TB-Ausbilder | tr/agent.83648 und andere wie TR/Crypt gefunden Wäre schön wenn Du den Fix auch komplett machen würdest.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.10.2014, 21:55
| #15 |
| | tr/agent.83648 und andere wie TR/Crypt gefundenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by Tim at 2014-10-13 22:54:52 Run:2
Running from C:\Users\Tim\Desktop
Loaded Profile: Tim (Available profiles: Tim)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\snt@dotlabs.co.xpi [Not Found]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\om@offermosquito.com.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 ebdyyzoi; \??\C:\Windows\system32\drivers\ebdyyzoi.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 fqnirfvl; \??\C:\Windows\system32\drivers\fqnirfvl.sys [X]
S1 gfjkjpfk; \??\C:\Windows\system32\drivers\gfjkjpfk.sys [X]
S1 gkxbvqyo; \??\C:\Windows\system32\drivers\gkxbvqyo.sys [X]
S1 hyptngcc; \??\C:\Windows\system32\drivers\hyptngcc.sys [X]
S1 jwucfrnp; \??\C:\Windows\system32\drivers\jwucfrnp.sys [X]
S1 qmsfutqv; \??\C:\Windows\system32\drivers\qmsfutqv.sys [X]
S1 tbrbiaza; \??\C:\Windows\system32\drivers\tbrbiaza.sys [X]
S1 tkhaqghs; \??\C:\Windows\system32\drivers\tkhaqghs.sys [X]
S1 toirfogb; \??\C:\Windows\system32\drivers\toirfogb.sys [X]
S1 ufuiaexx; \??\C:\Windows\system32\drivers\ufuiaexx.sys [X]
S1 vcnetjuh; \??\C:\Windows\system32\drivers\vcnetjuh.sys [X]
S1 wrijkzzv; \??\C:\Windows\system32\drivers\wrijkzzv.sys [X]
S1 xivgvwbn; \??\C:\Windows\system32\drivers\xivgvwbn.sys [X]
S1 yacabajr; \??\C:\Windows\system32\drivers\yacabajr.sys [X]
S1 zbfgcayp; \??\C:\Windows\system32\drivers\zbfgcayp.sys [X]
*****************
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\abb@amazon.com not found.
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} not found.
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\snt@dotlabs.co.xpi not found.
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l1k9i5ge.default\extensions\om@offermosquito.com.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
ebdyyzoi => Service deleted successfully.
esgiguard => Service deleted successfully.
fqnirfvl => Service deleted successfully.
gfjkjpfk => Service deleted successfully.
gkxbvqyo => Service deleted successfully.
hyptngcc => Service deleted successfully.
jwucfrnp => Service deleted successfully.
qmsfutqv => Service deleted successfully.
tbrbiaza => Service deleted successfully.
tkhaqghs => Service deleted successfully.
toirfogb => Service deleted successfully.
ufuiaexx => Service deleted successfully.
vcnetjuh => Service deleted successfully.
wrijkzzv => Service deleted successfully.
xivgvwbn => Service deleted successfully.
yacabajr => Service deleted successfully.
zbfgcayp => Service deleted successfully.
==== End of Fixlog ====
|
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
