|
Plagegeister aller Art und deren Bekämpfung: Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige MarkierungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.12.2014, 19:43 | #1 |
| Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung Guten Abend, ich habe mich gerade angemeldet und habe so wie viele andere das gleiche Problem, dass seit geraumer Zeit Werbebanner sich ungewollt öffnen und Wörte in Texten unterstrichen sind. Ich verwende Firefox 34.0. Habe ADblockplus installiert. Um nicht untätig zu sein habe ich mit ADWcleaner, Malware und dieversen anderen Programmen versucht das Problem zu beheben, aber leider ohne Erfolg. Nun bin ich an dem Punkt angelangt und weiß nicht mehr weiter und erhoffe mir durch Eure Unterstützung den "Mist" los zu werden. Gruß Oliver-T |
09.12.2014, 19:50 | #2 |
/// the machine /// TB-Ausbilder | Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
10.12.2014, 14:17 | #3 |
| Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014 Ran by Broken Cue (ATTENTION: The logged in user is not administrator) on USER-PC on 09-12-2014 20:00:08 Running from C:\Users\Broken Cue\Desktop Loaded Profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\faktura + auftrag\2014\Pcfk32.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-10] (VIA) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\RunOnce: [Adobe Speed Launcher] => 1418145287 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1388768884-318842917-2379483617-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKU\S-1-5-21-1388768884-318842917-2379483617-1010\Software\Microsoft\Internet Explorer\Main,Local Page = URLSearchHook: [S-1-5-21-1388768884-318842917-2379483617-1003] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-21-1388768884-318842917-2379483617-1004] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-21-1388768884-318842917-2379483617-1010] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-21-1388768884-318842917-2379483617-501] ATTENTION ==> Default URLSearchHook is missing. StartMenuInternet: IEXPLORE.EXE - iexplore.exe BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Broken Cue\AppData\Roaming\Mozilla\Firefox\Profiles\b2lbixkj.default-1413314260914 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\Broken Cue\AppData\Roaming\Mozilla\Firefox\Profiles\b2lbixkj.default-1413314260914\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-09] FF HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Profile: C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20] CHR Extension: (Google Drive) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20] CHR Extension: (YouTube) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20] CHR Extension: (Google Search) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20] CHR Extension: (Google Wallet) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20] CHR Extension: (Gmail) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20] CHR StartMenuInternet: Google Chrome - Chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed] R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [File not signed] R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-09] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [285208 2014-12-09] (Trend Micro Inc.) R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG) R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [106456 2014-12-06] (Corsica) S3 cpuz134; \??\C:\Users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-09 20:00 - 2014-12-09 20:00 - 00012396 _____ () C:\Users\Broken Cue\Desktop\FRST.txt 2014-12-09 19:58 - 2014-12-09 19:59 - 02119680 _____ (Farbar) C:\Users\Broken Cue\Desktop\FRST64.exe 2014-12-09 18:22 - 2014-12-09 18:22 - 14107296 _____ (Microsoft Corporation) C:\Users\Broken Cue\Downloads\mseinstall.exe 2014-12-09 18:04 - 2014-12-09 18:04 - 00978153 _____ () C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip 2014-12-09 18:04 - 2014-12-09 18:04 - 00000334 _____ () C:\Users\Oliver\Downloads\Result.txt 2014-12-09 17:46 - 2014-12-09 18:04 - 00000000 ____D () C:\Users\Oliver\Downloads\TrendMicro AntiThreat Toolkit 2014-12-09 17:46 - 2014-12-09 17:46 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2014-12-09 08:36 - 2014-12-09 08:36 - 00000022 _____ () C:\Windows\S.dirmngr 2014-12-08 21:25 - 2014-12-08 21:25 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-08 20:13 - 2014-12-08 20:13 - 00638888 _____ (Oracle Corporation) C:\Users\Oliver\Downloads\jxpiinstall(1).exe 2014-12-08 18:55 - 2014-12-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-08 18:50 - 2014-12-08 18:53 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Nico Mak Computing 2014-12-07 21:33 - 2014-12-09 08:50 - 00000385 _____ () C:\AdwCleanerDebug.txt 2014-12-07 21:32 - 2014-12-07 21:33 - 02153472 _____ () C:\Users\Oliver\Downloads\adwcleaner_4.104.exe 2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\SUPERDelete 2014-12-07 16:52 - 2014-12-07 16:52 - 20630616 _____ (SUPERAntiSpyware) C:\Users\Oliver\Downloads\SUPERAntiSpyware.exe 2014-12-07 16:45 - 2014-12-07 16:46 - 00000000 ____D () C:\ProgramData\Kromtech 2014-12-07 16:45 - 2014-12-07 16:45 - 01148048 _____ (Kromtech) C:\Users\Oliver\Downloads\PCKeeper Installer.exe 2014-12-07 14:02 - 2014-12-07 14:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Admin_OT\AppData\Roaming\Google 2014-12-06 19:08 - 2014-12-09 19:08 - 00001356 _____ () C:\Windows\Tasks\QAKOG.job 2014-12-06 19:07 - 2014-12-09 19:07 - 00001706 _____ () C:\Windows\Tasks\LSHLRGPF.job 2014-12-06 19:07 - 2014-12-07 17:16 - 00000000 ____D () C:\Program Files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028 2014-12-06 19:05 - 2014-12-06 19:05 - 00002169 _____ () C:\Windows\patsearch.bin 2014-12-06 19:05 - 2014-12-06 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf 2014-12-06 19:05 - 2014-12-06 19:04 - 00106456 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys 2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer 2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer 2014-11-26 22:39 - 2014-11-26 22:39 - 00000353 _____ () C:\Users\Oliver\AppData\Roaming\dpdhl.versandhelfer_state.xml 2014-11-23 03:00 - 2014-11-23 03:03 - 927325765 _____ () C:\Users\Oliver\Downloads\Bilder-Gesamt BANDITO - SPORT - KATALOG 2013-2014-300dpi-RGB (alle Bilder in einer ZIP-DATEI).zip 2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-12 18:19 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 18:19 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 18:19 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 18:19 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 18:19 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 18:19 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 18:19 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 18:19 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 18:19 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 18:19 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 18:19 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 18:19 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 18:19 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 18:19 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 18:19 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 18:19 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 18:19 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 18:19 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 18:19 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 18:19 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 18:19 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 18:19 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 18:19 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 18:19 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 18:19 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 18:19 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 18:19 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 18:19 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 18:19 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 18:19 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 18:19 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 18:19 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 18:19 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 18:19 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 18:19 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 18:19 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 18:19 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 18:19 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 18:19 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 18:19 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 18:19 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 18:19 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 18:19 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 18:19 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 18:19 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 18:19 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 18:19 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 18:19 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 18:19 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 18:19 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 18:19 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 18:19 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 18:19 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 18:19 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 18:19 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 18:19 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 18:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 18:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 18:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 18:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 18:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 18:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 18:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 18:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 18:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 18:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 18:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 18:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 18:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 18:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 18:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 18:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 18:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 18:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 18:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-12 18:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 18:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 18:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 18:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 18:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 18:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 18:16 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 18:16 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 18:16 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-09 20:00 - 2014-07-31 20:03 - 00000000 ____D () C:\FRST 2014-12-09 19:41 - 2014-01-24 19:11 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\gnupg 2014-12-09 19:10 - 2013-03-23 01:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-09 18:22 - 2013-05-18 18:18 - 00002198 _____ () C:\Windows\epplauncher.mif 2014-12-09 18:18 - 2013-02-10 00:30 - 00000000 ____D () C:\ProgramData\Lexware 2014-12-09 17:44 - 2013-02-10 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-09 17:43 - 2013-02-07 22:34 - 02034485 _____ () C:\Windows\WindowsUpdate.log 2014-12-09 08:51 - 2014-05-11 17:28 - 00000000 ____D () C:\AdwCleaner 2014-12-09 08:44 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-09 08:44 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-09 08:38 - 2014-05-11 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-09 08:36 - 2013-02-07 22:53 - 00848894 _____ () C:\Windows\PFRO.log 2014-12-09 08:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-09 08:36 - 2009-07-14 05:51 - 00045249 _____ () C:\Windows\setupact.log 2014-12-09 08:32 - 2014-07-31 20:04 - 00024932 _____ () C:\Users\Oliver\Downloads\Addition.txt 2014-12-09 08:32 - 2014-07-31 20:03 - 00038741 _____ () C:\Users\Oliver\Downloads\FRST.txt 2014-12-09 07:58 - 2014-08-24 14:34 - 00000000 ____D () C:\Program Files\Google 2014-12-09 07:58 - 2013-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Google 2014-12-08 20:29 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-08 20:14 - 2014-08-07 16:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-08 20:14 - 2014-08-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Java 2014-12-08 20:14 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-08 19:04 - 2013-11-24 00:12 - 00000000 ____D () C:\Users\Gast1 2014-12-08 18:54 - 2014-05-11 17:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-08 17:47 - 2014-08-24 14:33 - 00000000 ____D () C:\ProgramData\Google 2014-12-07 22:04 - 2014-09-07 18:36 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Google 2014-12-07 21:35 - 2014-05-10 21:56 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-07 16:38 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-07 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors 2014-12-07 00:36 - 2014-05-11 17:36 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-07 00:36 - 2014-05-11 17:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-26 22:40 - 2013-06-20 15:14 - 00000921 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk 2014-11-26 22:10 - 2013-02-08 22:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2013-02-08 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-21 06:14 - 2014-05-11 17:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-05-11 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-18 20:51 - 2013-07-26 12:30 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\CoreFTP 2014-11-18 18:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-18 18:23 - 2013-07-04 22:18 - 00000000 ____D () C:\Users\Admin_OT 2014-11-16 13:13 - 2013-05-20 13:00 - 00319064 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 03:15 - 2013-02-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-16 03:09 - 2013-08-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-16 03:03 - 2013-03-22 00:41 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-16 03:00 - 2014-04-15 16:54 - 00000000 ____D () C:\Users\Broken Cue\AppData\Roaming\gnupg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014 Ran by Broken Cue at 2014-12-09 20:00:46 Running from C:\Users\Broken Cue\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1&1 Office-Drive Manager (HKLM-x32\...\1&1 Office-Drive Manager) (Version: 2.0.687 - 1&1 Internet AG) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP) ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Core FTP LE (HKLM-x32\...\CoreFTP) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Free Audio CD Burner version 2.0.27.605 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.27.605 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.16.1030 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.16.1030 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.2.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.) Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Lexware faktura+auftrag 2014 (HKLM-x32\...\{4d54c3b8-5e73-4f9e-a810-07fc42ddb356}) (Version: 18.0.0.78 - Haufe-Lexware GmbH & Co.KG) Lexware faktura+auftrag 2014 (x32 Version: 18.51.00.0174 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Info Service (x32 Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (x32 Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG) LisNord (HKLM-x32\...\{23FD98D9-0896-4DAD-9751-CA1F4D5B2AED}) (Version: 1.2 - Norditalia Ricambi srl) Macromedia Dreamweaver 8 (HKLM-x32\...\{44025BD7-AD10-4769-99AE-6378FD0303D6}) (Version: 8.0.0.2751 - Macromedia) Macromedia Extension Manager (HKLM-x32\...\{0F022A2E-7022-497D-90A5-0F46746D8275}) (Version: 1.7.270 - Ihr Firmenname) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visio Viewer 2013 (HKLM-x32\...\{95150000-0052-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger) Napster Rienf Repair (HKLM-x32\...\{7FF8A00B-5FA7-4BD4-A6B9-131CE0D1FC11}) (Version: 1.1.9 - NA) Outlook Backup Assistant 7 (Testversion) (HKLM-x32\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 7.0 - Priotecs IT GmbH) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version: - Tobit.Software) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek) TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer) (Version: 1.6 - Deutsche Post AG) Versandhelfer (x32 Version: 1.6 - Deutsche Post AG) Hidden VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - ) WinZip 17.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}) (Version: 17.0.10283 - WinZip Computing, S.L. ) WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{926CFE9C-5C0C-4F37-B1FF-02639EFF4EC8}) (Version: 21.00.8480 - Buhl Data Service GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? Task: C:\Windows\Tasks\LSHLRGPF.job => ? Task: C:\Windows\Tasks\QAKOG.job => ? ==================== Loaded Modules (whitelisted) ============= 2013-05-20 12:57 - 2011-12-06 16:58 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2013-05-20 12:57 - 2011-12-06 16:58 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1388768884-318842917-2379483617-500 - Administrator - Disabled) Admin_OT (S-1-5-21-1388768884-318842917-2379483617-1004 - Administrator - Enabled) => C:\Users\Admin_OT Broken Cue (S-1-5-21-1388768884-318842917-2379483617-1009 - Limited - Enabled) => C:\Users\Broken Cue Gast (S-1-5-21-1388768884-318842917-2379483617-501 - Limited - Disabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-1388768884-318842917-2379483617-1002 - Limited - Enabled) NiclasPascal (S-1-5-21-1388768884-318842917-2379483617-1010 - Limited - Enabled) => C:\Users\NiclasPascal Oliver (S-1-5-21-1388768884-318842917-2379483617-1003 - Administrator - Enabled) => C:\Users\Oliver ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/09/2014 05:43:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: User-PC) Description: Produkt: Adobe Reader XI (11.0.09) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 System errors: ============= Error: (12/09/2014 05:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AdobeARMservice erreicht. Error: (12/09/2014 05:41:01 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= Error: (09/17/2014 09:24:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 256202 seconds with 360 seconds of active time. This session ended with a crash. Error: (09/16/2014 08:09:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 194098 seconds with 2460 seconds of active time. This session ended with a crash. Error: (08/21/2014 08:14:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (06/20/2014 00:48:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (06/20/2014 00:47:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (06/20/2014 00:47:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/21/2014 07:21:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 251192 seconds with 960 seconds of active time. This session ended with a crash. Error: (05/10/2014 10:30:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 132045 seconds with 1560 seconds of active time. This session ended with a crash. Error: (02/26/2014 00:27:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 868566 seconds with 16020 seconds of active time. This session ended with a crash. Error: (11/27/2013 10:07:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-07-28 17:25:33.613 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-28 17:25:33.613 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-28 17:25:33.613 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-28 17:25:33.603 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G640 @ 2.80GHz Percentage of memory in use: 76% Total physical RAM: 3767.47 MB Available physical RAM: 885.82 MB Total Pagefile: 7533.13 MB Available Pagefile: 3964.77 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:400.27 GB) NTFS Drive f: (Externe Festplatte) (Fixed) (Total:233.76 GB) (Free:2.45 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ die Logfiles habe ich gepostet. Ich hoffe, dass ist so richtig. Gruß Oliver-T |
11.12.2014, 09:25 | #4 |
/// the machine /// TB-Ausbilder | Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung Unsere Tools brauchen immer Adminrechte. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.12.2014, 17:44 | #5 |
| Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung Hallo, hier nun die ComboFix Log-Datei. Code:
ATTFilter ComboFix 14-12-10.03 - Admin_OT 11.12.2014 17:33:14.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3767.2261 [GMT 1:00] ausgeführt von:: c:\users\Admin_OT\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1&1 c:\programdata\1&1\1&1 Office-Drive Manager\ULMSettings.xml c:\users\Admin_OT\AppData\Local\Adobe\ChromeInstaller.exe c:\users\Admin_OT\AppData\Local\Adobe\gccheck.exe c:\users\Admin_OT\AppData\Local\Adobe\GTB.exe c:\users\Admin_OT\AppData\Local\Adobe\gtbcheck.exe c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\preferences c:\users\Admin_OT\AppData\Local\nsqD036.tmp c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\Broken Cue\AppData\Local\assembly\tmp c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\background.html c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\chromeCoreFilesIndex.txt c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\crossriderManifest.json c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\manifest.xml c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins.json c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\1.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\102.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\104.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\123.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\13.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\14.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\155.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\17.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\177.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\182.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\183.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\184.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\19.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\195.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\207.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\21.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\22.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\220.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\223.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\226.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\246.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\263.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\267.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\28.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\4.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\47.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\64.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\7.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\72.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\78.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\80.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\9.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\93.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\97.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\background.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\extension.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\actions\1.png c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon128.png c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon16.png c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon48.png c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\chrome.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\cookie.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\message.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\monitor.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageAction.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageActionBG.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\background.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\app_api.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\bg_app_api.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\consts.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\cookie_store.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\crossriderAPI.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\delegate.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\events.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\extensionDataStore.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\installer.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logFile.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logging.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\onBGDocumentLoad.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\newPopup.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\popup.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\reports.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\storageWrapper.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\updateManager.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\util.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\xhr.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\main.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\platformVersion.js c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\manifest.json c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\popup.html c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences c:\users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\preferences c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\background.html c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\chromeCoreFilesIndex.txt c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\crossriderManifest.json c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\manifest.xml c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins.json c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\1.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\102.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\104.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\123.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\13.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\14.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\155.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\17.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\177.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\182.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\183.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\184.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\19.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\195.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\207.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\21.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\22.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\220.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\223.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\226.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\246.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\263.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\267.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\28.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\4.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\47.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\64.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\7.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\72.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\78.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\80.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\9.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\93.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\97.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\background.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\extension.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\actions\1.png c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon128.png c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon16.png c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon48.png c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\chrome.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\cookie.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\message.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\monitor.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageAction.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageActionBG.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\background.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\app_api.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\bg_app_api.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\consts.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\cookie_store.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\crossriderAPI.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\delegate.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\events.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\extensionDataStore.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\installer.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logFile.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logging.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\onBGDocumentLoad.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\newPopup.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\popup.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\reports.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\storageWrapper.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\updateManager.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\util.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\xhr.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\main.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\platformVersion.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\manifest.json c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\popup.html c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\NiclasPascal\AppData\Local\Google\Chrome\User Data\Default\preferences c:\users\Oliver\AppData\Local\assembly\tmp c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\background.html c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\chromeCoreFilesIndex.txt c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\crossriderManifest.json c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\manifest.xml c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins.json c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\1.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\102.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\104.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\123.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\13.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\14.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\155.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\17.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\177.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\182.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\183.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\184.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\19.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\195.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\207.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\21.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\22.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\220.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\223.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\226.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\246.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\263.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\267.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\28.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\4.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\47.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\64.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\7.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\72.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\78.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\80.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\9.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\93.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\97.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\background.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\extension.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\actions\1.png c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon128.png c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon16.png c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon48.png c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\chrome.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\cookie.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\message.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\monitor.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageAction.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageActionBG.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\background.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\app_api.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\bg_app_api.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\consts.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\cookie_store.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\crossriderAPI.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\delegate.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\events.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\extensionDataStore.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\installer.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logFile.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logging.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\onBGDocumentLoad.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\newPopup.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\popup.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\reports.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\storageWrapper.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\updateManager.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\util.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\xhr.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\main.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\platformVersion.js c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\manifest.json c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\popup.html c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences c:\users\Oliver\AppData\Local\Google\Chrome\User Data\Default\preferences . . ((((((((((((((((((((((( Dateien erstellt von 2014-11-11 bis 2014-12-11 )))))))))))))))))))))))))))))) . . 2014-12-11 16:39 . 2014-12-11 16:39 -------- d-----w- c:\users\OliverT\AppData\Local\temp 2014-12-11 16:39 . 2014-12-11 16:39 -------- d-----w- c:\users\Oliver\AppData\Local\temp 2014-12-11 15:50 . 2014-12-11 15:50 79064 ----a-w- c:\windows\system32\drivers\mifcmjj.sys 2014-12-10 21:31 . 2014-12-10 21:31 -------- d-sh--w- c:\users\NiclasPascal\AppData\Local\EmieBrowserModeList 2014-12-10 21:30 . 2014-12-10 21:30 -------- d-----w- c:\users\NiclasPascal\AppData\Roaming\Lexware 2014-12-10 21:30 . 2014-12-10 21:30 -------- d-----w- c:\users\NiclasPascal\AppData\Local\Lexware 2014-12-10 21:03 . 2014-09-16 18:58 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7DC52B3-6B04-4117-95C4-F6E82DABC105}\gapaengine.dll 2014-12-10 21:01 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB457E00-DC40-46E6-9D4C-C2F7C15AEBFE}\mpengine.dll 2014-12-09 16:46 . 2014-12-09 16:46 285208 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2014-12-08 20:25 . 2014-12-08 20:25 -------- d-----w- c:\program files (x86)\ESET 2014-12-08 19:15 . 2014-12-08 19:15 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-12-08 17:55 . 2014-12-08 18:41 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-12-08 17:50 . 2014-12-08 17:53 -------- d-----w- c:\users\Oliver\AppData\Roaming\Nico Mak Computing 2014-12-08 16:36 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-12-07 21:03 . 2014-12-07 21:03 -------- d-sh--w- c:\users\Oliver\AppData\Local\EmieBrowserModeList 2014-12-07 15:55 . 2014-12-07 15:55 -------- d-----w- C:\SUPERDelete 2014-12-07 15:46 . 2014-12-07 15:46 -------- d-----w- c:\users\Oliver\AppData\Local\Kromtech 2014-12-07 15:45 . 2014-12-07 15:46 -------- d-----w- c:\programdata\Kromtech 2014-12-06 18:09 . 2014-12-06 18:09 -------- d-sh--w- c:\users\Admin_OT\AppData\Local\EmieBrowserModeList 2014-12-06 18:07 . 2014-12-07 16:16 -------- d-----w- c:\program files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028 2014-12-06 18:05 . 2014-12-06 18:05 2169 ----a-w- c:\windows\patsearch.bin 2014-11-26 21:40 . 2014-11-26 21:40 -------- d-----w- c:\program files (x86)\Versandhelfer 2014-11-19 15:30 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-19 15:30 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-19 15:30 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-19 15:30 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-12 17:17 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2014-11-12 17:16 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys 2014-11-12 17:16 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll 2014-11-12 17:16 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-12-10 21:39 . 2014-05-11 16:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-12-10 21:11 . 2014-12-10 21:11 1768604 ----a-w- C:\USER-PC_2014.12.10-2159.58_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip 2014-12-10 20:56 . 2014-12-10 20:56 1751655 ----a-w- C:\USER-PC_2014.12.10-2145.15_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip 2014-12-09 17:04 . 2014-12-09 17:04 978153 ----a-w- C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip 2014-12-08 19:14 . 2014-08-07 15:52 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-12-08 17:54 . 2014-05-11 16:36 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-26 21:10 . 2013-02-08 21:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-11-26 21:10 . 2013-02-08 21:38 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-11-21 05:14 . 2014-05-11 16:36 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-21 05:14 . 2014-05-11 16:36 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-16 02:03 . 2013-03-21 23:41 103374192 ----a-w- c:\windows\system32\MRT.exe 2014-10-30 11:25 . 2013-02-08 21:43 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-09-16 18:58 . 2013-05-22 06:11 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] @="{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}" [HKEY_CLASSES_ROOT\CLSID\{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] 2012-09-24 15:47 868352 ----a-w- c:\program files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-07-19 133440] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-10 5015040] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128] "LexwareInfoService"="c:\program files (x86)\Lexware\Update Manager\LxUpdateManager.exe" [2013-10-08 208424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] " Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" [2014-11-21 54072] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2014-9-12 1427736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R3 cpuz134;cpuz134;c:\users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S1 ui11drdr;ui11drdr;c:\windows\system32\DRIVERS\ui11drdr.sys;c:\windows\SYSNATIVE\DRIVERS\ui11drdr.sys [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 Lexware_Update_Service;Lexware Update Service;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MBAMSWISSARMY *Deregistered* - tmcomm . Inhalt des "geplante Tasks" Ordners . 2014-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 21:10] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] @="{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}" [HKEY_CLASSES_ROOT\CLSID\{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] 2012-09-24 15:48 944128 ----a-w- c:\program files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-07 398656] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = www.google.com mDefault_Search_URL = www.google.com mDefault_Page_URL = www.google.com mStart Page = www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = www.google.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Admin_OT\AppData\Roaming\Mozilla\Firefox\Profiles\6eovspcd.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-10 - (no file) Wow6432Node-HKCU-Run-genesis_08301302 - c:\users\admin_ot\appdata\local\genesis_08301302\genesis_08301302.exe Wow6432Node-HKCU-Run-PCKeeper2 - c:\program files\Kromtech\PCKeeper\PCKeeper.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-10 - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-DesktopDock - c:\program files (x86)\Desktop Dock\DesktopDockappuninstall.exe AddRemove-genesis_08301302 - c:\users\admin_ot\appdata\local\genesis_08301302\genesis_08301302.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-12-11 17:41:02 ComboFix-quarantined-files.txt 2014-12-11 16:41 . Vor Suchlauf: 12 Verzeichnis(se), 433.701.474.304 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 433.310.285.824 Bytes frei . - - End Of File - - 7865619A8125C01BE756FAF660B5A81A A36C5E4F47E84449FF07ED3517B43A31 Gruß Oliver-T |
12.12.2014, 17:05 | #6 |
/// the machine /// TB-Ausbilder | Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung |
12.12.2014, 19:56 | #7 |
| Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung Hallo, dannn fangen wir mal an. Hier die MBAM.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.12.2014 Suchlauf-Zeit: 18:46:53 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.12.05 Rootkit Datenbank: v2014.12.08.03 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Oliver Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 692952 Verstrichene Zeit: 31 Min, 43 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 12/12/2014 um 19:41:39 # Aktualisiert 08/12/2014 von Xplode # Database : 2014-12-08.2 [Local] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Oliver - USER-PC # Gestartet von : C:\Users\Oliver\Desktop\adwcleaner_4.105.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Oliver\Documents\Updater ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Nico Mak Computing ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v34.0.5 (x86 de) -\\ Google Chrome v -\\ Comodo Dragon v ************************* AdwCleaner[R19].txt - [3029 octets] - [07/12/2014 21:48:51] AdwCleaner[R20].txt - [3821 octets] - [08/12/2014 17:15:43] AdwCleaner[R21].txt - [3199 octets] - [08/12/2014 18:11:30] AdwCleaner[R22].txt - [1077 octets] - [09/12/2014 07:54:33] AdwCleaner[R23].txt - [2362 octets] - [09/12/2014 07:56:33] AdwCleaner[R24].txt - [2562 octets] - [09/12/2014 08:34:44] AdwCleaner[R25].txt - [1386 octets] - [09/12/2014 08:50:23] AdwCleaner[R26].txt - [1771 octets] - [10/12/2014 22:15:50] AdwCleaner[R27].txt - [1570 octets] - [10/12/2014 22:28:05] AdwCleaner[R28].txt - [1797 octets] - [12/12/2014 19:39:35] AdwCleaner[S17].txt - [3883 octets] - [08/12/2014 17:17:47] AdwCleaner[S18].txt - [2974 octets] - [09/12/2014 07:57:47] AdwCleaner[S19].txt - [2624 octets] - [09/12/2014 08:35:44] AdwCleaner[S20].txt - [1772 octets] - [10/12/2014 22:17:44] AdwCleaner[S21].txt - [1656 octets] - [12/12/2014 19:41:39] ########## EOF - C:\AdwCleaner\AdwCleaner[S21].txt - [1717 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Home Premium x64 Ran by Oliver on 12.12.2014 at 19:46:27,57 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\jhlrbz5d.default-1418246659869\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12.12.2014 at 19:49:07,62 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02 Ran by Oliver (administrator) on USER-PC on 12-12-2014 19:53:33 Running from C:\Users\Oliver\Desktop Loaded Profile: Oliver (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Oliver\Desktop\FRST64(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-10] (VIA) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1388768884-318842917-2379483617-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\jhlrbz5d.default-1418246659869 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10] CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-05] CHR StartMenuInternet: Google Chrome - Chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed] R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 19:49 - 2014-12-12 19:49 - 00000772 _____ () C:\Users\Oliver\Desktop\JRT.txt 2014-12-12 19:45 - 2014-12-12 19:45 - 00001202 _____ () C:\mbam.txt 2014-12-11 23:30 - 2014-12-12 19:42 - 00000022 _____ () C:\Windows\S.dirmngr 2014-12-11 23:09 - 2014-12-11 23:09 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps 2014-12-11 17:41 - 2014-12-11 17:41 - 00099544 _____ () C:\ComboFix.txt 2014-12-11 17:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-11 17:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-11 17:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-11 16:54 - 2014-12-11 17:41 - 00000000 ____D () C:\Qoobox 2014-12-11 16:54 - 2014-12-11 17:39 - 00000000 ____D () C:\Windows\erdnt 2014-12-11 16:52 - 2014-12-11 16:52 - 05600944 ____R (Swearware) C:\Users\Admin_OT\Desktop\ComboFix.exe 2014-12-10 22:33 - 2014-12-10 22:33 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-10 22:31 - 2014-12-10 22:31 - 00000000 __SHD () C:\Users\NiclasPascal\AppData\Local\EmieBrowserModeList 2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\Lexware 2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Local\Lexware 2014-12-10 22:27 - 2014-12-10 22:27 - 02166272 _____ () C:\Users\Broken Cue\Downloads\adwcleaner_4.105.exe 2014-12-10 22:24 - 2014-12-10 22:24 - 00000000 ____D () C:\Users\Oliver\Desktop\Alte Firefox-Daten 2014-12-10 22:15 - 2014-12-10 22:15 - 02166272 _____ () C:\Users\Oliver\Desktop\adwcleaner_4.105.exe 2014-12-10 22:11 - 2014-12-10 22:11 - 01768604 _____ () C:\USER-PC_2014.12.10-2159.58_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip 2014-12-10 21:59 - 2014-12-10 22:11 - 00000000 ____D () C:\Users\Oliver\Desktop\TrendMicro AntiThreat Toolkit 2014-12-10 21:56 - 2014-12-10 21:56 - 01751655 _____ () C:\USER-PC_2014.12.10-2145.15_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip 2014-12-10 21:43 - 2014-12-10 21:44 - 05155400 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_collector_cli_x64.exe 2014-12-09 20:00 - 2014-12-09 20:11 - 00032377 _____ () C:\Users\Broken Cue\Desktop\FRST.txt 2014-12-09 20:00 - 2014-12-09 20:00 - 00019050 _____ () C:\Users\Broken Cue\Desktop\Addition.txt 2014-12-09 19:58 - 2014-12-09 19:59 - 02119680 _____ (Farbar) C:\Users\Broken Cue\Desktop\FRST64.exe 2014-12-09 18:22 - 2014-12-09 18:22 - 14107296 _____ (Microsoft Corporation) C:\Users\Broken Cue\Downloads\mseinstall.exe 2014-12-09 18:04 - 2014-12-09 18:04 - 00978153 _____ () C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip 2014-12-09 18:04 - 2014-12-09 18:04 - 00000334 _____ () C:\Users\Oliver\Downloads\Result.txt 2014-12-09 18:02 - 2014-12-09 18:02 - 00000330 _____ () C:\Users\Oliver\Desktop\Result.txt 2014-12-09 18:00 - 2014-12-09 18:01 - 09208192 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_far_gui_x64.exe 2014-12-09 17:46 - 2014-12-09 18:04 - 00000000 ____D () C:\Users\Oliver\Downloads\TrendMicro AntiThreat Toolkit 2014-12-09 17:46 - 2014-12-09 17:46 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2014-12-09 17:46 - 2014-12-09 17:46 - 00000036 _____ () C:\Users\Oliver\AppData\Local\housecall.guid.cache 2014-12-09 17:44 - 2014-12-09 17:45 - 25820464 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_ScanCleanOnline_gui_x64.exe 2014-12-09 08:57 - 2014-12-09 08:57 - 00000628 _____ () C:\Users\Admin_OT\Desktop\JRT.txt 2014-12-09 07:53 - 2014-12-09 07:53 - 00048162 _____ () C:\Users\Oliver\Desktop\ESET-Scanner.txt 2014-12-08 21:25 - 2014-12-08 21:25 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-08 20:35 - 2014-12-12 19:53 - 00010803 _____ () C:\Users\Oliver\Desktop\FRST.txt 2014-12-08 20:35 - 2014-12-08 20:36 - 00024059 _____ () C:\Users\Oliver\Desktop\Addition.txt 2014-12-08 20:13 - 2014-12-08 20:13 - 00638888 _____ (Oracle Corporation) C:\Users\Oliver\Downloads\jxpiinstall(1).exe 2014-12-08 19:59 - 2014-12-08 20:00 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe 2014-12-08 19:56 - 2014-12-08 19:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-08 19:54 - 2014-12-08 19:54 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe 2014-12-08 19:51 - 2014-12-08 19:52 - 01707646 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT(1).exe 2014-12-08 19:50 - 2014-12-08 19:50 - 02119680 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64(1).exe 2014-12-08 18:55 - 2014-12-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-08 18:54 - 2014-12-08 19:41 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar 2014-12-08 18:53 - 2014-12-08 18:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Oliver\Desktop\mbar-1.08.2.1001.exe 2014-12-08 18:50 - 2014-12-08 18:53 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Nico Mak Computing 2014-12-08 18:49 - 2014-12-08 18:49 - 00000000 ____D () C:\Users\Oliver\Desktop\wzmp_8 2014-12-08 18:19 - 2014-12-08 18:19 - 04917720 _____ (WinZip International LLC ) C:\Users\Oliver\Desktop\wzmp_8.exe 2014-12-07 22:03 - 2014-12-07 22:03 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieBrowserModeList 2014-12-07 21:33 - 2014-12-09 08:50 - 00000385 _____ () C:\AdwCleanerDebug.txt 2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\SUPERDelete 2014-12-07 16:52 - 2014-12-07 16:52 - 20630616 _____ (SUPERAntiSpyware) C:\Users\Oliver\Downloads\SUPERAntiSpyware.exe 2014-12-07 16:46 - 2014-12-07 16:46 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Kromtech 2014-12-07 16:45 - 2014-12-07 16:46 - 00000000 ____D () C:\ProgramData\Kromtech 2014-12-07 16:45 - 2014-12-07 16:45 - 01148048 _____ (Kromtech) C:\Users\Oliver\Downloads\PCKeeper Installer.exe 2014-12-07 14:02 - 2014-12-10 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Admin_OT\AppData\Roaming\Google 2014-12-06 19:09 - 2014-12-06 19:09 - 00000000 __SHD () C:\Users\Admin_OT\AppData\Local\EmieBrowserModeList 2014-12-06 19:07 - 2014-12-07 17:16 - 00000000 ____D () C:\Program Files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028 2014-12-06 19:05 - 2014-12-06 19:05 - 00002169 _____ () C:\Windows\patsearch.bin 2014-12-06 19:05 - 2014-12-06 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf 2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer 2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer 2014-11-26 22:39 - 2014-11-26 22:39 - 00000353 _____ () C:\Users\Oliver\AppData\Roaming\dpdhl.versandhelfer_state.xml 2014-11-23 03:00 - 2014-11-23 03:03 - 927325765 _____ () C:\Users\Oliver\Downloads\Bilder-Gesamt BANDITO - SPORT - KATALOG 2013-2014-300dpi-RGB (alle Bilder in einer ZIP-DATEI).zip 2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL 2014-11-12 18:19 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 18:19 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 18:19 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 18:19 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 18:19 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 18:19 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 18:19 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 18:19 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 18:19 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 18:19 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 18:19 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 18:19 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 18:19 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 18:19 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 18:19 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 18:19 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 18:19 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 18:19 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 18:19 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 18:19 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 18:19 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 18:19 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 18:19 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 18:19 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 18:19 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 18:19 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 18:19 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 18:19 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 18:19 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 18:19 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 18:19 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 18:19 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 18:19 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 18:19 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 18:19 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 18:19 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 18:19 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 18:19 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 18:19 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 18:19 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 18:19 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 18:19 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 18:19 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 18:19 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 18:19 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 18:19 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 18:19 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 18:19 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 18:19 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 18:19 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 18:19 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 18:19 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 18:19 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 18:19 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 18:19 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 18:19 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 18:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 18:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 18:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 18:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 18:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 18:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 18:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 18:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 18:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 18:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 18:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 18:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 18:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 18:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 18:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 18:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 18:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 18:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 18:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 18:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 18:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-12 18:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 18:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 18:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 18:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 18:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 18:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 18:16 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 18:16 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 18:16 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 19:53 - 2014-07-31 20:03 - 00000000 ____D () C:\FRST 2014-12-12 19:50 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-12 19:50 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-12 19:44 - 2014-05-11 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-12 19:42 - 2013-02-07 22:53 - 00850334 _____ () C:\Windows\PFRO.log 2014-12-12 19:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-12 19:42 - 2009-07-14 05:51 - 00045473 _____ () C:\Windows\setupact.log 2014-12-12 19:41 - 2014-05-11 17:28 - 00000000 ____D () C:\AdwCleaner 2014-12-12 19:41 - 2013-02-07 22:34 - 01513738 _____ () C:\Windows\WindowsUpdate.log 2014-12-12 19:12 - 2013-03-23 01:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-12 18:54 - 2014-01-24 19:11 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\gnupg 2014-12-11 17:51 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-11 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2014-12-11 17:50 - 2013-02-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 17:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-12-11 17:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-11 17:37 - 2014-04-15 10:12 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Adobe 2014-12-10 22:33 - 2014-05-10 21:56 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-10 22:30 - 2014-08-16 22:03 - 00000000 ____D () C:\Users\Broken Cue\Desktop\Alte Firefox-Daten 2014-12-09 18:22 - 2013-05-18 18:18 - 00002198 _____ () C:\Windows\epplauncher.mif 2014-12-09 18:18 - 2013-02-10 00:30 - 00000000 ____D () C:\ProgramData\Lexware 2014-12-09 17:44 - 2013-02-10 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-09 08:32 - 2014-07-31 20:04 - 00024932 _____ () C:\Users\Oliver\Downloads\Addition.txt 2014-12-09 08:32 - 2014-07-31 20:03 - 00038741 _____ () C:\Users\Oliver\Downloads\FRST.txt 2014-12-09 07:58 - 2014-08-24 14:34 - 00000000 ____D () C:\Program Files\Google 2014-12-09 07:58 - 2013-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Google 2014-12-09 07:57 - 2013-08-06 21:53 - 00001009 _____ () C:\Users\Admin_OT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-08 20:29 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-08 20:14 - 2014-08-07 16:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-08 20:14 - 2014-08-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Java 2014-12-08 20:14 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-08 19:04 - 2013-11-24 00:12 - 00000000 ____D () C:\Users\Gast1 2014-12-08 18:54 - 2014-05-11 17:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-08 17:47 - 2014-08-24 14:33 - 00000000 ____D () C:\ProgramData\Google 2014-12-08 17:47 - 2013-11-02 18:17 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Google 2014-12-07 22:04 - 2014-09-07 18:36 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Google 2014-12-07 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors 2014-12-07 00:36 - 2014-05-11 17:36 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-07 00:36 - 2014-05-11 17:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-06 19:10 - 2013-11-23 13:54 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Google 2014-12-06 19:08 - 2014-08-30 14:05 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\com 2014-11-26 22:40 - 2013-06-20 15:14 - 00000921 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk 2014-11-26 22:10 - 2013-03-23 01:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-26 22:10 - 2013-02-08 22:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2013-02-08 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-21 06:14 - 2014-05-11 17:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-05-11 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-18 20:51 - 2013-07-26 12:30 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\CoreFTP 2014-11-18 18:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-18 18:23 - 2013-07-04 22:18 - 00000000 ____D () C:\Users\Admin_OT 2014-11-16 13:13 - 2013-05-20 13:00 - 00319064 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 03:09 - 2013-08-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-16 03:03 - 2013-03-22 00:41 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-16 03:00 - 2014-04-15 16:54 - 00000000 ____D () C:\Users\Broken Cue\AppData\Roaming\gnupg Some content of TEMP: ==================== C:\Users\Oliver\AppData\Local\temp\Quarantine.exe C:\Users\Oliver\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 00:59 ==================== End Of Log ============================ --- --- --- --- --- --- Danke und Gruß Oliver-T |
13.12.2014, 17:06 | #8 |
/// the machine /// TB-Ausbilder | Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige MarkierungESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.12.2014, 22:42 | #9 |
| Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung ESET.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=216673ff8d3aa4489761df57b70010d1 # engine=21539 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-12-13 08:46:51 # local_time=2014-12-13 09:46:51 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 7806271 59816927 0 0 # scanned=196743 # found=289 # cleaned=0 # scan_time=6889 sh=FAD22902E5E04BBD7548327E2F3669F3C4398EBA ft=1 fh=dc410bb0cf0df48e vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat\utils.exe.vir" sh=C0CCC40BC759B407EAD343B0ED12894110984993 ft=1 fh=8ebe33363066074f vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll.vir" sh=D2144E71BF294132D1B7CC6492137C800C2C4FBF ft=1 fh=3d6507ec3da88c55 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll.vir" sh=86027C5A385E760601227D577CB3DC04FDF86070 ft=1 fh=0acb381ba3a86d74 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe.vir" sh=8C2A40A90B2CD1CAA9BFF7E01399E40ED1DE1A0F ft=1 fh=83d2feaca1f3367f vn="Variante von Win32/Toolbar.SearchSuite.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe.vir" sh=2DA4F830FEA8A2B651772FE0BB5A0F5174639EA1 ft=1 fh=86e1957bfb53b657 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\del_DM_DLL_nsiFDC0.dll.vir" sh=F1F86700107D394FA2F9D359D352F8B87418618D ft=1 fh=8dea19f4e1c9b63b vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\del_DM_LL_nsiFDC0.dll.vir" sh=65B406AF190B54B24F2D27945FC70C97C83357F8 ft=1 fh=d48040a09a2c0de9 vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\del_mg_nsiFDC0.dll.vir" sh=4A077D1F5225C3C471121A789B53284C54B9BF13 ft=1 fh=f83bed8e1453805f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Helper.dll.vir" sh=89FFEEDDB91905484BF4667EC05D67A5F4DF9AFC ft=1 fh=039b71e88beea6eb vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll.vir" sh=8704699BFA24190D5C53D29395398C6B45FB85E7 ft=1 fh=b7b4b5f1eb2b6829 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Internet Explorer Settings.exe.vir" sh=4EA1860F1F4553D0832DF02ED6D5A082FBB77227 ft=1 fh=c8b13d8079499b24 vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll.vir" sh=9B87DC35BD4A0EF3F773DB566C87B32F3DD725BB ft=1 fh=73cbf311b0224d02 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll.vir" sh=AD9634E690E8F790596D5E701A86FA1A094B01D7 ft=1 fh=0b7874b4927cc04f vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll.vir" sh=320458DEE246216A9BE6940D1F7FAB2F87D28FCD ft=1 fh=d569d2f13dc21f85 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\del_DM_LL_nsiFDC0.dll.vir" sh=9CE2AE46A53F9BFC856AC9B9563BCA5BAE2AC410 ft=1 fh=0e2dc8d81ead77a8 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll.vir" sh=23FA4B3CB839DF6BF7D255D46A68A7950342F018 ft=1 fh=0d13be051cd43283 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe.vir" sh=9D94858047468964D3ED7CB03C37595C75C42B04 ft=1 fh=53301a82afab3b33 vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll.vir" sh=3D6B73A46C07118B2E841D58314B34B55ED976C2 ft=1 fh=ef180aa54ca6a16d vn="Variante von Win32/SProtector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir" sh=3BCCF906A196D5100A6B78C73457B8C27C587058 ft=1 fh=8e6c2dd3375ae8f1 vn="Variante von Win32/SProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir" sh=30285CFB31450D66315EA5CFBF9C6AA8103D85FB ft=1 fh=4f8559a9423b21b3 vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll.vir" sh=0DAFA42039405F8D49A6790180194076BD57C833 ft=1 fh=c71c001147036410 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SNT\rB6.dll.vir" sh=61CB4B5228E6253863391EF3346C2F9920DBC554 ft=1 fh=c71c00112b13579c vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SNT\rB6.x64.dll.vir" sh=CF9209557CC4828F1A8536F5AF66358A81393A75 ft=1 fh=b354853738a44732 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicApp.dll.vir" sh=277966AAC8DD994109B77162DB82849EF1FC8D62 ft=1 fh=f7e7b232febc88cd vn="Variante von Win32/Toolbar.Montiera.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicEng.dll.vir" sh=431CA401E93A36C4FB726D12B16B4CC058A2C770 ft=1 fh=7cd1c9f2502352b3 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonicsrv.exe.vir" sh=09AD2A1BCD218E1EA91FC53F55CB6A61770E1144 ft=1 fh=0234086e10d7e544 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll.vir" sh=54002848ADA82AC181EAC551104FA02E8CBE4585 ft=1 fh=bfddd9982b578fa9 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\uninstall.exe.vir" sh=54CBEECF2F4AB81622D6708E8A849E3663853F4D ft=1 fh=a481e6d08e557a48 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll.vir" sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir" sh=524ED1264811258D64BA2BE8B48005C6D1935713 ft=1 fh=19b60c262a337e59 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir" sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir" sh=01C9B3D0E073B824021B29F1FD957A8643DF6931 ft=1 fh=9d9cb38b273b86fe vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir" sh=F34BB16FA7EEF85B106A7C3A3FDEEE95ECF18001 ft=1 fh=7bd5299d4d87abc5 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir" sh=FB15CD6ADCD9BDFBF68D5DF5EAEA02BF329F8D4F ft=1 fh=dfa2b1c2f56e7303 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir" sh=B733C40B96BCA6CC139230D0F7C4E51CEC12CF35 ft=1 fh=08ea3c71e6c55c1b vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir" sh=D6F9F256C03B81C01D6CFF28D2D966F59F786AC3 ft=1 fh=3a3e287aa52ff7e5 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir" sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=D09F832544B921CD7C61A7DB193F29EF6638AD88 ft=1 fh=58a116a27a6d5dbb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir" sh=C6E3F8034D197C34D61701AC146694B6DBEC36CD ft=1 fh=7f9fa2fc68c7b7f4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll.vir" sh=FC883B83DA2A9ED93AC2A4CEC9936268A6B264C2 ft=1 fh=80a06d85550fdea2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgArchive.dll.vir" sh=F3001B5F58A6C6AB8DD7E6E63CB89D20F74EF228 ft=1 fh=f50ea5fcbc656251 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommon.dll.vir" sh=2CF3C9FBCBEBAA6D75DE43CCC487D62954538F81 ft=1 fh=446d6a4df1e456fa vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll.vir" sh=60FCD298549E0383DFACBE66420DC922D6BAAF84 ft=1 fh=73f28a50980afe65 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgconfig.dll.vir" sh=531A5D492B39076AA7990DD76F41B762258B86A7 ft=1 fh=a45064434f491236 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll.vir" sh=AE57E26160449200540B1FD8E839F1BD5A30327A ft=1 fh=c29c62a52f555ace vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mghooking.dll.vir" sh=B6E78443D25AF8B978DC24D515DF7B2F673629CC ft=1 fh=ece232c764d65d89 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll.vir" sh=42B14A7D72C6EDAF5140A2C7B95149B92473853C ft=1 fh=6f2c94e91302d1a2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir" sh=B28C9BCA89A124EBD2EAAF5073370E7E0E87DB4E ft=1 fh=c56c5ff3b0e7703d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mglogger.dll.vir" sh=87FF2D9A36B50B5A7DF4D08F87B92BEA86D7DAB7 ft=1 fh=71dc135578fffed6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll.vir" sh=C86CF9524D11A2392A491EA15ED12D2CA890F249 ft=1 fh=ae21d71fff630a17 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll.vir" sh=055E7A147AB9DCB141FDF58A0D3CCD825AE8B361 ft=1 fh=ac8cec2f7886b930 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir" sh=73987118D6F1799B0B29DB00BF7248B20347BB46 ft=1 fh=d25a2527398bc729 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll.vir" sh=C786E62AB09C10B6277F3E9CFC34207FE56E1FFA ft=1 fh=6c27d70c5686a2b1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll.vir" sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll.vir" sh=093FB06E67DB8C5562A823E389853340405B8724 ft=1 fh=1b5e6676818f2ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll.vir" sh=A679EB39BB32DD88C09E150B0E5F7BAED12467A6 ft=1 fh=0ba701bbd4ac4b73 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll.vir" sh=9B45902B8B791A84EC6F7D1AD2E8099410D1A467 ft=1 fh=3191d44e293b78d5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir" sh=AE3254BDF03A347110068EF29CB15C7B554491F0 ft=1 fh=30381f993c8268c2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\SweetIM.exe.vir" sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir" sh=C6831E788B4644AE0DCDF1789375F03E4093B40B ft=1 fh=a421b64af9dc746c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir" sh=DC70060EA7FA69C5257BB203A6119AC70C3B7AF1 ft=1 fh=9f16fd1670e70b2d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir" sh=3CDC489B1C3FFC13FF36251CC0700FC1139162CF ft=1 fh=5217c8f320444881 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir" sh=DBBF5161FC045E081A067405FB664E4BBFA501E2 ft=1 fh=34cce9dbbc63a63f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir" sh=5F47592891B6E6B173D048D0549500E10BB59DAC ft=1 fh=80e755e9c1ac2530 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir" sh=2A3C9F2EC019E18F86C58B6FB93BF360F4741D2B ft=1 fh=f6b0e12c07608859 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir" sh=5A6AF07692A4E73F72AF0EC2FD7E2033C162B554 ft=1 fh=e5925887eea09ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir" sh=CBED6C3BC6165D2EC2D39BFE751DCDC7BAEFAEA4 ft=1 fh=f61f701680e5ab8e vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir" sh=4559152B91101CD5ABDEEEFF31C54DB43352613D ft=1 fh=0729c631acba2034 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir" sh=9236A60C410DE21A4ADCCD07F08EE7749B441909 ft=1 fh=68ff4b48c9f4a7c5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir" sh=0977698142F186068A7EA31D511C915EA4A652F7 ft=1 fh=33afa6b46a191757 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir" sh=0DAFA42039405F8D49A6790180194076BD57C833 ft=1 fh=c71c001147036410 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vauudiux\l5Jk.dll.vir" sh=61CB4B5228E6253863391EF3346C2F9920DBC554 ft=1 fh=c71c00112b13579c vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vauudiux\l5Jk.x64.dll.vir" sh=0DAFA42039405F8D49A6790180194076BD57C833 ft=1 fh=c71c001147036410 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\wD_jAmq.dll.vir" sh=61CB4B5228E6253863391EF3346C2F9920DBC554 ft=1 fh=c71c00112b13579c vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\wD_jAmq.x64.dll.vir" sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CCoupoNpEoAk\qVkzW.exe.vir" sh=A0D52DCF369EF5A26EDD02F381A30BC06D6159F1 ft=1 fh=c71c00110a80296a vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Fast And Safe\FastAndSafe_x64.dll.vir" sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir" sh=03386BF857DDE1D9BD64FAA427780C99A652DB31 ft=1 fh=c71c0011c41d1188 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SNT\ftAa.exe.vir" sh=03386BF857DDE1D9BD64FAA427780C99A652DB31 ft=1 fh=c71c0011c41d1188 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Vauudiux\dku8c.exe.vir" sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wiebsaveor\Zka0iO.exe.vir" sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir" sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir" sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir" sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir" sh=9A189D6EAB28C6F9C20AEEFA3E7134916E38C65B ft=1 fh=c71c0011b919b825 vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir" sh=03386BF857DDE1D9BD64FAA427780C99A652DB31 ft=1 fh=c71c0011c41d1188 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\YoutubeAdblocker\AjD0tyaq.exe.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1D0A1572D7AF9A149EB45C0F86B486B9AE8FAF4B ft=1 fh=9a57284d8243f9b8 vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\AnyProtectScannerSetup.exe.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=D4D5EE463CAAA52833E9BB3F879158817F7E1EC6 ft=1 fh=ad9618ff530d45b3 vn="Variante von Win32/Skintrim.MI Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Genesis\Genesis.exe.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=97C98A20388FD894B92FD8325545966CA945BCFB ft=1 fh=6121d07ea56d1649 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Roaming\OpenCandy\EE166B84399549519917AAA6B9FBB839\Setupsft_chr_p1v7.exe.vir" sh=85FD7FDBEC0C13AA7CD5273125CCA4759AF7CCA1 ft=1 fh=818fd8d1e5da884c vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe.vir" sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Roaming\SupTab\SupTab.dll.vir" sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=C93720F9A743CB34DB813D0CFAB76DB0D95D144D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Roaming\Mozilla\Firefox\Profiles\gtyr1dld.default\Extensions\39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com\extensionData\plugins\91.js.vir" sh=F178C38848BDD54B93CCE8260C97038114EA2515 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Roaming\Mozilla\Firefox\Profiles\gtyr1dld.default\Extensions\staged\39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com\extensionData\plugins\91.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=8CE29B8AB884C4365F82A7A8AFB62B296781C051 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Roaming\Mozilla\Firefox\Profiles\tgwx4cju.default\Extensions\a0046b9b-fdb9-497f-a4b1-2a108ad6007a@5cdf80b7-0420-4bb7-b3c0-e188e6f4fb8a.com\extensionData\plugins\91.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=6FC64C28956F5D941FFE08D3D7CACF6B616B4D3D ft=1 fh=7c17f4a215ad88f0 vn="Win32/AdWare.CycloneAd.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\pgcchelper\pgcchelper.exe.vir" sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v71a.exe.vir" sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=614160DEF072B9AD4213165AE9E808D6F8619C6C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\d6ovhb3j.default\Extensions\ahzyiytuj@aoiapva.co.uk\content\bg.js.vir" sh=219B127C20B6B999A65DEF7CA0ED60C2D57E6691 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\d6ovhb3j.default\Extensions\zvwybvg@auemxl.edu\content\bg.js.vir" sh=336F3BCB48ECB1F5B206A8B1BCBD184D6AA9E8B4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\ewi1n1o0.default-1403639340520\Extensions\39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com\extensionData\plugins\91.js.vir" sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\2380FA7369A341358520EE6E44D2296B\DeltaTB.exe.vir" sh=92962813AB03375D06DEEC70F8B145DFD7444489 ft=1 fh=be60b5ebbf004ae2 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\30A948F607E140A08204D129DFA17664\speedupmypcDE.exe.vir" sh=5B9F5D94F47E920E0768B8C097713AAC8092EDEB ft=1 fh=2a9c4b4e1e4f886e vn="Variante von Win32/DealPly.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\wse_astromenda\UpdateProc\UpdateTask.exe.vir" sh=99414731D83EBD1177112CFE7E3D849C4DC156F5 ft=1 fh=fbdf85939d27573c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=F39CDDB2BA3D32F7C139C1D0B4151334AABDB322 ft=1 fh=290aa484568ed9e5 vn="Variante von Win64/BrowseFox.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys.vir" sh=D96EE33410477EB0078681B5F03EA011E6EC2AA0 ft=1 fh=716f6450e5e50596 vn="Variante von Win64/BrowseFox.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w64.sys.vir" sh=106E1261CC5B1FA6F7006910A3CDC10ACAE52E6D ft=1 fh=ef62475443475fff vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Free FLV Converter\Helper.dll" sh=27D5724BA3C3D14065184558A434A0E78E742EDB ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{7AB5685C-83CF-4BD1-A93A-CBEDA1564AAA}\Custom.dll" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=6527D773A16878E428D8DE50D51F28FEA7AAD655 ft=1 fh=abbd31e330edcbad vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\nsqD036.tmp.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome\User Data\default\extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome\User Data\default\extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1B935276B14854E7E698D195CE39DCEF2E7F69A0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1B935276B14854E7E698D195CE39DCEF2E7F69A0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir" sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir" sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir" sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir" sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir" sh=1B935276B14854E7E698D195CE39DCEF2E7F69A0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js.vir" sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js" sh=27D5724BA3C3D14065184558A434A0E78E742EDB ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{7AB5685C-83CF-4BD1-A93A-CBEDA1564AAA}\Custom.dll" sh=55436CB2943A4D25CBC3B9367C413CD364C85050 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hniiadklfgdhjcmmkpggffjngihaaoip\1.26.31_0\extensionData\plugins\91.js" sh=B474C19AF67A3EA0369B9E000D40D1375F2A67BE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm\1.26.80_0\extensionData\plugins\91.js" sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js" sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NiclasPascal\AppData\Roaming\LSHLRGPF" sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NiclasPascal\AppData\Roaming\QAKOG" sh=55436CB2943A4D25CBC3B9367C413CD364C85050 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hniiadklfgdhjcmmkpggffjngihaaoip\1.26.31_0\extensionData\plugins\91.js" sh=B474C19AF67A3EA0369B9E000D40D1375F2A67BE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm\1.26.80_0\extensionData\plugins\91.js" sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js" sh=B7A1757508588C3F277B97F877A74350068370AD ft=1 fh=49b56f64fa90416e vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Desktop\wzmp_8.exe" sh=B8295405FD13046577AB28A5152FD1AD343E0AB7 ft=1 fh=c71c001110b3f691 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Oliver\Downloads\COMPUTER_BILD-Download-Manager_fuer_cdbxp_setup_4.5.3.4643.exe" sh=A8B9FDF9235176B686E94146EA769821C5492374 ft=1 fh=c71c001110b3f691 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Oliver\Downloads\COMPUTER_BILD-Download-Manager_fuer_FreeAudioCDBurner.exe" sh=A6A9207E483D8FFC9E5FD3B77033B983E4BC5671 ft=1 fh=c71c0011bde365a0 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\FreeAudioCDBurner(1).exe" sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\MyPhoneExplorer_1.8.5.exe" sh=B1F7740AC46A1750FC10DC4768D89DFCAD77E85C ft=1 fh=37bbe5db5c9182cf vn="Win32/Toolbar.Babylon.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\ReimageRepair.exe" sh=B501C94EB2644AF094FE2008D214793AE243DAD9 ft=1 fh=1c5ab5e72fdaa7fe vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\Windows-KB890830-V5.14 - CHIP-Installer.exe" sh=33D5A5EED31629F3541DD8196065DCF6AB674F81 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\490d67f8.msi" Code:
ATTFilter Results of screen317's Security Check version 0.99.91 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Java 8 Update 25 Java version 32-bit out of Date! Adobe Flash Player 15.0.0.246 Adobe Reader XI Mozilla Firefox (34.0.5) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014 Ran by Oliver (administrator) on USER-PC on 13-12-2014 22:38:12 Running from C:\Users\Oliver\Desktop Loaded Profiles: Oliver & Broken Cue (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe () C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe (g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe (g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\faktura + auftrag\2014\Pcfk32.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WzPreviewer32.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-10] (VIA) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\RunOnce: [Adobe Speed Launcher] => 1418488634 HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\RunOnce: [Adobe Speed Launcher] => 1418468260 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1388768884-318842917-2379483617-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1388768884-318842917-2379483617-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\jhlrbz5d.default-1418246659869 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi Chrome: ======= CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10] CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-05] CHR StartMenuInternet: Google Chrome - Chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed] R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-13 22:38 - 2014-12-13 22:38 - 02119168 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64.exe 2014-12-13 22:38 - 2014-12-13 22:38 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion 2014-12-13 22:34 - 2014-12-13 22:34 - 00072706 _____ () C:\Users\Oliver\Desktop\ESET.txt 2014-12-13 19:51 - 2014-12-13 19:51 - 00852490 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe 2014-12-13 19:49 - 2014-12-13 19:49 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe 2014-12-12 19:49 - 2014-12-12 19:49 - 00000772 _____ () C:\Users\Oliver\Desktop\JRT.txt 2014-12-12 19:45 - 2014-12-12 19:45 - 00001202 _____ () C:\mbam.txt 2014-12-11 23:30 - 2014-12-12 19:42 - 00000022 _____ () C:\Windows\S.dirmngr 2014-12-11 23:09 - 2014-12-11 23:09 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps 2014-12-11 17:41 - 2014-12-11 17:41 - 00099544 _____ () C:\ComboFix.txt 2014-12-11 17:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-11 17:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-11 17:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-11 16:54 - 2014-12-11 17:41 - 00000000 ____D () C:\Qoobox 2014-12-11 16:54 - 2014-12-11 17:39 - 00000000 ____D () C:\Windows\erdnt 2014-12-11 16:52 - 2014-12-11 16:52 - 05600944 ____R (Swearware) C:\Users\Admin_OT\Desktop\ComboFix.exe 2014-12-10 22:33 - 2014-12-10 22:33 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-10 22:31 - 2014-12-10 22:31 - 00000000 __SHD () C:\Users\NiclasPascal\AppData\Local\EmieBrowserModeList 2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\Lexware 2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Local\Lexware 2014-12-10 22:27 - 2014-12-10 22:27 - 02166272 _____ () C:\Users\Broken Cue\Downloads\adwcleaner_4.105.exe 2014-12-10 22:24 - 2014-12-10 22:24 - 00000000 ____D () C:\Users\Oliver\Desktop\Alte Firefox-Daten 2014-12-10 22:15 - 2014-12-10 22:15 - 02166272 _____ () C:\Users\Oliver\Desktop\adwcleaner_4.105.exe 2014-12-10 22:11 - 2014-12-10 22:11 - 01768604 _____ () C:\USER-PC_2014.12.10-2159.58_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip 2014-12-10 21:59 - 2014-12-10 22:11 - 00000000 ____D () C:\Users\Oliver\Desktop\TrendMicro AntiThreat Toolkit 2014-12-10 21:56 - 2014-12-10 21:56 - 01751655 _____ () C:\USER-PC_2014.12.10-2145.15_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip 2014-12-10 21:43 - 2014-12-10 21:44 - 05155400 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_collector_cli_x64.exe 2014-12-09 20:00 - 2014-12-09 20:11 - 00032377 _____ () C:\Users\Broken Cue\Desktop\FRST.txt 2014-12-09 20:00 - 2014-12-09 20:00 - 00019050 _____ () C:\Users\Broken Cue\Desktop\Addition.txt 2014-12-09 19:58 - 2014-12-09 19:59 - 02119680 _____ (Farbar) C:\Users\Broken Cue\Desktop\FRST64.exe 2014-12-09 18:22 - 2014-12-09 18:22 - 14107296 _____ (Microsoft Corporation) C:\Users\Broken Cue\Downloads\mseinstall.exe 2014-12-09 18:04 - 2014-12-09 18:04 - 00978153 _____ () C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip 2014-12-09 18:04 - 2014-12-09 18:04 - 00000334 _____ () C:\Users\Oliver\Downloads\Result.txt 2014-12-09 18:02 - 2014-12-09 18:02 - 00000330 _____ () C:\Users\Oliver\Desktop\Result.txt 2014-12-09 18:00 - 2014-12-09 18:01 - 09208192 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_far_gui_x64.exe 2014-12-09 17:46 - 2014-12-09 18:04 - 00000000 ____D () C:\Users\Oliver\Downloads\TrendMicro AntiThreat Toolkit 2014-12-09 17:46 - 2014-12-09 17:46 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2014-12-09 17:46 - 2014-12-09 17:46 - 00000036 _____ () C:\Users\Oliver\AppData\Local\housecall.guid.cache 2014-12-09 17:44 - 2014-12-09 17:45 - 25820464 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_ScanCleanOnline_gui_x64.exe 2014-12-09 08:57 - 2014-12-09 08:57 - 00000628 _____ () C:\Users\Admin_OT\Desktop\JRT.txt 2014-12-09 07:53 - 2014-12-09 07:53 - 00048162 _____ () C:\Users\Oliver\Desktop\ESET-Scanner.txt 2014-12-08 21:25 - 2014-12-08 21:25 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-08 20:35 - 2014-12-13 22:38 - 00013198 _____ () C:\Users\Oliver\Desktop\FRST.txt 2014-12-08 20:35 - 2014-12-08 20:36 - 00024059 _____ () C:\Users\Oliver\Desktop\Addition.txt 2014-12-08 20:13 - 2014-12-08 20:13 - 00638888 _____ (Oracle Corporation) C:\Users\Oliver\Downloads\jxpiinstall(1).exe 2014-12-08 19:59 - 2014-12-08 20:00 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe 2014-12-08 19:56 - 2014-12-08 19:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-08 19:51 - 2014-12-08 19:52 - 01707646 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT(1).exe 2014-12-08 18:55 - 2014-12-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-08 18:54 - 2014-12-08 19:41 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar 2014-12-08 18:53 - 2014-12-08 18:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Oliver\Desktop\mbar-1.08.2.1001.exe 2014-12-08 18:50 - 2014-12-08 18:53 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Nico Mak Computing 2014-12-08 18:49 - 2014-12-08 18:49 - 00000000 ____D () C:\Users\Oliver\Desktop\wzmp_8 2014-12-08 18:19 - 2014-12-08 18:19 - 04917720 _____ (WinZip International LLC ) C:\Users\Oliver\Desktop\wzmp_8.exe 2014-12-07 22:03 - 2014-12-07 22:03 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieBrowserModeList 2014-12-07 21:33 - 2014-12-09 08:50 - 00000385 _____ () C:\AdwCleanerDebug.txt 2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\SUPERDelete 2014-12-07 16:52 - 2014-12-07 16:52 - 20630616 _____ (SUPERAntiSpyware) C:\Users\Oliver\Downloads\SUPERAntiSpyware.exe 2014-12-07 16:46 - 2014-12-07 16:46 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Kromtech 2014-12-07 16:45 - 2014-12-07 16:46 - 00000000 ____D () C:\ProgramData\Kromtech 2014-12-07 16:45 - 2014-12-07 16:45 - 01148048 _____ (Kromtech) C:\Users\Oliver\Downloads\PCKeeper Installer.exe 2014-12-07 14:02 - 2014-12-10 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Admin_OT\AppData\Roaming\Google 2014-12-06 19:09 - 2014-12-06 19:09 - 00000000 __SHD () C:\Users\Admin_OT\AppData\Local\EmieBrowserModeList 2014-12-06 19:07 - 2014-12-07 17:16 - 00000000 ____D () C:\Program Files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028 2014-12-06 19:05 - 2014-12-06 19:05 - 00002169 _____ () C:\Windows\patsearch.bin 2014-12-06 19:05 - 2014-12-06 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf 2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer 2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer 2014-11-26 22:39 - 2014-11-26 22:39 - 00000353 _____ () C:\Users\Oliver\AppData\Roaming\dpdhl.versandhelfer_state.xml 2014-11-23 03:00 - 2014-11-23 03:03 - 927325765 _____ () C:\Users\Oliver\Downloads\Bilder-Gesamt BANDITO - SPORT - KATALOG 2013-2014-300dpi-RGB (alle Bilder in einer ZIP-DATEI).zip 2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-13 22:38 - 2014-07-31 20:03 - 00000000 ____D () C:\FRST 2014-12-13 22:36 - 2013-02-07 22:34 - 01184265 _____ () C:\Windows\WindowsUpdate.log 2014-12-13 22:10 - 2013-03-23 01:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-13 21:45 - 2014-01-24 19:11 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\gnupg 2014-12-13 19:54 - 2014-05-11 17:28 - 00000000 ____D () C:\AdwCleaner 2014-12-13 15:21 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-13 15:21 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-13 13:10 - 2013-03-23 01:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-13 13:10 - 2013-02-08 22:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-13 13:10 - 2013-02-08 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-13 11:57 - 2013-02-10 00:30 - 00000000 ____D () C:\ProgramData\Lexware 2014-12-12 19:44 - 2014-05-11 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-12 19:42 - 2013-02-07 22:53 - 00850334 _____ () C:\Windows\PFRO.log 2014-12-12 19:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-12 19:42 - 2009-07-14 05:51 - 00045473 _____ () C:\Windows\setupact.log 2014-12-11 17:51 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-11 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2014-12-11 17:50 - 2013-02-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 17:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-12-11 17:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-11 17:37 - 2014-04-15 10:12 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Adobe 2014-12-10 22:33 - 2014-05-10 21:56 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-10 22:30 - 2014-08-16 22:03 - 00000000 ____D () C:\Users\Broken Cue\Desktop\Alte Firefox-Daten 2014-12-09 18:22 - 2013-05-18 18:18 - 00002198 _____ () C:\Windows\epplauncher.mif 2014-12-09 17:44 - 2013-02-10 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-09 08:32 - 2014-07-31 20:04 - 00024932 _____ () C:\Users\Oliver\Downloads\Addition.txt 2014-12-09 08:32 - 2014-07-31 20:03 - 00038741 _____ () C:\Users\Oliver\Downloads\FRST.txt 2014-12-09 07:58 - 2014-08-24 14:34 - 00000000 ____D () C:\Program Files\Google 2014-12-09 07:58 - 2013-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Google 2014-12-09 07:57 - 2013-08-06 21:53 - 00001009 _____ () C:\Users\Admin_OT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-08 20:29 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-08 20:14 - 2014-08-07 16:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-08 20:14 - 2014-08-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Java 2014-12-08 20:14 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-08 19:04 - 2013-11-24 00:12 - 00000000 ____D () C:\Users\Gast1 2014-12-08 18:54 - 2014-05-11 17:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-08 17:47 - 2014-08-24 14:33 - 00000000 ____D () C:\ProgramData\Google 2014-12-08 17:47 - 2013-11-02 18:17 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Google 2014-12-07 22:04 - 2014-09-07 18:36 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Google 2014-12-07 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors 2014-12-07 00:36 - 2014-05-11 17:36 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-07 00:36 - 2014-05-11 17:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-06 19:10 - 2013-11-23 13:54 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Google 2014-12-06 19:08 - 2014-08-30 14:05 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\com 2014-11-26 22:40 - 2013-06-20 15:14 - 00000921 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk 2014-11-21 06:14 - 2014-05-11 17:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-05-11 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-18 20:51 - 2013-07-26 12:30 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\CoreFTP 2014-11-18 18:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-18 18:23 - 2013-07-04 22:18 - 00000000 ____D () C:\Users\Admin_OT 2014-11-16 13:13 - 2013-05-20 13:00 - 00319064 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 03:09 - 2013-08-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-16 03:03 - 2013-03-22 00:41 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-16 03:00 - 2014-04-15 16:54 - 00000000 ____D () C:\Users\Broken Cue\AppData\Roaming\gnupg Some content of TEMP: ==================== C:\Users\Oliver\AppData\Local\temp\IntResource.dll C:\Users\Oliver\AppData\Local\temp\Quarantine.exe C:\Users\Oliver\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 00:59 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Danke für die klasse Unterstützung. Die wild erschienen Werbefenster sind nicht mehr der Fall und es sieht so aus als wenn wieder alles in Ordnung ist. Ich habe aber die Vermutung, dass noch irgendetwas vorhanden ist. Wenn ich den ADCleaner laufen lasse findet der nach einiger Zeit wieder etwas. Mit welchen Tools kann ich mich schützen? Microsoft Essentials oder mit was? Gruß Oliver-T |
14.12.2014, 16:32 | #10 |
/// the machine /// TB-Ausbilder | Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung Ich empfehle immer Emsisoft Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\InstallMate C:\Users\Gast\AppData\Local\Google\Chrome SxS C:\Users\NiclasPascal\AppData\Roaming\LSHLRGPF C:\Users\NiclasPascal\AppData\Roaming\QAKOG CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175 Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Download Ordner leeren. Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.12.2014, 19:53 | #11 |
| Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung FixLog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 Ran by Oliver at 2014-12-14 19:38:46 Run:1 Running from C:\Users\Oliver\Desktop Loaded Profiles: Oliver & Broken Cue & NiclasPascal (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\ProgramData\InstallMate C:\Users\Gast\AppData\Local\Google\Chrome SxS C:\Users\NiclasPascal\AppData\Roaming\LSHLRGPF C:\Users\NiclasPascal\AppData\Roaming\QAKOG CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175 Emptytemp: ***************** C:\ProgramData\InstallMate => Moved successfully. C:\Users\Gast\AppData\Local\Google\Chrome SxS => Moved successfully. C:\Users\NiclasPascal\AppData\Roaming\LSHLRGPF => Moved successfully. C:\Users\NiclasPascal\AppData\Roaming\QAKOG => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. EmptyTemp: => Removed 405.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== Ein frisches FRST Log FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 Ran by Oliver (administrator) on USER-PC on 14-12-2014 19:50:47 Running from C:\Users\Oliver\Desktop Loaded Profile: Oliver (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe (Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-10] (VIA) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\RunOnce: [Adobe Speed Launcher] => 1418582462 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1388768884-318842917-2379483617-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\wnady7oq.default-1418582923771 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10] CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-05] CHR StartMenuInternet: Google Chrome - Chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed] R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-14 19:44 - 2014-12-14 19:44 - 00001264 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk 2014-12-14 19:44 - 2014-12-14 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-14 19:43 - 2014-12-14 19:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oliver\Desktop\revosetup95.exe 2014-12-14 19:40 - 2014-12-14 19:40 - 00000022 _____ () C:\Windows\S.dirmngr 2014-12-14 15:50 - 2014-12-14 15:50 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\MyPhoneExplorer 2014-12-13 22:38 - 2014-12-14 19:38 - 02119680 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64.exe 2014-12-13 22:38 - 2014-12-14 19:38 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion 2014-12-13 22:34 - 2014-12-13 22:34 - 00072706 _____ () C:\Users\Oliver\Desktop\ESET.txt 2014-12-13 19:51 - 2014-12-13 19:51 - 00852490 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe 2014-12-13 19:49 - 2014-12-13 19:49 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe 2014-12-12 19:49 - 2014-12-12 19:49 - 00000772 _____ () C:\Users\Oliver\Desktop\JRT.txt 2014-12-12 19:45 - 2014-12-12 19:45 - 00001202 _____ () C:\mbam.txt 2014-12-11 23:12 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 23:12 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-11 23:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 23:12 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 23:12 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-11 23:12 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 23:12 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-11 23:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 23:12 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-11 23:12 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 23:12 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 23:12 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-11 23:12 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 23:12 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-11 23:12 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-11 23:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 23:12 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-11 23:12 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-11 23:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-11 23:12 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 23:12 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-11 23:12 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-11 23:12 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-11 23:12 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 23:12 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-11 23:12 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-11 23:12 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-11 23:12 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 23:12 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-11 23:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-11 23:12 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-11 23:12 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-11 23:12 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-11 23:12 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-11 23:12 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-11 23:12 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 23:12 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 23:12 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-11 23:12 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 23:12 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-11 23:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 23:12 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-11 23:12 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-11 23:12 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-11 23:12 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-11 23:12 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-11 23:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 23:12 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-11 23:12 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-11 23:12 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-11 23:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 23:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-11 23:12 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 23:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-11 23:12 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-11 23:12 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-11 23:12 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 23:12 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-11 23:09 - 2014-12-11 23:09 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps 2014-12-11 17:41 - 2014-12-11 17:41 - 00099544 _____ () C:\ComboFix.txt 2014-12-11 17:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-11 17:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-11 17:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-11 16:54 - 2014-12-11 17:41 - 00000000 ____D () C:\Qoobox 2014-12-11 16:54 - 2014-12-11 17:39 - 00000000 ____D () C:\Windows\erdnt 2014-12-11 16:52 - 2014-12-11 16:52 - 05600944 ____R (Swearware) C:\Users\Admin_OT\Desktop\ComboFix.exe 2014-12-10 22:33 - 2014-12-10 22:33 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-10 22:31 - 2014-12-10 22:31 - 00000000 __SHD () C:\Users\NiclasPascal\AppData\Local\EmieBrowserModeList 2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\Lexware 2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Local\Lexware 2014-12-10 22:27 - 2014-12-10 22:27 - 02166272 _____ () C:\Users\Broken Cue\Downloads\adwcleaner_4.105.exe 2014-12-10 22:24 - 2014-12-14 19:48 - 00000000 ____D () C:\Users\Oliver\Desktop\Alte Firefox-Daten 2014-12-10 22:15 - 2014-12-10 22:15 - 02166272 _____ () C:\Users\Oliver\Desktop\adwcleaner_4.105.exe 2014-12-10 22:11 - 2014-12-10 22:11 - 01768604 _____ () C:\USER-PC_2014.12.10-2159.58_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip 2014-12-10 21:59 - 2014-12-10 22:11 - 00000000 ____D () C:\Users\Oliver\Desktop\TrendMicro AntiThreat Toolkit 2014-12-10 21:56 - 2014-12-10 21:56 - 01751655 _____ () C:\USER-PC_2014.12.10-2145.15_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip 2014-12-10 21:43 - 2014-12-10 21:44 - 05155400 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_collector_cli_x64.exe 2014-12-09 20:00 - 2014-12-09 20:11 - 00032377 _____ () C:\Users\Broken Cue\Desktop\FRST.txt 2014-12-09 20:00 - 2014-12-09 20:00 - 00019050 _____ () C:\Users\Broken Cue\Desktop\Addition.txt 2014-12-09 19:58 - 2014-12-09 19:59 - 02119680 _____ (Farbar) C:\Users\Broken Cue\Desktop\FRST64.exe 2014-12-09 18:22 - 2014-12-09 18:22 - 14107296 _____ (Microsoft Corporation) C:\Users\Broken Cue\Downloads\mseinstall.exe 2014-12-09 18:04 - 2014-12-09 18:04 - 00978153 _____ () C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip 2014-12-09 18:04 - 2014-12-09 18:04 - 00000334 _____ () C:\Users\Oliver\Downloads\Result.txt 2014-12-09 18:02 - 2014-12-09 18:02 - 00000330 _____ () C:\Users\Oliver\Desktop\Result.txt 2014-12-09 18:00 - 2014-12-09 18:01 - 09208192 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_far_gui_x64.exe 2014-12-09 17:46 - 2014-12-09 18:04 - 00000000 ____D () C:\Users\Oliver\Downloads\TrendMicro AntiThreat Toolkit 2014-12-09 17:46 - 2014-12-09 17:46 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2014-12-09 17:46 - 2014-12-09 17:46 - 00000036 _____ () C:\Users\Oliver\AppData\Local\housecall.guid.cache 2014-12-09 17:44 - 2014-12-09 17:45 - 25820464 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_ScanCleanOnline_gui_x64.exe 2014-12-09 08:57 - 2014-12-09 08:57 - 00000628 _____ () C:\Users\Admin_OT\Desktop\JRT.txt 2014-12-09 07:53 - 2014-12-09 07:53 - 00048162 _____ () C:\Users\Oliver\Desktop\ESET-Scanner.txt 2014-12-08 20:35 - 2014-12-14 19:50 - 00011374 _____ () C:\Users\Oliver\Desktop\FRST.txt 2014-12-08 20:35 - 2014-12-08 20:36 - 00024059 _____ () C:\Users\Oliver\Desktop\Addition.txt 2014-12-08 20:13 - 2014-12-08 20:13 - 00638888 _____ (Oracle Corporation) C:\Users\Oliver\Downloads\jxpiinstall(1).exe 2014-12-08 19:59 - 2014-12-08 20:00 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe 2014-12-08 19:56 - 2014-12-08 19:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-08 19:51 - 2014-12-08 19:52 - 01707646 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT(1).exe 2014-12-08 18:55 - 2014-12-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-08 18:54 - 2014-12-08 19:41 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar 2014-12-08 18:53 - 2014-12-08 18:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Oliver\Desktop\mbar-1.08.2.1001.exe 2014-12-08 18:50 - 2014-12-08 18:53 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Nico Mak Computing 2014-12-08 18:49 - 2014-12-08 18:49 - 00000000 ____D () C:\Users\Oliver\Desktop\wzmp_8 2014-12-08 18:19 - 2014-12-08 18:19 - 04917720 _____ (WinZip International LLC ) C:\Users\Oliver\Desktop\wzmp_8.exe 2014-12-07 22:03 - 2014-12-07 22:03 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieBrowserModeList 2014-12-07 21:33 - 2014-12-09 08:50 - 00000385 _____ () C:\AdwCleanerDebug.txt 2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\SUPERDelete 2014-12-07 16:52 - 2014-12-07 16:52 - 20630616 _____ (SUPERAntiSpyware) C:\Users\Oliver\Downloads\SUPERAntiSpyware.exe 2014-12-07 16:46 - 2014-12-07 16:46 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Kromtech 2014-12-07 16:45 - 2014-12-07 16:46 - 00000000 ____D () C:\ProgramData\Kromtech 2014-12-07 16:45 - 2014-12-07 16:45 - 01148048 _____ (Kromtech) C:\Users\Oliver\Downloads\PCKeeper Installer.exe 2014-12-07 14:02 - 2014-12-10 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Admin_OT\AppData\Roaming\Google 2014-12-06 19:09 - 2014-12-06 19:09 - 00000000 __SHD () C:\Users\Admin_OT\AppData\Local\EmieBrowserModeList 2014-12-06 19:07 - 2014-12-07 17:16 - 00000000 ____D () C:\Program Files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028 2014-12-06 19:05 - 2014-12-06 19:05 - 00002169 _____ () C:\Windows\patsearch.bin 2014-12-06 19:05 - 2014-12-06 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf 2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer 2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer 2014-11-26 22:39 - 2014-11-26 22:39 - 00000353 _____ () C:\Users\Oliver\AppData\Roaming\dpdhl.versandhelfer_state.xml 2014-11-23 03:00 - 2014-11-23 03:03 - 927325765 _____ () C:\Users\Oliver\Downloads\Bilder-Gesamt BANDITO - SPORT - KATALOG 2013-2014-300dpi-RGB (alle Bilder in einer ZIP-DATEI).zip 2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-14 19:50 - 2014-07-31 20:03 - 00000000 ____D () C:\FRST 2014-12-14 19:48 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-14 19:48 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-14 19:40 - 2013-02-07 22:53 - 00856120 _____ () C:\Windows\PFRO.log 2014-12-14 19:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-14 19:40 - 2009-07-14 05:51 - 00045641 _____ () C:\Windows\setupact.log 2014-12-14 19:39 - 2013-02-07 22:34 - 01405368 _____ () C:\Windows\WindowsUpdate.log 2014-12-14 19:38 - 2014-05-10 14:43 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-12-14 19:10 - 2013-03-23 01:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-14 18:42 - 2014-01-24 19:11 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\gnupg 2014-12-14 14:03 - 2013-05-20 16:45 - 00000000 ____D () C:\Users\Oliver\Documents\Add-in Express 2014-12-14 14:03 - 2013-05-20 13:01 - 00000000 ____D () C:\Users\Oliver 2014-12-14 13:44 - 2013-02-10 00:30 - 00000000 ____D () C:\ProgramData\Lexware 2014-12-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-14 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-14 03:06 - 2013-02-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-14 03:02 - 2013-08-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-14 03:02 - 2013-03-22 00:41 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-13 19:54 - 2014-05-11 17:28 - 00000000 ____D () C:\AdwCleaner 2014-12-13 13:10 - 2013-03-23 01:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-13 13:10 - 2013-02-08 22:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-13 13:10 - 2013-02-08 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-12 19:44 - 2014-05-11 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-11 17:51 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-11 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2014-12-11 17:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-12-11 17:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-11 17:37 - 2014-04-15 10:12 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Adobe 2014-12-10 22:33 - 2014-05-10 21:56 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-10 22:30 - 2014-08-16 22:03 - 00000000 ____D () C:\Users\Broken Cue\Desktop\Alte Firefox-Daten 2014-12-09 18:22 - 2013-05-18 18:18 - 00002198 _____ () C:\Windows\epplauncher.mif 2014-12-09 17:44 - 2013-02-10 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-09 08:32 - 2014-07-31 20:04 - 00024932 _____ () C:\Users\Oliver\Downloads\Addition.txt 2014-12-09 08:32 - 2014-07-31 20:03 - 00038741 _____ () C:\Users\Oliver\Downloads\FRST.txt 2014-12-09 07:58 - 2014-08-24 14:34 - 00000000 ____D () C:\Program Files\Google 2014-12-09 07:58 - 2013-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Google 2014-12-09 07:57 - 2013-08-06 21:53 - 00001009 _____ () C:\Users\Admin_OT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-08 20:29 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-08 20:14 - 2014-08-07 16:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-08 20:14 - 2014-08-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Java 2014-12-08 20:14 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-08 19:04 - 2013-11-24 00:12 - 00000000 ____D () C:\Users\Gast1 2014-12-08 18:54 - 2014-05-11 17:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-08 17:47 - 2014-08-24 14:33 - 00000000 ____D () C:\ProgramData\Google 2014-12-08 17:47 - 2013-11-02 18:17 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Google 2014-12-07 22:04 - 2014-09-07 18:36 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Google 2014-12-07 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors 2014-12-07 00:36 - 2014-05-11 17:36 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-07 00:36 - 2014-05-11 17:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-06 19:10 - 2013-11-23 13:54 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Google 2014-12-06 19:08 - 2014-08-30 14:05 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\com 2014-11-26 22:40 - 2013-06-20 15:14 - 00000921 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk 2014-11-21 06:14 - 2014-05-11 17:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-05-11 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-18 20:51 - 2013-07-26 12:30 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\CoreFTP 2014-11-18 18:23 - 2013-07-04 22:18 - 00000000 ____D () C:\Users\Admin_OT 2014-11-16 13:13 - 2013-05-20 13:00 - 00319064 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 03:00 - 2014-04-15 16:54 - 00000000 ____D () C:\Users\Broken Cue\AppData\Roaming\gnupg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 00:59 ==================== End Of Log ============================ --- --- --- --- --- --- |
15.12.2014, 19:15 | #12 |
/// the machine /// TB-Ausbilder | Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Nochmal frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.12.2014, 22:16 | #13 |
| Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung Hier die Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01 Ran by Oliver at 2014-12-15 22:11:45 Run:2 Running from C:\Users\Oliver\Desktop Loaded Profiles: Oliver & Broken Cue (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175 ***************** HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. ==== End of Fixlog ==== FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01 Ran by Oliver (administrator) on USER-PC on 15-12-2014 22:14:34 Running from C:\Users\Oliver\Desktop Loaded Profiles: Oliver & Broken Cue (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe (Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe () C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe () C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe (g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe (g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\faktura + auftrag\2014\Pcfk32.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-10] (VIA) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4954576 2014-12-01] (Emsisoft GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom) HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\RunOnce: [Adobe Speed Launcher] => 1418582462 HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\RunOnce: [Adobe Speed Launcher] => 1418589010 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1388768884-318842917-2379483617-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1388768884-318842917-2379483617-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\wnady7oq.default-1418582923771 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\wnady7oq.default-1418582923771\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-14] FF HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi Chrome: ======= CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10] CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-05] CHR StartMenuInternet: Google Chrome - Chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed] R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-14 21:34 - 2014-12-14 21:34 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-12-14 19:59 - 2014-12-14 19:59 - 00001091 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-12-14 19:59 - 2014-12-14 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-12-14 19:58 - 2014-12-15 21:54 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-12-14 19:55 - 2014-12-14 19:57 - 168803768 _____ (Emsisoft Ltd ) C:\Users\Oliver\Downloads\EmsisoftAntiMalwareSetup.exe 2014-12-14 19:44 - 2014-12-14 19:44 - 00001264 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk 2014-12-14 19:44 - 2014-12-14 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-14 19:43 - 2014-12-14 19:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oliver\Desktop\revosetup95.exe 2014-12-14 19:40 - 2014-12-14 19:40 - 00000022 _____ () C:\Windows\S.dirmngr 2014-12-14 15:50 - 2014-12-14 15:50 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\MyPhoneExplorer 2014-12-13 22:38 - 2014-12-15 22:11 - 02119168 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64.exe 2014-12-13 22:38 - 2014-12-15 22:11 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion 2014-12-13 22:34 - 2014-12-13 22:34 - 00072706 _____ () C:\Users\Oliver\Desktop\ESET.txt 2014-12-13 19:51 - 2014-12-13 19:51 - 00852490 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe 2014-12-13 19:49 - 2014-12-13 19:49 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe 2014-12-12 19:49 - 2014-12-12 19:49 - 00000772 _____ () C:\Users\Oliver\Desktop\JRT.txt 2014-12-12 19:45 - 2014-12-12 19:45 - 00001202 _____ () C:\mbam.txt 2014-12-11 23:12 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 23:12 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-11 23:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 23:12 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 23:12 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-11 23:12 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 23:12 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-11 23:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 23:12 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-11 23:12 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 23:12 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 23:12 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-11 23:12 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 23:12 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-11 23:12 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-11 23:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 23:12 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-11 23:12 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-11 23:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-11 23:12 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 23:12 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-11 23:12 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-11 23:12 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-11 23:12 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 23:12 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-11 23:12 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-11 23:12 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-11 23:12 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 23:12 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-11 23:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-11 23:12 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-11 23:12 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-11 23:12 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-11 23:12 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-11 23:12 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-11 23:12 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 23:12 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 23:12 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-11 23:12 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 23:12 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-11 23:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 23:12 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-11 23:12 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-11 23:12 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-11 23:12 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-11 23:12 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-11 23:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 23:12 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-11 23:12 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-11 23:12 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-11 23:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 23:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-11 23:12 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 23:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-11 23:12 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-11 23:12 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-11 23:12 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 23:12 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-11 23:09 - 2014-12-15 22:11 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps 2014-12-11 17:41 - 2014-12-11 17:41 - 00099544 _____ () C:\ComboFix.txt 2014-12-11 17:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-11 17:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-11 17:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-11 17:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-11 16:54 - 2014-12-11 17:41 - 00000000 ____D () C:\Qoobox 2014-12-11 16:54 - 2014-12-11 17:39 - 00000000 ____D () C:\Windows\erdnt 2014-12-11 16:52 - 2014-12-11 16:52 - 05600944 ____R (Swearware) C:\Users\Admin_OT\Desktop\ComboFix.exe 2014-12-10 22:33 - 2014-12-10 22:33 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-10 22:31 - 2014-12-10 22:31 - 00000000 __SHD () C:\Users\NiclasPascal\AppData\Local\EmieBrowserModeList 2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\Lexware 2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Local\Lexware 2014-12-10 22:27 - 2014-12-10 22:27 - 02166272 _____ () C:\Users\Broken Cue\Downloads\adwcleaner_4.105.exe 2014-12-10 22:24 - 2014-12-14 19:48 - 00000000 ____D () C:\Users\Oliver\Desktop\Alte Firefox-Daten 2014-12-10 22:15 - 2014-12-10 22:15 - 02166272 _____ () C:\Users\Oliver\Desktop\adwcleaner_4.105.exe 2014-12-10 22:11 - 2014-12-10 22:11 - 01768604 _____ () C:\USER-PC_2014.12.10-2159.58_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip 2014-12-10 21:59 - 2014-12-10 22:11 - 00000000 ____D () C:\Users\Oliver\Desktop\TrendMicro AntiThreat Toolkit 2014-12-10 21:56 - 2014-12-10 21:56 - 01751655 _____ () C:\USER-PC_2014.12.10-2145.15_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip 2014-12-10 21:43 - 2014-12-10 21:44 - 05155400 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_collector_cli_x64.exe 2014-12-09 20:00 - 2014-12-09 20:11 - 00032377 _____ () C:\Users\Broken Cue\Desktop\FRST.txt 2014-12-09 20:00 - 2014-12-09 20:00 - 00019050 _____ () C:\Users\Broken Cue\Desktop\Addition.txt 2014-12-09 19:58 - 2014-12-09 19:59 - 02119680 _____ (Farbar) C:\Users\Broken Cue\Desktop\FRST64.exe 2014-12-09 18:22 - 2014-12-09 18:22 - 14107296 _____ (Microsoft Corporation) C:\Users\Broken Cue\Downloads\mseinstall.exe 2014-12-09 18:04 - 2014-12-09 18:04 - 00978153 _____ () C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip 2014-12-09 18:04 - 2014-12-09 18:04 - 00000334 _____ () C:\Users\Oliver\Downloads\Result.txt 2014-12-09 18:02 - 2014-12-09 18:02 - 00000330 _____ () C:\Users\Oliver\Desktop\Result.txt 2014-12-09 18:00 - 2014-12-09 18:01 - 09208192 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_far_gui_x64.exe 2014-12-09 17:46 - 2014-12-09 18:04 - 00000000 ____D () C:\Users\Oliver\Downloads\TrendMicro AntiThreat Toolkit 2014-12-09 17:46 - 2014-12-09 17:46 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2014-12-09 17:46 - 2014-12-09 17:46 - 00000036 _____ () C:\Users\Oliver\AppData\Local\housecall.guid.cache 2014-12-09 17:44 - 2014-12-09 17:45 - 25820464 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_ScanCleanOnline_gui_x64.exe 2014-12-09 08:57 - 2014-12-09 08:57 - 00000628 _____ () C:\Users\Admin_OT\Desktop\JRT.txt 2014-12-09 07:53 - 2014-12-09 07:53 - 00048162 _____ () C:\Users\Oliver\Desktop\ESET-Scanner.txt 2014-12-08 20:35 - 2014-12-15 22:14 - 00013841 _____ () C:\Users\Oliver\Desktop\FRST.txt 2014-12-08 20:35 - 2014-12-08 20:36 - 00024059 _____ () C:\Users\Oliver\Desktop\Addition.txt 2014-12-08 20:13 - 2014-12-08 20:13 - 00638888 _____ (Oracle Corporation) C:\Users\Oliver\Downloads\jxpiinstall(1).exe 2014-12-08 19:59 - 2014-12-08 20:00 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe 2014-12-08 19:56 - 2014-12-08 19:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-08 19:51 - 2014-12-08 19:52 - 01707646 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT(1).exe 2014-12-08 18:55 - 2014-12-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-08 18:54 - 2014-12-08 19:41 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar 2014-12-08 18:53 - 2014-12-08 18:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Oliver\Desktop\mbar-1.08.2.1001.exe 2014-12-08 18:50 - 2014-12-08 18:53 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Nico Mak Computing 2014-12-08 18:49 - 2014-12-08 18:49 - 00000000 ____D () C:\Users\Oliver\Desktop\wzmp_8 2014-12-08 18:19 - 2014-12-08 18:19 - 04917720 _____ (WinZip International LLC ) C:\Users\Oliver\Desktop\wzmp_8.exe 2014-12-07 22:03 - 2014-12-07 22:03 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieBrowserModeList 2014-12-07 21:33 - 2014-12-09 08:50 - 00000385 _____ () C:\AdwCleanerDebug.txt 2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\SUPERDelete 2014-12-07 16:52 - 2014-12-07 16:52 - 20630616 _____ (SUPERAntiSpyware) C:\Users\Oliver\Downloads\SUPERAntiSpyware.exe 2014-12-07 16:46 - 2014-12-07 16:46 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Kromtech 2014-12-07 16:45 - 2014-12-07 16:46 - 00000000 ____D () C:\ProgramData\Kromtech 2014-12-07 16:45 - 2014-12-07 16:45 - 01148048 _____ (Kromtech) C:\Users\Oliver\Downloads\PCKeeper Installer.exe 2014-12-07 14:02 - 2014-12-10 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Admin_OT\AppData\Roaming\Google 2014-12-06 19:09 - 2014-12-06 19:09 - 00000000 __SHD () C:\Users\Admin_OT\AppData\Local\EmieBrowserModeList 2014-12-06 19:07 - 2014-12-07 17:16 - 00000000 ____D () C:\Program Files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028 2014-12-06 19:05 - 2014-12-06 19:05 - 00002169 _____ () C:\Windows\patsearch.bin 2014-12-06 19:05 - 2014-12-06 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf 2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer 2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer 2014-11-26 22:39 - 2014-11-26 22:39 - 00000353 _____ () C:\Users\Oliver\AppData\Roaming\dpdhl.versandhelfer_state.xml 2014-11-23 03:00 - 2014-11-23 03:03 - 927325765 _____ () C:\Users\Oliver\Downloads\Bilder-Gesamt BANDITO - SPORT - KATALOG 2013-2014-300dpi-RGB (alle Bilder in einer ZIP-DATEI).zip 2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-15 22:14 - 2014-07-31 20:03 - 00000000 ____D () C:\FRST 2014-12-15 22:10 - 2013-03-23 01:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-15 22:06 - 2013-02-07 22:34 - 01520296 _____ () C:\Windows\WindowsUpdate.log 2014-12-15 21:53 - 2014-01-24 19:11 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\gnupg 2014-12-14 19:48 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-14 19:48 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-14 19:40 - 2013-02-07 22:53 - 00856120 _____ () C:\Windows\PFRO.log 2014-12-14 19:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-14 19:40 - 2009-07-14 05:51 - 00045641 _____ () C:\Windows\setupact.log 2014-12-14 19:38 - 2014-05-10 14:43 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-12-14 14:03 - 2013-05-20 16:45 - 00000000 ____D () C:\Users\Oliver\Documents\Add-in Express 2014-12-14 14:03 - 2013-05-20 13:01 - 00000000 ____D () C:\Users\Oliver 2014-12-14 13:44 - 2013-02-10 00:30 - 00000000 ____D () C:\ProgramData\Lexware 2014-12-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-14 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-14 03:06 - 2013-08-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-14 03:06 - 2013-02-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-14 03:02 - 2013-03-22 00:41 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-13 13:10 - 2013-03-23 01:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-13 13:10 - 2013-02-08 22:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-13 13:10 - 2013-02-08 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-12 19:44 - 2014-05-11 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-11 17:51 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-11 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2014-12-11 17:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-12-11 17:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-11 17:37 - 2014-04-15 10:12 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Adobe 2014-12-10 22:33 - 2014-05-10 21:56 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-10 22:30 - 2014-08-16 22:03 - 00000000 ____D () C:\Users\Broken Cue\Desktop\Alte Firefox-Daten 2014-12-09 18:22 - 2013-05-18 18:18 - 00002198 _____ () C:\Windows\epplauncher.mif 2014-12-09 17:44 - 2013-02-10 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-09 08:32 - 2014-07-31 20:04 - 00024932 _____ () C:\Users\Oliver\Downloads\Addition.txt 2014-12-09 08:32 - 2014-07-31 20:03 - 00038741 _____ () C:\Users\Oliver\Downloads\FRST.txt 2014-12-09 07:58 - 2014-08-24 14:34 - 00000000 ____D () C:\Program Files\Google 2014-12-09 07:58 - 2013-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Google 2014-12-09 07:57 - 2013-08-06 21:53 - 00001009 _____ () C:\Users\Admin_OT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-08 20:29 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-08 20:14 - 2014-08-07 16:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-08 20:14 - 2014-08-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Java 2014-12-08 20:14 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-08 19:04 - 2013-11-24 00:12 - 00000000 ____D () C:\Users\Gast1 2014-12-08 18:54 - 2014-05-11 17:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-08 17:47 - 2014-08-24 14:33 - 00000000 ____D () C:\ProgramData\Google 2014-12-08 17:47 - 2013-11-02 18:17 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Google 2014-12-07 22:04 - 2014-09-07 18:36 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Google 2014-12-07 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors 2014-12-07 00:36 - 2014-05-11 17:36 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-07 00:36 - 2014-05-11 17:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-06 19:10 - 2013-11-23 13:54 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Google 2014-12-06 19:08 - 2014-08-30 14:05 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\com 2014-11-26 22:40 - 2013-06-20 15:14 - 00000921 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk 2014-11-21 06:14 - 2014-05-11 17:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-05-11 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-18 20:51 - 2013-07-26 12:30 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\CoreFTP 2014-11-18 18:23 - 2013-07-04 22:18 - 00000000 ____D () C:\Users\Admin_OT 2014-11-16 13:13 - 2013-05-20 13:00 - 00319064 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 03:00 - 2014-04-15 16:54 - 00000000 ____D () C:\Users\Broken Cue\AppData\Roaming\gnupg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 00:59 ==================== End Of Log ============================ --- --- --- --- --- --- Es erscheinen aktuell keine Werbefenster mehr. |
16.12.2014, 21:09 | #14 |
/// the machine /// TB-Ausbilder | Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung |
abend, andere, anderen, angemeldet, beheben, doppel, doppelte, firefox, gemeldet, guten, installier, malware, nicht mehr, problem, programme, programmen, punkt, texte, ungewollt, unterstützung, versucht, werbebanner, werbefenster, öffnen, öffnet |