| |
| |||||||
Log-Analyse und Auswertung: Win 7: Schwarzbildschirm nach Start des ComputersWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.02.2015, 00:11
| #1 |
 |  Win 7: Schwarzbildschirm nach Start des Computers Hallo zusammen, Mein PC lässt sich seit ein paar Monaten nach dem Start und der Kennworteingabe nicht mehr richtig steuern, da, anstatt dem Desktop nur noch ein Blackscreen zusehen ist... Als Fehlermeldung erscheint dann: Windows Explorer funktioniert nicht mehr! Task Manager lässt sich allerdings weiterhin problemlos öffnen und auch davor schien alles ok zu sein. Außerdem erscheint eine Nachicht, in der steht, dass der Log des Absturzberichtes gespeichert worden sei. Hier ist er: Code:
ATTFilter Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
File "framework\bootstrap.pyo", line 55, in bootstrap_exe
File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Was soll ich tun? Hier sind die Dateien: FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015
Ran by Emily (administrator) on EMILY-PC on 06-02-2015 22:33:44
Running from C:\Users\Emily\Desktop
Loaded Profiles: Emily (Available profiles: UpdatusUser & Emily)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-04-28] (Apple Computer, Inc.)
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe [1683456 2013-01-16] (Bandoo Media Inc)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1719944 2013-04-01] (Ask)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [96303304 2014-08-15] (Microsoft Corporation)
HKLM\...\Run: [tvjbmonitor] => C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [53248 2006-12-26] ()
HKLM\...\Run: [fst_de_122] => [X]
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Google Update] => "C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Yontoo Desktop] => C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-02-02] (Yontoo LLC)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [AqjiJzed] => regsvr32.exe "C:\ProgramData\AqjiJzed\AqjiJzed.dat"
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Agenlywuybugfyv] => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe [309950 2011-11-13] (Meskisift Corporatien)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-16] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-08-22] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files\searchprotect\searchprotect\bin\spvc32loader.dll [187328 2014-08-06] (Client Connect LTD)
AppInit_DLLs: c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll => c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll File Not Found
AppInit_DLLs: c:\progra~1\suppor~1\suppor~1.dll => c:\Program Files\Supporter\Supporter.dll [4312064 2014-08-12] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.calcitapp.info/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1402691963&from=wpm0612&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=1E6B00262DC151E5&affID=119357&tsp=5019
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402691963&from=wpm0612&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0100161247274674&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=58&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DB5647D9A3684441AA70332AE49C6722 URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0100161247274674&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=58&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1E6B00262DC151E5&affID=119357&tsp=5019
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {4EEBDE03-4A52-43BC-A88B-B93E1A516942} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647959&src=kw&q={searchTerms}&locale=&apn_ptnrs=^8Q&apn_dtid=^YYYYYY^YY^DE&apn_uid=cabddbfa-b761-46ae-9501-77a247c4e860&apn_sauid=A0B9820A-406E-4682-A081-17EC3CD212F6
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox
BHO: Plus-HD-1.3 -> {11111111-1111-1111-1111-110311121157} -> C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-bho.dll (Plus HD)
BHO: Browsers Apps -> {11111111-1111-1111-1111-110611171187} -> C:\Program Files\Browsers Apps\Browsers Apps-bho.dll (app)
BHO: Speed Analysis 2 -> {18DBB6CE-3148-4FEC-B481-103CB3290427} -> C:\Program Files\Speed Analysis 2\ScriptHost.dll (SpeedAnalysis.com)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: RegULArDeeaals -> {A63F6A27-6960-FFE7-5313-A90C10BAD43D} -> C:\ProgramData\RegULArDeeaals\2Ki.dll ()
BHO: Zula Games -> {A9337080-7CBF-4E3E-80C1-3867BEDD88E0} -> C:\Program Files\Zula Games\ScriptHost.dll (ZulaGames.com)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO: DataMngr -> {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -> C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
BHO: VirtualDJ Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
BHO: cosstminn -> {F0957C89-1479-61BB-1BCF-C64ED7C8EDC8} -> C:\Program Files\cosstminn\Znza9uVUEX.dll ()
BHO: Search-Results Toolbar -> {f34c9277-6577-4dff-b2d7-7d58092f272f} -> C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
BHO: PricePeep -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
BHO: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files\Yontoo\YontooIEClient.dll No File
BHO: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM - Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM - VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\.DEFAULT -> VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384535333&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869
FireFox:
========
FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB
FF DefaultSearchEngine: Trovi search
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/O1DPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml
FF Extension: Re-markit - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 [2013-11-15]
FF Extension: Plus-HD-1.3 - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com [2014-08-12]
FF Extension: Fast Start - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\faststartff@gmail.com [2014-08-04]
FF Extension: Delta Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\ffxtlbr@delta.com [2013-09-25]
FF Extension: Browsers App - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\herman.thorne45@outlook.com [2014-08-04]
FF Extension: RegulaRDeaals - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\ii.obkb@m-dlr.com [2014-08-19]
FF Extension: cosstminn - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com [2014-08-12]
FF Extension: No Name - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com [2013-11-15]
FF Extension: shortcut - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\shortcutff@gmail.com [2014-08-04]
FF Extension: VirtualDJ Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\toolbar@ask.com [2013-05-05]
FF Extension: Plus-HD-1.3c - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com [2014-08-22]
FF Extension: Search-Results Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2013-02-01]
FF Extension: Iminent - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\firefoxmini@go.im.xpi [2014-08-12]
FF Extension: superfish - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\jid1-tce47bzfSrBDXQ@jetpack.xpi [2014-08-15]
FF Extension: PricePeep - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com.xpi [2013-11-05]
FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\shortcutff@gmail.com
FF HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Re-\x6d\x61rkit) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel [2013-11-15]
CHR Extension: (cosstminn) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh [2014-08-12]
CHR Extension: (No Name) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg [2014-08-04]
CHR Extension: (Plus-HD-1.3) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl [2013-11-15]
CHR Extension: (No Name) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2013-09-28]
CHR HKLM\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Emily\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx [2013-06-11]
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Emily\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-25]
CHR HKLM\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\Emily\AppData\Roaming\zulagames\zulagames.crx [2013-07-01]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 40030ae4; c:\Program Files\Supporter\SupporterSvc.dll [174416 2014-08-12] () [File not signed]
S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-28] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-28] (BonanzaDeals)
S2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-04] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-04] (globalUpdate) [File not signed]
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [761968 2014-06-12] (Cherished Technololgy LIMITED)
S2 NewVideoPlayerUpdaterService; C:\Program Files\NewPlayer\NewVideoPlayerUpdaterService.exe [11776 2014-08-12] () [File not signed]
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
S2 scores; C:\Windows\score.exe [4816384 2014-07-30] () [File not signed]
S2 servervo; C:\Users\Emily\AppData\Roaming\VOPackage\VOsrv.exe [73728 2014-08-04] () [File not signed] <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [540304 2014-06-11] (Cherished Technololgy LIMITED)
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
S2 Yontoo Desktop Updater; C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-02-02] (Yontoo LLC)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech )
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2010-07-26] (NVIDIA Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S1 cbbjpzjo; \??\C:\Windows\system32\drivers\cbbjpzjo.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-06 22:33 - 2015-02-06 22:34 - 00026227 _____ () C:\Users\Emily\Desktop\FRST.txt
2015-02-06 22:33 - 2015-02-06 22:33 - 00000000 ____D () C:\FRST
2015-02-06 22:32 - 2015-02-06 22:33 - 00000000 ___RD () C:\Users\Emily\Desktop\Emilys Programme
2015-02-06 22:31 - 2015-02-06 22:31 - 01123328 _____ (Farbar) C:\Users\Emily\Desktop\FRST.exe
2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 _____ () C:\Users\Emily\defogger_reenable
2015-02-06 22:01 - 2015-02-06 22:01 - 00000000 ____D () C:\Program Files\WaIntEnhance
2015-02-06 21:19 - 2015-02-06 22:58 - 00000000 ____D () C:\689882de6eaabdefc8
2015-02-06 20:07 - 2015-02-06 20:07 - 00000000 ____D () C:\ProgramData\Systweak
2015-02-06 19:58 - 2015-02-06 22:32 - 00000000 ____D () C:\Users\Emily\Desktop\AntiVirus Programme
2015-02-06 19:54 - 2015-02-06 19:54 - 00000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:52 - 2015-02-06 19:52 - 00006576 ____N () C:\bootsqm.dat
2015-02-06 19:51 - 2015-02-06 19:51 - 00000000 __SHD () C:\found.000
2015-02-06 19:46 - 2015-02-06 19:46 - 00000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}
2015-02-06 19:45 - 2015-02-06 19:45 - 00000000 ____D () C:\Users\Emily\AppData\Local\SearchProtect
2015-02-05 19:40 - 2015-02-05 19:40 - 00000000 ____D () C:\Program Files\VS Revo Group
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-06 22:58 - 2014-09-05 14:58 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\InetStat
2015-02-06 22:58 - 2014-08-22 20:56 - 00000000 ____D () C:\Windows\system32\SPReview
2015-02-06 22:58 - 2014-08-19 19:21 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Qaoxxie
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\Program Files\PepperZip
2015-02-06 22:58 - 2014-06-13 21:40 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\337Games
2015-02-06 22:58 - 2014-03-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.0
2015-02-06 22:58 - 2013-11-15 18:21 - 00000000 ____D () C:\Program Files\Plus-HD-1.3
2015-02-06 22:58 - 2013-11-15 18:08 - 00000000 ____D () C:\Program Files\PricePeep
2015-02-06 22:58 - 2013-11-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2015-02-06 22:58 - 2013-11-15 17:19 - 00000000 ____D () C:\Program Files\Advanced System Protector
2015-02-06 22:58 - 2013-09-28 14:19 - 00000000 ____D () C:\Program Files\BonanzaDeals
2015-02-06 22:58 - 2013-09-25 16:39 - 00000000 ____D () C:\Program Files\77zip
2015-02-06 22:58 - 2013-08-04 15:10 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\.minecraft
2015-02-06 22:58 - 2013-05-11 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
2015-02-06 22:58 - 2013-02-25 14:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Yontoo
2015-02-06 22:58 - 2013-02-25 14:01 - 00000000 ____D () C:\Program Files\Yontoo
2015-02-06 22:58 - 2013-02-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fessie
2015-02-06 22:58 - 2012-11-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-02-06 22:58 - 2010-08-09 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-06 22:58 - 2010-08-09 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack
2015-02-06 22:58 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-06 22:57 - 2013-11-15 17:18 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Systweak
2015-02-06 22:54 - 2014-08-12 10:57 - 00000000 ____D () C:\Program Files\SearchProtect
2015-02-06 22:54 - 2011-11-06 17:20 - 00000000 ____D () C:\Program Files\Purplehills
2015-02-06 22:54 - 2011-04-28 22:44 - 00000000 ____D () C:\Program Files\Trend
2015-02-06 22:54 - 2011-04-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
2015-02-06 22:54 - 2010-08-09 13:53 - 00000000 ____D () C:\Program Files\Realtek
2015-02-06 22:53 - 2013-05-11 08:35 - 00000000 ____D () C:\Program Files\LEGO Media
2015-02-06 22:53 - 2012-01-11 17:55 - 00000000 __RHD () C:\MSOCache
2015-02-06 22:53 - 2011-04-28 22:31 - 00000000 ____D () C:\Program Files\Disney Interactive Studios
2015-02-06 22:53 - 2010-08-09 13:13 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-06 22:53 - 2010-08-09 13:11 - 00000000 ____D () C:\Program Files\Medion MediaPack
2015-02-06 22:30 - 2011-04-28 20:33 - 00000000 ____D () C:\Users\Emily
2015-02-06 22:19 - 2011-04-28 20:27 - 01617496 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 22:06 - 2010-07-06 21:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 22:05 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\mozilla firefox
2015-02-06 22:02 - 2010-07-07 19:31 - 00045218 _____ () C:\Windows\PFRO.log
2015-02-06 22:00 - 2014-08-19 19:21 - 00000802 _____ () C:\Windows\Tasks\Security Center Update - 2034009945.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00003110 _____ () C:\Windows\Tasks\630346e9-1d7d-4aa1-b264-7e5276cba78a.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00002082 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5_user.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00002082 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00002066 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-4.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00001582 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-1.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00001360 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-2.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00001284 _____ () C:\Windows\Tasks\4503c635-3e57-4083-ab3f-d96f93597eb9.job
2015-02-06 22:00 - 2014-08-04 10:03 - 00003792 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-11.job
2015-02-06 22:00 - 2014-08-04 10:03 - 00003110 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-3.job
2015-02-06 22:00 - 2014-08-04 10:03 - 00000874 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-06 22:00 - 2014-05-02 15:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-02-06 22:00 - 2013-11-15 18:24 - 00001284 _____ () C:\Windows\Tasks\Plus-HD-1.3-updater.job
2015-02-06 22:00 - 2013-11-15 18:24 - 00001086 _____ () C:\Windows\Tasks\Plus-HD-1.3-enabler.job
2015-02-06 22:00 - 2013-11-15 18:23 - 00001186 _____ () C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2015-02-06 22:00 - 2013-11-15 18:22 - 00001882 _____ () C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2015-02-06 22:00 - 2013-11-15 18:22 - 00001806 _____ () C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
2015-02-06 22:00 - 2013-11-15 18:22 - 00000328 _____ () C:\Windows\Tasks\dsmonitor.job
2015-02-06 22:00 - 2013-09-28 14:20 - 00000908 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2015-02-06 22:00 - 2013-02-02 17:32 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 21:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 21:59 - 2009-07-14 05:39 - 00088866 _____ () C:\Windows\setupact.log
2015-02-06 21:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-06 21:39 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 21:39 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 20:29 - 2010-08-09 13:53 - 00000000 ___HD () C:\Program Files\Temp
==================== Files in the root of some directories =======
2014-08-04 11:14 - 2014-08-04 11:14 - 0000314 _____ () C:\Users\Emily\AppData\Roaming\aps.uninstall.scan.results
2013-09-25 16:37 - 2013-09-25 16:36 - 0030894 _____ () C:\Users\Emily\AppData\Roaming\speedanalysis.ico
2011-06-18 18:20 - 2011-06-18 18:20 - 0018392 _____ () C:\Users\Emily\AppData\Roaming\UserTile.png
2013-09-28 16:08 - 2014-08-22 21:24 - 0000182 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2014-01-03 18:58 - 2014-01-03 18:58 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-09-28 16:08 - 2014-02-01 15:57 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-TTL.DAT
2014-08-04 11:12 - 2014-08-04 11:12 - 0590952 _____ (ClickMeIn Limited) C:\Users\Emily\AppData\Local\nst139B.tmp
2014-08-19 20:10 - 2014-08-19 20:10 - 0007605 _____ () C:\Users\Emily\AppData\Local\Resmon.ResmonCfg
2015-02-06 19:54 - 2015-02-06 19:54 - 0000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:46 - 2015-02-06 19:46 - 0000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}
Some content of TEMP:
====================
C:\Users\Emily\AppData\Local\Temp\ApnStub.exe
C:\Users\Emily\AppData\Local\Temp\BackupSetup.exe
C:\Users\Emily\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Emily\AppData\Local\Temp\dlLogic.exe
C:\Users\Emily\AppData\Local\Temp\dltr.exe
C:\Users\Emily\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Emily\AppData\Local\Temp\GCVerifier.dll
C:\Users\Emily\AppData\Local\Temp\ICReinstall_Setup.exe
C:\Users\Emily\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Emily\AppData\Local\Temp\nsc6C7C.exe
C:\Users\Emily\AppData\Local\Temp\nshD350.exe
C:\Users\Emily\AppData\Local\Temp\nsmCDF2.exe
C:\Users\Emily\AppData\Local\Temp\nsx718C.exe
C:\Users\Emily\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Emily\AppData\Local\Temp\propsys.dll
C:\Users\Emily\AppData\Local\Temp\rmktmps.exe
C:\Users\Emily\AppData\Local\Temp\Setup.exe
C:\Users\Emily\AppData\Local\Temp\Setup_V2.exe
C:\Users\Emily\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Emily\AppData\Local\Temp\UpdateFlashPlayer_3c1d8f9f.exe
C:\Users\Emily\AppData\Local\Temp\verifier.exe
C:\Users\Emily\AppData\Local\Temp\_is2664.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-30 06:23
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015
Ran by Emily at 2015-02-06 22:34:30
Running from C:\Users\Emily\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
337 GAMES (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\337Games) (Version: 1.1.1.0 - ) <==== ATTENTION
77zip (HKLM\...\77zip) (Version: - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
Advanced System Protector (HKLM\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12150 - Systweak Software) <==== ATTENTION
Angry Birds Rio (HKLM\...\{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}) (Version: 1.4.2 - Rovio)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.17.6.0 - Ask.com) <==== ATTENTION
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Bonanza Deals (remove only) (HKLM\...\Bonanza Deals) (Version: 5.0.1.0 - Bonanza Deals) <==== ATTENTION
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browsers Apps (HKLM\...\Browsers Apps) (Version: 1.34.7.29 - app) <==== ATTENTION
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
cosstminn (HKLM\...\{CE681A67-9477-CBE6-EB9D-FE534875F98D}) (Version: 2.0.0.1476 - cosstminn) <==== ATTENTION
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
Delta toolbar (HKLM\...\delta) (Version: 1.8.24.6 - Delta) <==== ATTENTION
Disney Rapunzel (HKLM\...\{AEAEA61F-ECE0-4528-AD7A-8A916F5F576E}) (Version: 1.00.0000 - Disney Interactive Studios)
DriverScanner (HKLM\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.11.2 - Uniblue Systems Ltd)
EG21 Vokabelkartei interaktiv 1 (HKLM\...\{A036DB99-B62F-4110-8D87-9DF0D6DC4022}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
EG21 Vokabelkartei interaktiv 2 (HKLM\...\{D9C1E527-F7B8-4C32-8186-E59DDD38C475}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Euro Truck Simulator 2 (HKLM\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.0.2 - SCS Software)
Fessie 1.01 (HKLM\...\Fessie) (Version: 1.01 - Connecta AG)
Globy (HKLM\...\Globy) (Version: - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HyperBalloidCE (HKLM\...\HyperBalloidCE) (Version: - )
iLivid (HKLM\...\iLivid) (Version: 4.0.0.2466 - Bandoo Media Inc) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java(TM) 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
LEGO Schach (HKLM\...\LegoChessDeInstKey) (Version: - )
Lernspaß 4 (HKLM\...\{F932A61A-4FAD-4390-8163-AB50F5FDE61B}) (Version: 1.00.0000 - Terzio Verlag)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Monster Training Einmaleins (HKLM\...\{5F87EF36-A373-11D5-AA2E-0008C760B784}) (Version: - )
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mysteryville 2 (HKLM\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.2.7 - ) <==== ATTENTION
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
Ottifanten Ostfriesen Lemminge in Not (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Ottifanten Ostfriesen Lemminge in Not) (Version: V1.000000 - )
Pearl Poppers (HKLM\...\Pearl Poppers) (Version: - )
PepperZip 1.0 (HKLM\...\PepperZip) (Version: 1.0 - PepperWare Co.) <==== ATTENTION
Plus-HD-1.3 (HKLM\...\Plus-HD-1.3) (Version: 1.30.153.0 - Plus HD) <==== ATTENTION
PricePeep (HKLM\...\PricePeep) (Version: 2.2.0.4 - betwikx LLC) <==== ATTENTION
ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.5 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
RegULArDeeaals (HKLM\...\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}) (Version: - RegularDealS) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Search Protect (HKLM\...\SearchProtect) (Version: 2.16.20.192 - Client Connect LTD) <==== ATTENTION
Search-Results Toolbar (HKLM\...\ilividtoolbarguid) (Version: 1.0.0.12 - APN LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speed Analysis 2 (HKLM\...\Speed Analysis 2) (Version: 1.0.0.3 - SpeedAnalysis.com) <==== ATTENTION
Supporter 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}) (Version: - Costmin) <==== ATTENTION
SupTab (HKLM\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Great Mahjongg (HKLM\...\The Great Mahjongg) (Version: - )
TV Jukebox 3.0 (HKLM\...\{F3F1D08D-ABEF-4528-8383-54C46369EBB6}) (Version: 3.00.000 - Meta Media Inc)
Update for Zip Extractor (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\DigitalSite) (Version: - ) <==== ATTENTION
Versteckt - Entdeckt! Fantasy (HKLM\...\{FD2A02A5-C285-11DC-AA69-00E07DDCAF19}) (Version: 1.00.0000 - Terzio Verlag)
VirtualDJ Home FREE (HKLM\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
VirtualDJ Toolbar Updater (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.3.42067 - Ask.com) <==== ATTENTION
Vokabelkartei interaktiv À plus! 1 (HKLM\...\{C7BD31A9-B17E-4125-8AE6-217C1FF8BE10}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
webssearches uninstall (HKLM\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WindowsMangerProtect20.0.0.502 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - )
Yontoo 2.04 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.04 - Yontoo LLC) <==== ATTENTION
Zip Extractor Packages (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION
Zula Games (HKLM\...\Zula Games) (Version: 1.0.0.5 - ZulaGames.com)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
19-08-2014 19:55:43 Windows 7 Service Pack 1
22-08-2014 20:54:00 Windows Update
30-08-2014 06:09:18 Windows Update
03-09-2014 19:17:15 Windows Update
05-09-2014 14:04:45 Windows Update
19-09-2014 18:19:09 Windows Update
19-09-2014 22:36:23 Windows Update
04-11-2014 12:39:28 Windows Update
06-02-2015 21:19:14 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {091F344D-E5A6-40D2-B9C6-98AD2E6CDC50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001UA => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0F79F89E-AB7B-4427-A5D0-E526E854BC0E} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28] (BonanzaDeals) <==== ATTENTION
Task: {13807DC3-5338-4132-84C1-05A3EB4BE663} - System32\Tasks\{E0FF7EA4-B9D4-41E6-AD9E-7E276684870D} => Firefox.exe
Task: {1919DD8E-F94C-486F-AC20-F6742C9F48B1} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-08-04] (globalUpdate) <==== ATTENTION
Task: {1AE39EE7-D956-47D8-8B8F-99545773C4EF} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5 => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe [2014-08-04] (app) <==== ATTENTION
Task: {1EA54341-B93F-48CB-B4D7-23B742295B26} - System32\Tasks\4503c635-3e57-4083-ab3f-d96f93597eb9 => C:\Program Files\Browsers Apps\4503c635-3e57-4083-ab3f-d96f93597eb9.exe [2014-08-04] (app) <==== ATTENTION
Task: {2556386A-FF62-4252-89C3-77993D968A45} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {2A766783-D4C0-444E-8728-5117E59D3084} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {31980257-7A9E-4F7B-9C20-994AAD950AC7} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-15] (Plus HD) <==== ATTENTION
Task: {31F7DA48-CCA9-463C-90DC-C85A98190360} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {35B0D312-4D59-4C8C-976E-7C0D5D88EBD0} - System32\Tasks\{1FD47CF6-8F71-479D-99D6-0872FB2552A0} => Firefox.exe
Task: {3EE67D8C-8256-43D8-92E4-B85AEBBA367B} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {40745BDD-34A3-490C-A3F3-F5DCDD570AEE} - System32\Tasks\DigitalSite => C:\Users\Emily\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {48953138-6F84-4657-937E-E7C0BA169CC1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {519CF277-3303-4F04-B973-BE1753D8D53C} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5_user => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe [2014-08-04] (app) <==== ATTENTION
Task: {5362DDBA-8336-41A8-A765-D0A3400AF97A} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-2 => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-2.exe [2014-08-04] (app) <==== ATTENTION
Task: {56EB955E-960D-436E-B20E-E9948070B426} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {733E8250-2532-4C70-A3DF-36E8FC0F1605} - System32\Tasks\{7A1D3718-8647-4D69-A2DC-E4EE9D091E84} => pcalua.exe -a C:\Windows\unin0407.exe -c -f"C:\Program Files\LEGO Media\Games\LEGO Schach\DeIsL1.isu"
Task: {74594B69-0BB8-44EE-B890-2AFA1E305251} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28] (BonanzaDeals) <==== ATTENTION
Task: {78A1D2FF-F98C-4648-B66E-41A929EFAE5C} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-15] (Plus HD) <==== ATTENTION
Task: {9090C07D-BB56-4A88-92F1-C0BCC695987C} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-15] (Plus HD) <==== ATTENTION
Task: {93EB4661-9979-4763-B502-0694248682D0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-08-04] (globalUpdate) <==== ATTENTION
Task: {AD8B97EB-5D18-47A3-9608-AE6F9C54971E} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-4 => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe [2014-08-04] (app) <==== ATTENTION
Task: {AFB3CE8F-EF27-4816-BAC2-B7CDC755D0BB} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-15] (Plus HD) <==== ATTENTION
Task: {B9410FCF-FACF-4ECF-AF3B-F3D70AA17553} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {BABD4B37-739E-42B0-B90E-FA69521B1035} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-15] (Plus HD) <==== ATTENTION
Task: {BBE5EF2B-A1B8-4A66-AEDF-030CEC110FD8} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-11 => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-11.exe [2014-08-04] (app) <==== ATTENTION
Task: {C608BD0D-3ABC-4E57-8A2B-65D8E95EF791} - System32\Tasks\{1FAF4A1B-0C2D-4ABB-812E-78E6585C27EC} => Firefox.exe
Task: {C676B7DD-EFDF-4F04-805D-70D9DF6023B9} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-01] () <==== ATTENTION
Task: {C6E7652E-26B9-4F11-B691-D47C016E3724} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-3 => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-3.exe [2014-08-04] (app) <==== ATTENTION
Task: {D442CA26-6A70-44F9-B2E8-1471DF52FCB6} - System32\Tasks\EPUpdater => C:\Users\Emily\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () <==== ATTENTION
Task: {D57D3D7C-7D67-40C6-A94B-332BCA38E78A} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-1 => C:\Program Files\Browsers Apps\Browsers Apps-codedownloader.exe [2014-08-04] (app) <==== ATTENTION
Task: {D5F6E2C0-B410-40F2-A544-0698068D997D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001Core => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D7E26F09-6232-4118-9E4E-B5DE84C39FA4} - System32\Tasks\630346e9-1d7d-4aa1-b264-7e5276cba78a => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe [2014-08-04] (app) <==== ATTENTION
Task: {E72A77BE-4287-42F5-99C8-E487200CA702} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EAF3D1B9-45CE-4275-8D98-DCDA8F3697FF} - System32\Tasks\dsmonitor => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2013-10-16] (Uniblue Systems Ltd)
Task: {ED4B58D8-34A2-45DB-A477-850F21DCE080} - System32\Tasks\Advanced System Protector_startup => C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe [2013-10-04] (Systweak) <==== ATTENTION
Task: {F5BA07E2-72EE-4258-8F67-2171E541A678} - System32\Tasks\Security Center Update - 2034009945 => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe [2011-11-13] (Meskisift Corporatien) <==== ATTENTION
Task: {FAC5AEDC-E380-4246-8289-273225370801} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-16] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\4503c635-3e57-4083-ab3f-d96f93597eb9.job => C:\Program Files\Browsers Apps\4503c635-3e57-4083-ab3f-d96f93597eb9.exe <==== ATTENTION
Task: C:\Windows\Tasks\630346e9-1d7d-4aa1-b264-7e5276cba78a.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-1.job => C:\Program Files\Browsers Apps\Browsers Apps-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-11.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-2.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-3.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-4.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5_user.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Emily\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001Core.job => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001UA.job => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2034009945.job => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-07-16 18:30 - 2014-07-16 18:31 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2221341230-3600195835-1468495209-500 - Administrator - Disabled)
Emily (S-1-5-21-2221341230-3600195835-1468495209-1001 - Administrator - Enabled) => C:\Users\Emily
Gast (S-1-5-21-2221341230-3600195835-1468495209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2221341230-3600195835-1468495209-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2221341230-3600195835-1468495209-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2015 10:00:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051f45
ID des fehlerhaften Prozesses: 0xb34
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (02/06/2015 10:49:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).
Error: (02/06/2015 10:49:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).
Error: (02/06/2015 09:36:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051f45
ID des fehlerhaften Prozesses: 0xb54
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (02/06/2015 08:07:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051f45
ID des fehlerhaften Prozesses: 0xa74
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (02/06/2015 07:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051f45
ID des fehlerhaften Prozesses: 0xaa4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (02/05/2015 09:10:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051f45
ID des fehlerhaften Prozesses: 0xc94
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (02/05/2015 09:07:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - Wajam; Fehler = 0x8007043c).
Error: (02/05/2015 09:05:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - InetStat; Fehler = 0x8007043c).
Error: (02/05/2015 09:00:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - Ottifanten Ostfriesen Lemminge in Not; Fehler = 0x8007043c).
System errors:
=============
Error: (02/06/2015 10:32:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/06/2015 10:32:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/06/2015 10:32:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/06/2015 10:31:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
Error: (02/06/2015 10:31:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (02/06/2015 10:30:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/06/2015 10:30:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/06/2015 10:30:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/06/2015 10:30:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/06/2015 10:30:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (02/06/2015 10:00:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500051f45b3401d0424fea0dd4a1C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll298ced37-ae43-11e4-9520-00262dc151e5
Error: (02/06/2015 10:49:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c
Error: (02/06/2015 10:49:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c
Error: (02/06/2015 09:36:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500051f45b5401d0424c93b9c23eC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dlld47a3499-ae3f-11e4-a491-e6ac53c89d7f
Error: (02/06/2015 08:07:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500051f45a7401d042401904f7a6C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll5b19cec8-ae33-11e4-b855-d7e86dfa4961
Error: (02/06/2015 07:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500051f45aa401d0423d0ed535a5C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll5d433033-ae30-11e4-9adf-00262dc151e5
Error: (02/05/2015 09:10:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500051f45c9401d0417fc6093671C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll05fa9114-ad73-11e4-83aa-00262dc151e5
Error: (02/05/2015 09:07:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"Revo Uninstaller's restore point - Wajam0x8007043c
Error: (02/05/2015 09:05:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"Revo Uninstaller's restore point - InetStat0x8007043c
Error: (02/05/2015 09:00:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"Revo Uninstaller's restore point - Ottifanten Ostfriesen Lemminge in Not0x8007043c
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 3253.42 MB
Available physical RAM: 1652.7 MB
Total Pagefile: 6505.12 MB
Available Pagefile: 4934.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.17 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:507.88 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:9.61 GB) NTFS
Drive e: (22 Jul 2014) (CDROM) (Total:4.38 GB) (Free:2.51 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-06 22:48:01
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Emily\AppData\Local\Temp\kwdoapod.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13F9 8228F829 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822B4132 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.reloc C:\Windows\system32\drivers\acehlp10.sys section is executable [0x8DD89B80, 0x380E2, 0xE0000060]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1308] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 76FCC0A7 7 Bytes JMP 6AB784D6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1308] kernel32.dll!CloseHandle + 38 76FD05CF 7 Bytes JMP 6AB784F9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1308] kernel32.dll!GetExitCodeProcess + 2C 76FD311D 7 Bytes JMP 6A1F3A32 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1308] USER32.dll!GetWindowInfo 75506A82 5 Bytes JMP 6A91141D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1308] GDI32.dll!GetViewportOrgEx + 21C 76CE85EB 7 Bytes JMP 6AB78457 C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
Device \Driver\iaStor \Device\Ide\iaStor0 [8B090600] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {JMP 0xf5b0675a}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B090600] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {JMP 0xf5b0675a}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B090600] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {JMP 0xf5b0675a}
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Files - GMER 2.1 ----
File C:\Windows\system32\drivers\iaStor.sys suspicious modification
---- EOF - GMER 2.1 ----
Vielen dank für die Mühe LG Nailimixam |
|
07.02.2015, 01:02
| #2 |
| /// Malwareteam   |  Win 7: Schwarzbildschirm nach Start des Computers Hallo Nailimixam,
__________________ mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:  Regeln zum Ablauf der Bereinigung
Hinweis
 Dann fangen wir mal an . Ich hab das jetzt so verstanden, dass du nicht im normalen Modus arbeiten kannst. Wenn das so ist, führe bitte die nächsten Schritte im Abgesicherten Modus mit Netzwerktreibern aus.Schritt 1 Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
Schritt 2 Scan mit Combofix
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Geändert von sunjojo (07.02.2015 um 01:30 Uhr) |
|
07.02.2015, 13:19
| #3 |
| | Win 7: Schwarzbildschirm nach Start des Computers Hallo Jonas,
__________________Hab nun beides ausgeführt, beim ersten Programm (Emsisoft MBR Master) kam jedoch beim Ausführen des Programmes folgende Fehlermeldung: Could not create driver service (Error code:1073) Hier ist das Logfile von Combofix (1/2): Code:
ATTFilter ComboFix 15-02-02.01 - Emily 07.02.2015 11:38:28.1.4 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3253.2144 [GMT 1:00]
ausgeführt von:: c:\users\Emily\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\NewPlayer
c:\program files\NewPlayer\AddOn\ChromeAddon\contentscript.js
c:\program files\NewPlayer\AddOn\ChromeAddon\manifest.json
c:\program files\NewPlayer\AddOn\ChromeAddon\script.js
c:\program files\NewPlayer\AddOn\Thumbs.db
c:\program files\NewPlayer\AddonNP.exe
c:\program files\NewPlayer\dotNetFx40_Full_setup.exe
c:\program files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\contentscript.js
c:\program files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json
c:\program files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js
c:\program files\NewPlayer\FrameworkControl.exe
c:\program files\NewPlayer\icon.ico
c:\program files\NewPlayer\jid1-tce47bzfSrBDXQ@jetpack.xpi
c:\program files\NewPlayer\Languages\Arabic.ini
c:\program files\NewPlayer\Languages\Bulgarian.ini
c:\program files\NewPlayer\Languages\Catalan.ini
c:\program files\NewPlayer\Languages\ChineseS.ini
c:\program files\NewPlayer\Languages\ChineseT.ini
c:\program files\NewPlayer\Languages\Czech.ini
c:\program files\NewPlayer\Languages\Danish.ini
c:\program files\NewPlayer\Languages\Dutch.ini
c:\program files\NewPlayer\Languages\English.ini
c:\program files\NewPlayer\Languages\Estonian.ini
c:\program files\NewPlayer\Languages\Finnish.ini
c:\program files\NewPlayer\Languages\French.ini
c:\program files\NewPlayer\Languages\German.ini
c:\program files\NewPlayer\Languages\Greek.ini
c:\program files\NewPlayer\Languages\HaitianCreole.ini
c:\program files\NewPlayer\Languages\Hebrew.ini
c:\program files\NewPlayer\Languages\Hindi.ini
c:\program files\NewPlayer\Languages\Hungarian.ini
c:\program files\NewPlayer\Languages\Indonesian.ini
c:\program files\NewPlayer\Languages\Italian.ini
c:\program files\NewPlayer\Languages\Japanese.ini
c:\program files\NewPlayer\Languages\Korean.ini
c:\program files\NewPlayer\Languages\Latvian.ini
c:\program files\NewPlayer\Languages\Lithuanian.ini
c:\program files\NewPlayer\Languages\Norwegian.ini
c:\program files\NewPlayer\Languages\Polish.ini
c:\program files\NewPlayer\Languages\Portuguese.ini
c:\program files\NewPlayer\Languages\Romanian.ini
c:\program files\NewPlayer\Languages\Russian.ini
c:\program files\NewPlayer\Languages\Slovak.ini
c:\program files\NewPlayer\Languages\Slovenian.ini
c:\program files\NewPlayer\Languages\Spanish.ini
c:\program files\NewPlayer\Languages\Swedish.ini
c:\program files\NewPlayer\Languages\Thai.ini
c:\program files\NewPlayer\Languages\Turkish.ini
c:\program files\NewPlayer\Languages\Ukrainian.ini
c:\program files\NewPlayer\Languages\Vietnamese.ini
c:\program files\NewPlayer\LTV2.exe
c:\program files\NewPlayer\NewPlayer.uidnum
c:\program files\NewPlayer\NewPlayerUpdate.xml
c:\program files\NewPlayer\Newtonsoft.Json.dll
c:\program files\NewPlayer\NewVideoPlayer.exe
c:\program files\NewPlayer\NewVideoPlayerUpdater.exe
c:\program files\NewPlayer\NewVideoPlayerUpdaterService.exe
c:\program files\NewPlayer\NewVideoPlayerUpdaterService.InstallLog
c:\program files\NewPlayer\NewVideoPlayerUpdaterService.InstallState
c:\program files\NewPlayer\PhotoLoader.dll
c:\program files\NewPlayer\policy.2.0.taglib-sharp.config
c:\program files\NewPlayer\policy.2.0.taglib-sharp.dll
c:\program files\NewPlayer\references\extaudio.png
c:\program files\NewPlayer\references\extvideo.png
c:\program files\NewPlayer\references\ffmpeg.exe
c:\program files\NewPlayer\references\folder.png
c:\program files\NewPlayer\references\Interop.SHDocVw.dll
c:\program files\NewPlayer\references\libreria.png
c:\program files\NewPlayer\references\NDde.dll
c:\program files\NewPlayer\references\NewPlayerChecker.exe
c:\program files\NewPlayer\references\Newtonsoft.Json.dll
c:\program files\NewPlayer\references\PhotoLoader.dll
c:\program files\NewPlayer\references\policy.2.0.taglib-sharp.config
c:\program files\NewPlayer\references\policy.2.0.taglib-sharp.dll
c:\program files\NewPlayer\references\taglib-sharp.dll
c:\program files\NewPlayer\references\Thumbs.db
c:\program files\NewPlayer\taglib-sharp.dll
c:\program files\NewPlayer\uninstall.exe
c:\program files\NewPlayer\uninstall.log
c:\program files\NewPlayer\UninstallAddons.exe
c:\program files\NewPlayer\Windows\icon-play.ico
c:\program files\NewPlayer\Windows\ifishplayer-icon.ico
c:\program files\NewPlayer\Windows\Thumbs.db
c:\program files\PricePeep
c:\program files\PricePeep\installer.ico
c:\program files\PricePeep\prICepeep.dll
c:\program files\PricePeep\uninstall.exe
c:\program files\PricePeep\unutil.exe
c:\program files\Probit Software\Easy Speed PC
c:\program files\Probit Software\Easy Speed PC\ESPCSmartScan.exe
c:\program files\Search Results Toolbar\Datamngr
c:\program files\Search Results Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Search Results Toolbar\Datamngr\datamngr.dll
c:\program files\Search Results Toolbar\Datamngr\datamngrUI.exe
c:\program files\Search Results Toolbar\Datamngr\DnsBHO.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF16.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF17.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF18.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\RequestPreserver.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Search Results Toolbar\Datamngr\IEBHO.dll
c:\program files\Search Results Toolbar\Datamngr\installhelper.dll
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\as_guid.dat
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\custom.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\about.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\custom.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpanel.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpanelwin.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxprefwin.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxwin.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\external.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\neterror.xhtml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsspreview.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsswin.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsswin.xsl
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\wmpstreamer.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules\datastore.jsm
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules\nsDragAndDrop.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\neterror.xhtml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\preferences.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\template.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\toolbar.htm
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\toolbar.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\vmncode.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\vmnrsswin.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_icon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconFF.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressed.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressedFF.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_pref_icon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs\tb_thumb_icon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsw
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsww
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-buffering.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-connecting.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-ico.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-playing.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-stopped.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.ico
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\tb_icon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\widget.jsw
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\widget.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search\engines.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search\search.xsl
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\weather\icons.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\lib\en.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\locale.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\de.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\en.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\es.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\fr.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\it.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\blip.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\bluelite.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\bluesky.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-search-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-search.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-settings-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-settings.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-widgets-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-widgets.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn_settings.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\custom.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\dailymotion.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\divider.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\ebay.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\facebook.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\find-videos.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\grey.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\icon_games.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\images.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\add.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\alexabutton.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\aol.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-dn.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-right.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-up.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-divider.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-end.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-start.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-end.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-start.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\blank.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn-widgets-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn-widgets.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn_slider.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnback-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnback-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnleft-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnright-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnright-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\checkmark.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\chevron.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\collapse.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar\debug.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\dtx-test.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\dtx.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\edit-back-hot.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\edit-back.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\expand.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\found.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\gmail.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_blue.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_cyan.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_lime.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_magenta.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_yellow.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\hotmail.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\imap.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\launchers.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\loadingMid.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\lock.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\logo-separator.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\mailcom.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_bg-basic.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_separator_bar.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_separator_white.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitem-splitter.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemback-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemright-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\minus.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\modify.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\move.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\movetarget.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\panels.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\default.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\main.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\main.html.bak
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts\defscript.js.bak
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\footer.htm
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gameData.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gameList.xsl
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gametype.xsl
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\throbber.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\initHTML.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupGames.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupHTML.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\scroll.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\plus.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\pop.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\radio.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\reload.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\remove.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rename.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\resize-box.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rss.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rsschannelback.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\RSSLogo.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rsstabdivider.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\scroll-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\scroll-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\search-go.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\search.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\separator.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\text-ellipsis.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\throbber.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\transparent_1px.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_02.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_03.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_04.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_06.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_07.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_08.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_09.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_10.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_11.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_12.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_13.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_14.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_15.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_16.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_18.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_19.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_20.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_21.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\close-hot.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\close-normal.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\paneltemplate.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\proxy.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.html.bak
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\templateFF.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\throbber.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\yahoo.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lichen.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-about.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-separator.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\menuseparatorback.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\metacafe.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modify-save.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modify.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modifyhot.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\namespacetoolbar.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options-search.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-main.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-search.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-weather.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-weather.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-widgets.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\orange.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\search-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\search_icon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\setting_stb_16x.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings_stb_19x.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings_stb_19x_over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-bluelite.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-bluesky.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-grey.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-lichen.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-orange.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-yellow.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\sv.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\throbber.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\toolbarsplitter.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\TRUSTe_about.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\tv.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\twitter.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\veoh.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\video.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\vimeo.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\vmn.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\web.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\websearch.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\yellow.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\youtube.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\components\windowmediator.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\install.ico
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\manifest.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultstb.dll
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\uninstall.exe
c:\program files\SearchProtect
c:\program files\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\bin\uninstall.exe
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files\SearchProtect\UI\bin\cltmngui.exe
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\program files\Speed Analysis 2\ScRIpthost.dll
c:\program files\SupTab\SuPTab.dll
c:\program files\Zula Games\ScRIpthost.dll
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\background.html
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\crossriderManifest.json
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\manifest.xml
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins.json
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\1_base.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\102_dealply_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\103_intext_5_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\105_corticas_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\108_icm_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\119_similar_web_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\120_luck_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\138_getdeal_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\17_jQuery.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\21_debug.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\22_resources.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\28_initializer.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\47_resources_background.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\64_appApiMessage.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\7_hooks.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\72_appApiValidation.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\userCode\background.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\userCode\extension.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\actions\1.png
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon128.png
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon16.png
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon48.png
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\chrome.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\cookie.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\message.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\pageAction.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\pageActionBG.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\background.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\app_api.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\bg_app_api.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\consts.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\cookie_store.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\crossriderAPI.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\delegate.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\events.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\extensionDataStore.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\installer.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\logFile.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\logging.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\onBGDocumentLoad.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\popupResource\newPopup.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\popupResource\popup.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\reports.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\storageWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\updateManager.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\util.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\xhr.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\main.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\manifest.json
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\popup.html
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\background.html
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\crossriderManifest.json
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\manifest.xml
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins.json
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\1_base.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\102_dealply_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\103_intext_5_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\105_corticas_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\108_icm_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\119_similar_web_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\120_luck_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\138_getdeal_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\17_jQuery.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\21_debug.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\22_resources.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\28_initializer.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\47_resources_background.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\64_appApiMessage.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\7_hooks.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\72_appApiValidation.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\93_superfish_no_coupons_m.js
LG Nailimixam |
|
07.02.2015, 13:20
| #4 |
| | Win 7: Schwarzbildschirm nach Start des Computers Und hier Teil (2/2): Code:
ATTFilter c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\userCode\background.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\userCode\extension.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\actions\1.png
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon128.png
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon16.png
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon48.png
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\chrome.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\cookie.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\message.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\pageAction.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\pageActionBG.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\background.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\app_api.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\bg_app_api.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\consts.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\cookie_store.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\crossriderAPI.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\delegate.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\events.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\extensionDataStore.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\installer.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\logFile.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\logging.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\onBGDocumentLoad.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\popupResource\newPopup.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\popupResource\popup.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\reports.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\storageWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\updateManager.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\util.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\xhr.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\main.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\manifest.json
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\popup.html
c:\users\Emily\AppData\Local\newplayer
c:\users\Emily\AppData\Local\newplayer\config\config.ini
c:\users\Emily\AppData\Local\newplayer\log.txt
c:\users\Emily\AppData\Local\nst139B.tmp
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Roaming\.#
c:\users\Emily\AppData\Roaming\.#\MBX@12EC@1A02740.###
c:\users\Emily\AppData\Roaming\.#\MBX@12EC@1A02770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1368@1472740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1368@1472770.###
c:\users\Emily\AppData\Roaming\.#\MBX@15B4@1F2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@15B4@1F2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1730@1452740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1730@1452770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1850@15F2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1850@15F2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1954@1562740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1954@1562770.###
c:\users\Emily\AppData\Roaming\.#\MBX@19C0@1AA2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@19C0@1AA2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1BE4@15B2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1BE4@15B2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1C00@15E2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1C00@15E2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1DF8@15B2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1DF8@15B2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1E14@6B2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1E14@6B2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@2048@362740.###
c:\users\Emily\AppData\Roaming\.#\MBX@2048@362770.###
c:\users\Emily\AppData\Roaming\.#\MBX@244@1372740.###
c:\users\Emily\AppData\Roaming\.#\MBX@244@1372770.###
c:\users\Emily\AppData\Roaming\.#\MBX@300@1422740.###
c:\users\Emily\AppData\Roaming\.#\MBX@300@1422770.###
c:\users\Emily\AppData\Roaming\.#\MBX@C84@15C2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@C84@15C2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@DCC@1352740.###
c:\users\Emily\AppData\Roaming\.#\MBX@DCC@1352770.###
c:\users\Emily\AppData\Roaming\.#\MBX@F40@15A2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@F40@15A2770.###
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome.manifest
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\asyncDB.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\background.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\browserAction.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\contextMenu.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\dbManager.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\dom_bg.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\fileManager.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefox.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefoxNotifications.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefoxOmnibox.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\message.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\pageAction.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\request.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\tabs.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\webRequest.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\background.html
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\baseObject.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\browser.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\console.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\consts.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\delegate.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\extensionDataStore.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\folderIOWrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\httpObserver.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\IDBWrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\installer.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\logFile.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\prefs.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\progressListenerObserver.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\registry.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\reloadObserver.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\reports.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\requestObject.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\searchSettings.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\uninstallObserver.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\updateManager.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\utils.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\xhr.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\dialog.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\main.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\options.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\options.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\search_dialog.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\defaults\preferences\prefs.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\manifest.xml
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins.json
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\1_base.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\102_dealply_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\103_intext_5_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\105_corticas_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\108_icm_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\119_similar_web_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\120_luck_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\138_getdeal_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\17_jQuery.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\182_openUrl.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\207_dbWrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\21_debug.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\22_resources.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\220_icm_base_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\221_icm_downloads_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\223_imonomy_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\226_set_campaign_id_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\242_price_gong_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\244_engageya_inner_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\246_setup.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\259_bpo_intext_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\260_pricedetect_sidebar_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\263_intext_5_j_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\268_stats_ff.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\273_aedgency_back_button_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\28_initializer.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\281_ibario_tier3_pops_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\286_sp_j_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\288_firstoffer_pricecomp_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\289_covus_logos_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\291_adoptmedia_search_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\47_resources_background.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\64_appApiMessage.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\7_hooks.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\72_appApiValidation.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\98_omniCommands.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode\background.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode\extension.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\install.rdf
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\locale\en-US\translations.dtd
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button1.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button2.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button3.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button4.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button5.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\crossrider_statusbar.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon128.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon16.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon24.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon48.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\panelarrow-up.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\popup.html
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\skin.css
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\update.css
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome.manifest
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\0b0a59f39b765121d2b23d64d252bcf2.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\2218b5de6255590a4a32f9e94dd6a73b.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\2903aebc53ea517db5dc56379c779ac4.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\603b6d3bc1e1cff627631a00cfa3147a.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\02e8d1df80b3580e405e62010962d48b.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\124385b4bf747e83b8d14910f3cb861e.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\18c8143dab5003d5845692d8f860d881.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\20eea9e77a78002ca5bf30a7ca2a70e9.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\23a823d86034424ad35a5cea55c466bf.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\42d82983cc53f17c8598ef4a8de3d5ac.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\63ed2512d397f14c32d3789405307ca1.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\7caab01950356b7ec2e5b4a49238ef81.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\9042f75fc2248a02a06c3bdf0136b68a.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\95976b559db28701c4a68a7bd1073ef3.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\975e57179636e8369b9f992a284bd63b.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\a0978c5425665714001beca8c7523f98.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\a6a82c5fe0578f52a21e15ead189e7d4.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\d565c250a32bc2c2176ded7eeb6f2e0d.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\dcc25e9a5d0da6c8dea4a2b72695c519.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\dcd0a40afe8ce8dabd67fe0c2a918154.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\background.html
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\browser.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\262232c13d2781fc0c2da4443f106fd5.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\3f1151138a3e7e2383ee4b355dc75eed.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\40e6bcaca0d1b8e73651118685171e74.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\40fc532203773e9700ec55fa91607318.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\4495fc266ac5da62a748c79e37105e9a.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\44b064388f283ee9c5cef467a1f90218.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\508a3eb0bf731d29cd83240c9c6b2cf9.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\6574332410eff9b57f1742db5fc3288e.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\8881fa3c7fb5d5e2070b1bcd4a4beedf.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\8b9f5f3ce1e0787f14bbaed8a2a58e3b.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\92c94d8ed08695ae5b69ad27f590a2df.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\9f18c42aca5631830bdc1758489dc2ee.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\9f6152d7ab4ef7950510f8ff29c2d677.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\a7f1f112add366215e1adb5ef9ad4eb7.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\c5b60ac3faf3b03140c1d485763fced8.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\cdb43505c47a821aa1aaccdb17f9c1dc.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\dca2f50f4c2bee5cb63c8c6851b81cf3.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\dd6b04a3e4fe2e2e8e20fdd5c6be1112.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\edc5aed56c9870dc248af1c6d5e77354.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\f2ba9e82a88949fb1b50283d6d1f6f5c.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\installer.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\dialog.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\f2b6287dd26a44972fe0ff0917cb413b.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\fab77e07a68a42f81e40cbad2abe2063.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\options.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\options.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\search_dialog.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\defaults\preferences\prefs.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\manifest.xml
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins.json
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\1.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\102.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\104.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\13.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\14.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\16.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\17.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\177.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\180.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\182.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\183.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\184.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\190.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\191.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\192.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\195.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\207.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\21.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\22.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\220.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\221.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\223.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\226.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\233.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\242.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\246.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\260.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\262.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\263.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\268.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\273.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\275.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\28.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\281.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\289.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\354.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\4.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\47.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\64.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\7.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\72.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\78.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\9.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\91.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\93.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\98.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\userCode\background.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\userCode\extension.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\install.rdf
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\locale\en-US\translations.dtd
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button1.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button2.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button3.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button4.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button5.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\crossrider_statusbar.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon128.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon16.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon24.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon48.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\panelarrow-up.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\popup.html
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\skin.css
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\update.css
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com\bootstrap.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com\chrome.manifest
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com\content\bg.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com\install.rdf
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com\bootstrap.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com\chrome.manifest
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com\content\bg.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com\install.rdf
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Public\sdelevURL.tmp
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\windows\msdownld.tmp
c:\windows\system32\AF15BDAEX.dll
c:\windows\Tasks\Security Center Update - 2034009945.job
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_40030ae4
-------\Service_CltMngSvc
-------\Service_globalUpdate
-------\Service_NewVideoPlayerUpdaterService
-------\Service_NewVideoPlayerUpdaterService
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-07 bis 2015-02-07 ))))))))))))))))))))))))))))))
.
.
2015-02-07 10:49 . 2015-02-07 11:00 -------- d-----w- c:\users\Emily\AppData\Local\temp
2015-02-07 10:49 . 2015-02-07 10:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-07 10:49 . 2015-02-07 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-07 10:29 . 2015-02-07 11:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF2462D5-EE7F-4FE7-B113-BAFF48BA7ED5}\offreg.dll
2015-02-06 21:33 . 2015-02-06 21:34 -------- d-----w- C:\FRST
2015-02-06 21:20 . 2014-12-15 03:13 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF2462D5-EE7F-4FE7-B113-BAFF48BA7ED5}\mpengine.dll
2015-02-06 21:01 . 2015-02-06 21:01 -------- d-----w- c:\program files\WaIntEnhance
2015-02-06 20:19 . 2015-02-06 21:58 -------- d-----w- C:\689882de6eaabdefc8
2015-02-06 19:07 . 2015-02-06 19:07 -------- d-----w- c:\programdata\Systweak
2015-02-06 18:59 . 2015-02-06 21:05 -------- d-----w- c:\users\Emily\AppData\Local\ElevatedDiagnostics
2015-02-06 18:51 . 2015-02-06 18:51 -------- d-----w- C:\found.000
2015-02-06 18:45 . 2015-02-06 18:45 -------- d-----w- c:\users\Emily\AppData\Local\SearchProtect
2015-02-05 18:40 . 2015-02-05 18:40 -------- d-----w- c:\program files\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-04-01 1527432]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A63F6A27-6960-FFE7-5313-A90C10BAD43D}]
2014-08-19 18:32 555008 ----a-w- c:\programdata\RegULArDeeaals\2Ki.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{F0957C89-1479-61BB-1BCF-C64ED7C8EDC8}]
2013-08-12 09:57 332800 ----a-w- c:\program files\cosstminn\Znza9uVUEX.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
"Yontoo Desktop"="c:\users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-02-02 42784]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"AqjiJzed"="c:\programdata\AqjiJzed\AqjiJzed.dat" [2014-08-19 276480]
"Agenlywuybugfyv"="c:\users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe" [2011-11-13 309950]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-02 9222760]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-02 1481320]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 170520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-28 77824]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-04-01 1719944]
"MRT"="c:\windows\system32\MRT.exe" [2014-08-15 96303304]
"tvjbmonitor"="c:\program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 53248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-08-22 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 cbbjpzjo;cbbjpzjo;c:\windows\system32\drivers\cbbjpzjo.sys [x]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
R2 bonanzadealslive;BonanzaDealsLive-Dienst (bonanzadealslive);c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28 148976]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe [2014-06-12 761968]
R2 scores;scores;c:\windows\score.exe [2014-07-30 4816384]
R2 servervo;VO Service component;c:\users\Emily\AppData\Roaming\VOPackage\VOsrv.exe [2014-08-04 73728]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-10 2320920]
R2 Wpm;Wpm Service;c:\programdata\WPM\wprotectmanager.exe [2014-06-11 540304]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\Yontoo\Y2Desktop.Updater.exe [2013-02-14 23552]
R3 a2dda;Emsisoft Direct Disk Access support driver;c:\users\Emily\Desktop\MBRMastr.sys [2015-02-07 17904]
R3 bonanzadealslivem;BonanzaDealsLive-Dienst (bonanzadealslivem);c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28 148976]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-08-04 68608]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 246272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys [x]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-26 19656]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-06 c:\windows\Tasks\4503c635-3e57-4083-ab3f-d96f93597eb9.job
- c:\program files\Browsers Apps\4503c635-3e57-4083-ab3f-d96f93597eb9.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\630346e9-1d7d-4aa1-b264-7e5276cba78a.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-1.job
- c:\program files\Browsers Apps\Browsers Apps-codedownloader.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-11.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-11.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-2.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-2.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-3.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-3.exe [2014-08-04 09:03]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-4.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5_user.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe [2014-08-04 09:04]
.
2014-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-07 13:23]
.
2015-02-06 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
- c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28 13:19]
.
2014-08-22 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
- c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28 13:19]
.
2015-02-06 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-11-15 14:03]
.
2015-02-06 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-08-04 09:03]
.
2014-08-15 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-08-04 09:03]
.
2015-02-06 c:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job
- c:\program files\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-15 17:22]
.
2015-02-06 c:\windows\Tasks\Plus-HD-1.3-codedownloader.job
- c:\program files\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-15 17:22]
.
2015-02-06 c:\windows\Tasks\Plus-HD-1.3-enabler.job
- c:\program files\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-15 17:24]
.
2015-02-06 c:\windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
- c:\program files\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-15 17:22]
.
2015-02-06 c:\windows\Tasks\Plus-HD-1.3-updater.job
- c:\program files\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-15 17:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
uDefault_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402691963&from=wpm0612&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
mStart Page = hxxp://websearch.calcitapp.info/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
HKLM-Run-DATAMNGR - c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM-Run-fst_de_122 - (no file)
SafeBoot-BsScanner
AddRemove-ilividtoolbarguid - c:\progra~1\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-LegoChessDeInstKey - c:\windows\unin0407.exe
AddRemove-NewPlayer - c:\program files\NewPlayer\uninstall.exe
AddRemove-PricePeep - c:\program files\PricePeep\uninstall.exe
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
AddRemove-zulagames - c:\program files\ZulaGames\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{F34C9277-6577-4DFF-B2D7-7D58092F272F}"=hex:51,66,7a,6c,4c,1d,38,12,19,91,5f,
f7,45,2b,91,08,cd,c1,3e,18,0c,71,63,3b
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,
86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DBB6CE-3148-4FEC-B481-103CB3290427}"=hex:51,66,7a,6c,4c,1d,38,12,a0,b5,c8,
1c,7a,7f,82,0a,cb,97,53,7c,b6,77,40,33
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,38,12,85,b5,89,
a4,87,7f,22,00,e8,fa,d8,69,48,cc,aa,3e
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{A9337080-7CBF-4E3E-80C1-3867BEDD88E0}"=hex:51,66,7a,6c,4c,1d,38,12,ee,73,20,
ad,8d,32,50,0b,ff,d7,7b,27,bb,83,cc,f4
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,
c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93
"{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}"=hex:51,66,7a,6c,4c,1d,38,12,ce,9e,fe,
c5,e2,e1,fe,0e,d3,7c,90,c7,4a,07,54,00
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FC872B94-35E3-4B94-B028-184A2A1C7CCE}"=hex:51,66,7a,6c,4c,1d,38,12,fa,28,94,
f8,d1,7b,fa,0e,cf,3e,5b,0a,2f,42,38,da
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FE063412-BEA4-4D76-8ED3-183BE6220D17}"=hex:51,66,7a,6c,4c,1d,38,12,7c,37,15,
fa,96,f0,18,08,f1,c5,5b,7b,e3,7c,49,03
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:99,a0,9f,b3,c0,db,ce,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\conhost.exe
c:\windows\System32\WerFault.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-07 12:03:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-02-07 11:03
.
Vor Suchlauf: 11 Verzeichnis(se), 555.123.208.192 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 556.189.954.048 Bytes frei
.
- - End Of File - - 76C000B36A19DE35E11E0008CBB76728
7827CE22D5B6A2E3FA5111270DD20242
LG Nailimixam |
|
07.02.2015, 18:09
| #5 |
| /// Malwareteam | Win 7: Schwarzbildschirm nach Start des Computers Alles klar, das gefällt mir aber noch nicht. Wir bleiben mal im Abgesicherten Modus mit Netzwerktreibern. Schritt 1 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
07.02.2015, 21:15
| #6 |
| | Win 7: Schwarzbildschirm nach Start des Computers Hey Jonas, Hier die beiden Files: mbarlog.txt: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.02.07.06
rootkit: v2015.02.03.01
Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Emily :: EMILY-PC [administrator]
07.02.2015 17:29:45
mbar-log-2015-02-07 (17-29-45).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 417517
Time elapsed: 9 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Delete on reboot. [396972a959317abc9656d731fd0627d9]
HKLM\SOFTWARE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Delete on reboot. [c9d9ab70b7d3b48220ccb355cf34cd33]
HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} (Adware.Agent) -> Delete on reboot. [c9d9ab70b7d3b48220ccb355cf34cd33]
HKLM\SOFTWARE\FREESOFTTODAY (Adware.EoRezo) -> Delete on reboot. [cbd744d7c3c7a69073ce7873dc28d030]
Registry Values Detected: 2
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AqjiJzed (Trojan.FakeMS) -> Data: regsvr32.exe "C:\ProgramData\AqjiJzed\AqjiJzed.dat" -> Delete on reboot. [aef479a23f4b989eeec9c00ab34e53ad]
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Agenlywuybugfyv (Trojan.Zbot.gen) -> Data: C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe -> Delete on reboot. [f6ac76a5e6a4181e8c8a5e5a15ec5da3]
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\ProgramData\AqjiJzed\AqjiJzed.dat (Trojan.FakeMS) -> Delete on reboot. [aef479a23f4b989eeec9c00ab34e53ad]
C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe (Trojan.Zbot.gen) -> Delete on reboot. [f6ac76a5e6a4181e8c8a5e5a15ec5da3]
C:\ProgramData\Windows Genuine Advantage\{265FA7A8-A63B-4E13-90E5-A3D3167F2E5D}\msiexec.exe (Trojan.Zbot.CXgen) -> Delete on reboot. [5b4704179af0d2644981959b17ea827e]
C:\Program Files\Supporter\Supporter.dll (Trojan.SProtector) -> Delete on reboot. [ebb778a36b1fed49704e9fe1f30e50b0]
C:\Program Files\Supporter\SupporterSvc.dll (Trojan.SProtector) -> Delete on reboot. [386af02b6c1e59dd9f20fe8246bb0bf5]
Physical Sectors Detected: 2
Physical Sector #2048 on Drive #0 (Rootkit.Cidox.J.VBR) -> Replace on reboot. [2f5632743afcba29dc12fb38883fec71]
Physical Sector #1 on Drive #0 (Forged physical sector) -> Replace on reboot. [4e8e7ed0b44fc2d63ed5c747a14d4a9e]
(end)
Code:
ATTFilter 19:09:35.0984 0x06d8 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:40:04.0953 0x06d8 ============================================================
19:40:04.0953 0x06d8 Current date / time: 2015/02/07 19:40:04.0953
19:40:04.0953 0x06d8 SystemInfo:
19:40:04.0953 0x06d8
19:40:04.0953 0x06d8 OS Version: 6.1.7600 ServicePack: 0.0
19:40:04.0953 0x06d8 Product type: Workstation
19:40:04.0953 0x06d8 ComputerName: EMILY-PC
19:40:04.0953 0x06d8 UserName: Emily
19:40:04.0953 0x06d8 Windows directory: C:\Windows
19:40:04.0953 0x06d8 System windows directory: C:\Windows
19:40:04.0953 0x06d8 Processor architecture: Intel x86
19:40:04.0953 0x06d8 Number of processors: 4
19:40:04.0953 0x06d8 Page size: 0x1000
19:40:04.0953 0x06d8 Boot type: Safe boot with network
19:40:04.0953 0x06d8 ============================================================
19:40:05.0062 0x06d8 KLMD registered as C:\Windows\system32\drivers\83944428.sys
19:40:05.0296 0x06d8 System UUID: {A5A33EEB-B2CB-5FA0-D186-0774426E6CED}
19:40:05.0951 0x06d8 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:40:05.0951 0x06d8 ============================================================
19:40:05.0951 0x06d8 \Device\Harddisk0\DR0:
19:40:05.0951 0x06d8 MBR partitions:
19:40:05.0951 0x06d8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:40:05.0951 0x06d8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x46A24000
19:40:05.0951 0x06d8 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x46A56800, BlocksNum 0x3C00000
19:40:05.0951 0x06d8 ============================================================
19:40:05.0982 0x06d8 C: <-> \Device\Harddisk0\DR0\Partition2
19:40:06.0029 0x06d8 D: <-> \Device\Harddisk0\DR0\Partition3
19:40:06.0029 0x06d8 ============================================================
19:40:06.0029 0x06d8 Initialize success
19:40:06.0029 0x06d8 ============================================================
19:40:11.0598 0x058c ============================================================
19:40:11.0598 0x058c Scan started
19:40:11.0598 0x058c Mode: Manual;
19:40:11.0598 0x058c ============================================================
19:40:11.0598 0x058c KSN ping started
19:40:21.0489 0x058c KSN ping finished: true
19:40:22.0627 0x058c ================ Scan system memory ========================
19:40:22.0627 0x058c System memory - ok
19:40:22.0627 0x058c ================ Scan services =============================
19:40:22.0877 0x058c [ D01E0B1CEF9EE82100C2BB07294880EF, 335817C019E2A214EE3185ED9AFCCF323062D1CF2A0C32A114DD5D83B2FF9132 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:40:22.0893 0x058c 1394ohci - ok
19:40:23.0002 0x058c a2dda - ok
19:40:23.0095 0x058c [ 0059FF74927A27395C5E190F9AA392DF, CAB034EA66AAC5705F9F3029B67A4C1E2CF3A6EBCCABB2C3A8FE8CD39CD7008C ] acedrv10 C:\Windows\system32\drivers\acedrv10.sys
19:40:23.0111 0x058c acedrv10 - ok
19:40:23.0189 0x058c [ 6625A32AD17A3FA6C7F405AEAC945AA7, 9B9BFAE7586CD2601DE2AD77560B1345E8628B8E9A90CADBE134534EBAAF829F ] acehlp10 C:\Windows\system32\drivers\acehlp10.sys
19:40:23.0189 0x058c acehlp10 - ok
19:40:23.0251 0x058c [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:40:23.0267 0x058c ACPI - ok
19:40:23.0345 0x058c [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:40:23.0345 0x058c AcpiPmi - ok
19:40:23.0485 0x058c [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:40:23.0485 0x058c AdobeFlashPlayerUpdateSvc - ok
19:40:23.0579 0x058c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:40:23.0595 0x058c adp94xx - ok
19:40:23.0641 0x058c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:40:23.0657 0x058c adpahci - ok
19:40:23.0704 0x058c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:40:23.0704 0x058c adpu320 - ok
19:40:23.0751 0x058c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:40:23.0751 0x058c AeLookupSvc - ok
19:40:23.0844 0x058c [ 25E12313338E476293178BCAE4D6F4E2, 189E83A57C46603ED7CDEDBA56D3FDD6645A64CD490141E75266DE7D10A50CFE ] AF15BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
19:40:23.0844 0x058c AF15BDA - ok
19:40:23.0907 0x058c [ 0DB7A48388D54D154EBEC120461A0FCD, 567B65F96ADE0E8252B7D8CE7F254CB8054C3AE4BC3577C394EFDEF8D8A61427 ] AFD C:\Windows\system32\drivers\afd.sys
19:40:23.0922 0x058c AFD - ok
19:40:23.0953 0x058c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:40:23.0953 0x058c agp440 - ok
19:40:24.0031 0x058c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:40:24.0031 0x058c aic78xx - ok
19:40:24.0078 0x058c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
19:40:24.0078 0x058c ALG - ok
19:40:24.0156 0x058c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:40:24.0156 0x058c aliide - ok
19:40:24.0187 0x058c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
19:40:24.0203 0x058c amdagp - ok
19:40:24.0250 0x058c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:40:24.0250 0x058c amdide - ok
19:40:24.0312 0x058c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:40:24.0312 0x058c AmdK8 - ok
19:40:24.0328 0x058c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:40:24.0328 0x058c AmdPPM - ok
19:40:24.0406 0x058c [ 19CE906B4CDC11FC4FEF5745F33A63B6, 27BF91DB1FDC81CFCF0E0DCFD3C4AD51FCFB778D36F1E83105C2AFCF6851A4DF ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:40:24.0406 0x058c amdsata - ok
19:40:24.0468 0x058c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:40:24.0468 0x058c amdsbs - ok
19:40:24.0499 0x058c [ 869E67D66BE326A5A9159FBA8746FA70, 8F493A340F19FB39B5BD24EF8603812BECE7770544AB91817FF67236448569CB ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:40:24.0499 0x058c amdxata - ok
19:40:24.0562 0x058c [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID C:\Windows\system32\drivers\appid.sys
19:40:24.0562 0x058c AppID - ok
19:40:24.0640 0x058c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:40:24.0640 0x058c AppIDSvc - ok
19:40:24.0702 0x058c [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo C:\Windows\System32\appinfo.dll
19:40:24.0702 0x058c Appinfo - ok
19:40:24.0780 0x058c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:40:24.0780 0x058c arc - ok
19:40:24.0811 0x058c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:40:24.0811 0x058c arcsas - ok
19:40:24.0983 0x058c [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:40:24.0983 0x058c aspnet_state - ok
19:40:25.0061 0x058c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:25.0061 0x058c AsyncMac - ok
19:40:25.0139 0x058c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:40:25.0139 0x058c atapi - ok
19:40:25.0217 0x058c [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:40:25.0217 0x058c AudioEndpointBuilder - ok
19:40:25.0233 0x058c [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:40:25.0248 0x058c Audiosrv - ok
19:40:25.0311 0x058c [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:40:25.0311 0x058c AxInstSV - ok
19:40:25.0389 0x058c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:40:25.0404 0x058c b06bdrv - ok
19:40:25.0451 0x058c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:40:25.0451 0x058c b57nd60x - ok
19:40:25.0545 0x058c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
19:40:25.0545 0x058c BDESVC - ok
19:40:25.0591 0x058c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
19:40:25.0591 0x058c Beep - ok
19:40:25.0669 0x058c [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE C:\Windows\System32\bfe.dll
19:40:25.0685 0x058c BFE - ok
19:40:25.0763 0x058c [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS C:\Windows\system32\qmgr.dll
19:40:25.0779 0x058c BITS - ok
19:40:25.0857 0x058c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:40:25.0857 0x058c blbdrive - ok
19:40:25.0919 0x058c bonanzadealslive - ok
19:40:25.0935 0x058c bonanzadealslivem - ok
19:40:26.0028 0x058c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:40:26.0044 0x058c Bonjour Service - ok
19:40:26.0106 0x058c [ 9A5C671B7FBAE4865149BB11F59B91B2, BE1D5901CB8EF20E34F711D6451BDFBCA4BD65AFAD6028964C5CE1673D94FBAD ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:40:26.0106 0x058c bowser - ok
19:40:26.0153 0x058c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:40:26.0153 0x058c BrFiltLo - ok
19:40:26.0215 0x058c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:40:26.0215 0x058c BrFiltUp - ok
19:40:26.0325 0x058c [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:40:26.0340 0x058c BridgeMP - ok
19:40:26.0403 0x058c [ A0E691DC6589D4D2CBE373171D1A49E5, 66BAED3EF7AFE0FB4304FC97ABE2BB106ADE1A956F89DCB52E70F30239461D05 ] Browser C:\Windows\System32\browser.dll
19:40:26.0403 0x058c Browser - ok
19:40:26.0449 0x058c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:40:26.0465 0x058c Brserid - ok
19:40:26.0512 0x058c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:40:26.0512 0x058c BrSerWdm - ok
19:40:26.0527 0x058c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:40:26.0527 0x058c BrUsbMdm - ok
19:40:26.0574 0x058c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:40:26.0574 0x058c BrUsbSer - ok
19:40:26.0590 0x058c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:40:26.0590 0x058c BTHMODEM - ok
19:40:26.0668 0x058c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
19:40:26.0668 0x058c bthserv - ok
19:40:26.0793 0x058c catchme - ok
19:40:26.0871 0x058c cbbjpzjo - ok
19:40:26.0902 0x058c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:40:26.0902 0x058c cdfs - ok
19:40:26.0980 0x058c [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:40:26.0980 0x058c cdrom - ok
19:40:27.0042 0x058c [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc C:\Windows\System32\certprop.dll
19:40:27.0042 0x058c CertPropSvc - ok
19:40:27.0105 0x058c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:40:27.0105 0x058c circlass - ok
19:40:27.0167 0x058c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
19:40:27.0167 0x058c CLFS - ok
19:40:27.0261 0x058c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:27.0261 0x058c clr_optimization_v2.0.50727_32 - ok
19:40:27.0323 0x058c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:27.0339 0x058c clr_optimization_v4.0.30319_32 - ok
19:40:27.0385 0x058c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:40:27.0385 0x058c CmBatt - ok
19:40:27.0385 0x058c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:40:27.0401 0x058c cmdide - ok
19:40:27.0463 0x058c [ DB5E008B3744DD60C8498CBBF2A1CFA6, 1D851BF2433A953B32438A911D194C9DB42A52CD6E8DA296CA3C8DD2CCA83381 ] CNG C:\Windows\system32\Drivers\cng.sys
19:40:27.0463 0x058c CNG - ok
19:40:27.0510 0x058c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:40:27.0510 0x058c Compbatt - ok
19:40:27.0588 0x058c [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:40:27.0588 0x058c CompositeBus - ok
19:40:27.0635 0x058c COMSysApp - ok
19:40:27.0666 0x058c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:40:27.0666 0x058c crcdisk - ok
19:40:27.0729 0x058c [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED, 579D206CF49FB78C2D9BA29A9C57489B7875242EB618019CB7B8D336C70A09E6 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:40:27.0729 0x058c CryptSvc - ok
19:40:27.0775 0x058c [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch C:\Windows\system32\rpcss.dll
19:40:27.0775 0x058c DcomLaunch - ok
19:40:27.0838 0x058c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
19:40:27.0838 0x058c defragsvc - ok
19:40:27.0885 0x058c [ 83D1ECEA8FAAE75604C0FA49AC7AD996, 0EB4F374CB91AFF12ABC7EFC7858BDB6E58B50FCE0ADA1711F90FF592059DA40 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:40:27.0885 0x058c DfsC - ok
19:40:27.0963 0x058c [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:40:27.0963 0x058c Dhcp - ok
19:40:28.0009 0x058c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
19:40:28.0009 0x058c discache - ok
19:40:28.0087 0x058c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:40:28.0087 0x058c Disk - ok
19:40:28.0165 0x058c [ B15BE77A2BACF9C3177D27518AFE26A9, FBF02038C2EC0262B401FCBD348C48DF184AD76E95643E3D6ED32C02E90D8FC9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:40:28.0165 0x058c Dnscache - ok
19:40:28.0197 0x058c [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc C:\Windows\System32\dot3svc.dll
19:40:28.0212 0x058c dot3svc - ok
19:40:28.0275 0x058c [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS C:\Windows\system32\dps.dll
19:40:28.0290 0x058c DPS - ok
19:40:28.0353 0x058c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:40:28.0353 0x058c drmkaud - ok
19:40:28.0399 0x058c [ 1679A4669326CB1A67CC95658D273234, 57429EC10744956635CAE0742320D7C03B3EEA0CB1F5769AEF21C054C0B5E498 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:40:28.0431 0x058c DXGKrnl - ok
19:40:28.0462 0x058c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
19:40:28.0477 0x058c EapHost - ok
19:40:28.0665 0x058c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:40:28.0743 0x058c ebdrv - ok
19:40:28.0774 0x058c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] EFS C:\Windows\System32\lsass.exe
19:40:28.0774 0x058c EFS - ok
19:40:28.0852 0x058c [ 1697C39978CD69F6FBC15302EDCECE1F, E496FAE102EE33EBD35AC745E8647976DB9F91EF78E54EB962FF2D04D45B561A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:40:28.0867 0x058c ehRecvr - ok
19:40:28.0899 0x058c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
19:40:28.0899 0x058c ehSched - ok
19:40:28.0977 0x058c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:40:28.0992 0x058c elxstor - ok
19:40:29.0008 0x058c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:40:29.0008 0x058c ErrDev - ok
19:40:29.0101 0x058c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
19:40:29.0117 0x058c EventSystem - ok
19:40:29.0133 0x058c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
19:40:29.0133 0x058c exfat - ok
19:40:29.0195 0x058c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:40:29.0195 0x058c fastfat - ok
19:40:29.0289 0x058c [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax C:\Windows\system32\fxssvc.exe
19:40:29.0304 0x058c Fax - ok
19:40:29.0351 0x058c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:40:29.0351 0x058c fdc - ok
19:40:29.0382 0x058c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
19:40:29.0382 0x058c fdPHost - ok
19:40:29.0398 0x058c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
19:40:29.0398 0x058c FDResPub - ok
19:40:29.0445 0x058c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:40:29.0445 0x058c FileInfo - ok
19:40:29.0460 0x058c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:40:29.0460 0x058c Filetrace - ok
19:40:29.0507 0x058c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:40:29.0507 0x058c flpydisk - ok
19:40:29.0569 0x058c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:40:29.0585 0x058c FltMgr - ok
19:40:29.0663 0x058c [ 7FE4995528A7529A761875151EE3D512, 63F062A8E6AA9AEF39A46E94ADD548C72B4E21C1090DE9CBDCFB3F4489637BAF ] FontCache C:\Windows\system32\FntCache.dll
19:40:29.0679 0x058c FontCache - ok
19:40:29.0757 0x058c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:40:29.0757 0x058c FontCache3.0.0.0 - ok
19:40:29.0757 0x058c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:40:29.0757 0x058c FsDepends - ok
19:40:29.0788 0x058c [ 500A9814FD9446A8126858A5A7F7D273, FB9607A43B8DDA87A449A3BFEBDC035F00BA7B5D9CC56AD5F310732A38F56A46 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:40:29.0788 0x058c Fs_Rec - ok
19:40:29.0850 0x058c [ 4732E596BB1C50D9F9188C5074EE7782, 465E47C6AFA53B7CAFED5C61A5D832E7B3A1A33F82E1F11A472B84CD24D2ED55 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:40:29.0866 0x058c fvevol - ok
19:40:29.0913 0x058c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:40:29.0913 0x058c gagp30kx - ok
19:40:29.0975 0x058c [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:40:29.0975 0x058c GEARAspiWDM - ok
19:40:30.0037 0x058c globalUpdatem - ok
19:40:30.0084 0x058c [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc C:\Windows\System32\gpsvc.dll
19:40:30.0100 0x058c gpsvc - ok
19:40:30.0147 0x058c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:40:30.0147 0x058c hcw85cir - ok
19:40:30.0240 0x058c [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:40:30.0240 0x058c HdAudAddService - ok
19:40:30.0287 0x058c [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:40:30.0303 0x058c HDAudBus - ok
19:40:30.0349 0x058c [ A88485DC6A7136C10D9A6C7E38FDFE3C, B651823E5F6D13B086B00440AD17C7C2756F079DD9290E0FEB1A3A48D0104F8C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
19:40:30.0349 0x058c HECI - ok
19:40:30.0381 0x058c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:40:30.0381 0x058c HidBatt - ok
19:40:30.0412 0x058c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:40:30.0412 0x058c HidBth - ok
19:40:30.0474 0x058c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:40:30.0474 0x058c HidIr - ok
19:40:30.0521 0x058c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
19:40:30.0521 0x058c hidserv - ok
19:40:30.0630 0x058c [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:40:30.0630 0x058c HidUsb - ok
19:40:30.0661 0x058c [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:40:30.0661 0x058c hkmsvc - ok
19:40:30.0771 0x058c [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:40:30.0771 0x058c HomeGroupListener - ok
19:40:30.0817 0x058c [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:40:30.0833 0x058c HomeGroupProvider - ok
19:40:30.0911 0x058c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:40:30.0911 0x058c HpSAMD - ok
19:40:30.0973 0x058c [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:40:30.0989 0x058c HTTP - ok
19:40:31.0005 0x058c [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:40:31.0005 0x058c hwpolicy - ok
19:40:31.0067 0x058c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:40:31.0067 0x058c i8042prt - ok
19:40:31.0207 0x058c [ 26541A068572F650A2FA490726FE81BE, 9D6EF745731D45C4482274BE9C56300BBE8843D6C182F0E5C621AB121DBE371E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:40:31.0223 0x058c iaStor - ok
19:40:31.0363 0x058c [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:40:31.0363 0x058c IAStorDataMgrSvc - ok
19:40:31.0426 0x058c [ 71F1A494FEDF4B33C02C4A6A28D6D9E9, 3AF6B8220E5081C79951979FE59E980C0309C826E201AE286D3B42CD2BA8145F ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:40:31.0426 0x058c iaStorV - ok
19:40:31.0504 0x058c [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:40:31.0535 0x058c idsvc - ok
19:40:31.0597 0x058c IePluginServices - ok
19:40:31.0941 0x058c [ C5589781F75DE0BFB26E221649C80D00, 949AC24AF8669F9FF71DB30A502AF8BA17D892A0E86708418469B15F084A9D72 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:40:32.0221 0x058c igfx - ok
19:40:32.0284 0x058c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:40:32.0284 0x058c iirsp - ok
19:40:32.0362 0x058c [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT C:\Windows\System32\ikeext.dll
19:40:32.0377 0x058c IKEEXT - ok
19:40:32.0455 0x058c [ E3C36AC5AE87EC970AE8EA2A93D59AE1, 8403A5243DF38EFC35A0200760EC081E42467744AF25A1F2168D5A8198AF6A5B ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:40:32.0455 0x058c Impcd - ok
19:40:32.0674 0x058c [ ACEC5BBEE4AA34D74BE0E2E512CC2026, DBE4672B0ABA876FBE51EF36CA0AF1EABD00F793984E9A2A90C2A757E7953C34 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:40:32.0736 0x058c IntcAzAudAddService - ok
19:40:32.0845 0x058c [ AF6D1E38BCE11DABA4C01D6A6DE94410, 0913444FE63FF47C99A3F002368C05574DE9AE7973CA5832FFC6C88F9F12B574 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:40:32.0861 0x058c IntcDAud - ok
19:40:32.0908 0x058c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:40:32.0908 0x058c intelide - ok
19:40:32.0986 0x058c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:40:32.0986 0x058c intelppm - ok
19:40:33.0017 0x058c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:40:33.0033 0x058c IPBusEnum - ok
19:40:33.0079 0x058c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:40:33.0079 0x058c IpFilterDriver - ok
19:40:33.0142 0x058c [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:40:33.0157 0x058c iphlpsvc - ok
19:40:33.0189 0x058c [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:40:33.0189 0x058c IPMIDRV - ok
19:40:33.0204 0x058c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:40:33.0204 0x058c IPNAT - ok
19:40:33.0267 0x058c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:40:33.0267 0x058c IRENUM - ok
19:40:33.0313 0x058c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:40:33.0313 0x058c isapnp - ok
19:40:33.0329 0x058c [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:40:33.0329 0x058c iScsiPrt - ok
19:40:33.0391 0x058c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:40:33.0407 0x058c kbdclass - ok
19:40:33.0454 0x058c [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:40:33.0454 0x058c kbdhid - ok
19:40:33.0501 0x058c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] KeyIso C:\Windows\system32\lsass.exe
19:40:33.0501 0x058c KeyIso - ok
19:40:33.0532 0x058c [ 52FC17C8589F11747D01D3CF592673D0, 0D432F14DF6A0964947FADF4AFBCC195946A68230DC17FA610CC000BB0C921A7 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:40:33.0532 0x058c KSecDD - ok
19:40:33.0563 0x058c [ 3E5474B03568CFAB834DA3C38E8C9EFA, 1223B99AD86905C34BC95C61DA894F36567F4A23EA7E32E955133C5B2FD558DB ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:40:33.0563 0x058c KSecPkg - ok
19:40:33.0594 0x058c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:40:33.0594 0x058c KtmRm - ok
19:40:33.0641 0x058c [ 4566FD5F4416E7FEF3600E4B30D086C3, 8AF3E81D4BFE974D7419D1C7EFA7D2910AEA38A44C932A5EC83DAAAD995B7AB7 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
19:40:33.0657 0x058c L1C - ok
19:40:33.0688 0x058c [ 8F6BF790D3168224C16F2AF68A84438C, CEEA0E38B746163A4110E157DAB50CC35A689A5BBC9B3691F2B9D3AE49B0D95E ] LanmanServer C:\Windows\System32\srvsvc.dll
19:40:33.0703 0x058c LanmanServer - ok
19:40:33.0781 0x058c [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:40:33.0781 0x058c LanmanWorkstation - ok
19:40:33.0844 0x058c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:40:33.0844 0x058c lltdio - ok
19:40:33.0891 0x058c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:40:33.0891 0x058c lltdsvc - ok
19:40:33.0922 0x058c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:40:33.0922 0x058c lmhosts - ok
19:40:34.0031 0x058c [ 1E2F802846EB944E0333EFEE7C9532A8, 86EB59BF238E3DB8AF9E379B0BAE5AEC734C15598E665062B2E19C0A58BEF783 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:40:34.0047 0x058c LMS - ok
19:40:34.0093 0x058c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:40:34.0093 0x058c LSI_FC - ok
19:40:34.0125 0x058c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:40:34.0125 0x058c LSI_SAS - ok
19:40:34.0171 0x058c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:40:34.0187 0x058c LSI_SAS2 - ok
19:40:34.0203 0x058c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:40:34.0203 0x058c LSI_SCSI - ok
19:40:34.0281 0x058c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
19:40:34.0281 0x058c luafv - ok
19:40:34.0312 0x058c [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:40:34.0312 0x058c Mcx2Svc - ok
19:40:34.0374 0x058c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:40:34.0374 0x058c megasas - ok
19:40:34.0390 0x058c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:40:34.0390 0x058c MegaSR - ok
19:40:34.0437 0x058c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
19:40:34.0437 0x058c MMCSS - ok
19:40:34.0530 0x058c [ 5B9CA81817E046666E7ABF8B9B101545, 6DD02C4C991198AC515847DAAEF7A3DF379636649FDB2623A0FBD8B51DADD523 ] mod7700 C:\Windows\system32\DRIVERS\mod7700.sys
19:40:34.0546 0x058c mod7700 - ok
19:40:34.0577 0x058c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
19:40:34.0593 0x058c Modem - ok
19:40:34.0608 0x0080 Object required for P2P: [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD
19:40:34.0624 0x058c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:40:34.0624 0x058c monitor - ok
19:40:34.0639 0x058c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:40:34.0639 0x058c mouclass - ok
19:40:34.0702 0x058c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:40:34.0717 0x058c mouhid - ok
19:40:34.0749 0x058c [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:40:34.0749 0x058c mountmgr - ok
19:40:34.0764 0x058c [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:40:34.0764 0x058c mpio - ok
19:40:34.0827 0x058c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:40:34.0827 0x058c mpsdrv - ok
19:40:34.0905 0x058c [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:40:34.0920 0x058c MpsSvc - ok
19:40:34.0936 0x058c [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:40:34.0936 0x058c MRxDAV - ok
19:40:35.0014 0x058c [ CA7570E42522E24324A12161DB14EC02, E4DA5EDC7CBCC9E601543071A49347A0AA3EB4EAC205E342A1F2768FD785D08F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:40:35.0014 0x058c mrxsmb - ok
19:40:35.0061 0x058c [ F965C3AB2B2AE5C378F4562486E35051, 5FFDD5531B98FF0EA19A901C4EE1CE6043C245A4BE5533A495E331B5834D696B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:40:35.0076 0x058c mrxsmb10 - ok
19:40:35.0123 0x058c [ 25C38264A3C72594DD21D355D70D7A5D, DCEF2DEBB1859FED6FC7A19D13A841B6B6CA10577E12F116D0EB2D2B8C72A4A1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:35.0123 0x058c mrxsmb20 - ok
19:40:35.0139 0x058c [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:40:35.0139 0x058c msahci - ok
19:40:35.0170 0x058c [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:40:35.0185 0x058c msdsm - ok
19:40:35.0201 0x058c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
19:40:35.0201 0x058c MSDTC - ok
19:40:35.0248 0x058c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:40:35.0248 0x058c Msfs - ok
19:40:35.0263 0x058c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:40:35.0263 0x058c mshidkmdf - ok
19:40:35.0310 0x058c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:40:35.0310 0x058c msisadrv - ok
19:40:35.0373 0x058c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:40:35.0388 0x058c MSiSCSI - ok
19:40:35.0419 0x058c msiserver - ok
19:40:35.0482 0x058c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:40:35.0482 0x058c MSKSSRV - ok
19:40:35.0482 0x058c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:35.0482 0x058c MSPCLOCK - ok
19:40:35.0497 0x058c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:40:35.0497 0x058c MSPQM - ok
19:40:35.0529 0x058c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:40:35.0529 0x058c MsRPC - ok
19:40:35.0544 0x058c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:40:35.0560 0x058c mssmbios - ok
19:40:35.0560 0x058c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:40:35.0560 0x058c MSTEE - ok
19:40:35.0575 0x058c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:40:35.0575 0x058c MTConfig - ok
19:40:35.0622 0x058c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
19:40:35.0622 0x058c Mup - ok
19:40:35.0653 0x058c [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent C:\Windows\system32\qagentRT.dll
19:40:35.0669 0x058c napagent - ok
19:40:35.0763 0x058c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:40:35.0778 0x058c NativeWifiP - ok
19:40:35.0825 0x058c [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:40:35.0841 0x058c NDIS - ok
19:40:35.0872 0x058c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:40:35.0872 0x058c NdisCap - ok
19:40:35.0934 0x058c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:35.0934 0x058c NdisTapi - ok
19:40:35.0997 0x058c [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:35.0997 0x058c Ndisuio - ok
19:40:36.0012 0x058c [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:36.0012 0x058c NdisWan - ok
19:40:36.0043 0x058c [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:40:36.0059 0x058c NDProxy - ok
19:40:36.0106 0x058c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:40:36.0106 0x058c NetBIOS - ok
19:40:36.0121 0x058c [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:40:36.0137 0x058c NetBT - ok
19:40:36.0184 0x058c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] Netlogon C:\Windows\system32\lsass.exe
19:40:36.0184 0x058c Netlogon - ok
19:40:36.0215 0x058c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
19:40:36.0215 0x058c Netman - ok
19:40:36.0293 0x058c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:36.0293 0x058c NetMsmqActivator - ok
19:40:36.0293 0x058c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:36.0309 0x058c NetPipeActivator - ok
19:40:36.0324 0x058c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
19:40:36.0340 0x058c netprofm - ok
19:40:36.0355 0x058c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:36.0355 0x058c NetTcpActivator - ok
19:40:36.0371 0x058c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:36.0371 0x058c NetTcpPortSharing - ok
19:40:36.0433 0x058c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:40:36.0433 0x058c nfrd960 - ok
19:40:36.0465 0x058c [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:40:36.0465 0x058c NlaSvc - ok
19:40:36.0496 0x058c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:40:36.0511 0x058c Npfs - ok
19:40:36.0589 0x058c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
19:40:36.0589 0x058c nsi - ok
19:40:36.0605 0x058c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:40:36.0621 0x058c nsiproxy - ok
19:40:36.0683 0x058c [ A8F59428E9F361C7AC42A94AC1560BC9, 5B056375C8D21E7AE9E2EAC2EF62F5A2D6D0DBB52DD2FC34F9CC35F55C6766A6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:40:36.0714 0x058c Ntfs - ok
19:40:36.0745 0x058c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
19:40:36.0745 0x058c Null - ok
19:40:36.0823 0x058c [ 03AD379554B50FA1802BE4EC2E291E92, DCF2B5DB1C8BDF2473E454F974EA6445C3EEC111252D859EC2EC3F6833390271 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:40:36.0823 0x058c nusb3hub - ok
19:40:36.0855 0x067c Object required for P2P: [ 53F476476F55A27F580661BDE09C4EC4 ] BITS
19:40:36.0901 0x058c [ 06FE87C9D181AF5F04D192E604E10E6C, 27BBB521C68EAD123117DCD1DEA7436833EC0CFB62F6B6A5AC12E5A2996C7595 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:40:36.0917 0x058c nusb3xhc - ok
19:40:37.0291 0x058c [ 011C6E2E44A36ED7ACB57FD6197F0516, 5CD3414659461DD028EFBDD5734B7F1343B362CB5FB250C4EBAD169AF4E8AC9B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:40:37.0635 0x058c nvlddmkm - ok
19:40:37.0697 0x058c [ 47188871F2A151746A93DEEF0DBC26D9, B593E41E4490D08A823F4722476E63797876563EF46E0A7C695C66CFDD1B50E2 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
19:40:37.0697 0x058c nvpciflt - ok
19:40:37.0775 0x058c [ F1B0BED906F97E16F6D0C3629D2F21C6, 563DE1AF0BE884264FD0D17AAA92EA32A2EACDF1E6C56D038773919D731E110C ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:40:37.0775 0x058c nvraid - ok
19:40:37.0822 0x058c [ 4520B63899E867F354EE012D34E11536, BDFF1033609834F44B0EDBE8B360FD7977D027034C469862385736AEFE8832B7 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:40:37.0822 0x058c nvstor - ok
19:40:37.0869 0x058c [ 07428D1C6FA4011085E8610AA37769E5, E64FF250B5CF5A89A4958D92445F44F9AE9B006A16334CB0CCC41216D5540E2A ] nvsvc C:\Windows\system32\nvvsvc.exe
19:40:37.0869 0x058c nvsvc - ok
19:40:38.0040 0x058c [ 6CC0B075295589730917B17ECBBCB6B3, E24DE98B499261F9FCF64239231873BC95E5ED1BD2B6B2E2B972C87222E85C6B ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:40:38.0087 0x058c nvUpdatusService - ok
19:40:38.0118 0x058c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:40:38.0134 0x058c nv_agp - ok
19:40:38.0196 0x058c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:40:38.0196 0x058c ohci1394 - ok
19:40:38.0305 0x058c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:40:38.0305 0x058c ose - ok
19:40:38.0477 0x058c [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:40:38.0664 0x058c osppsvc - ok
19:40:38.0711 0x0598 Object required for P2P: [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch
19:40:38.0758 0x058c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:40:38.0758 0x058c p2pimsvc - ok
19:40:38.0836 0x058c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
19:40:38.0851 0x058c p2psvc - ok
19:40:38.0883 0x058c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:40:38.0883 0x058c Parport - ok
19:40:38.0929 0x058c [ 66D3415C159741ADE7038A277EFFF99F, D9853845FE495A546328986718074373EAB0F59538CFE7E604B1A94C8CBE7140 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:40:38.0929 0x058c partmgr - ok
19:40:38.0976 0x058c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:40:38.0976 0x058c Parvdm - ok
19:40:39.0054 0x058c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:40:39.0070 0x058c PcaSvc - ok
19:40:39.0117 0x058c [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci C:\Windows\system32\DRIVERS\pci.sys
19:40:39.0117 0x058c pci - ok
19:40:39.0132 0x058c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:40:39.0148 0x058c pciide - ok
19:40:39.0179 0x058c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:40:39.0179 0x058c pcmcia - ok
19:40:39.0241 0x058c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
19:40:39.0241 0x058c pcw - ok
19:40:39.0382 0x058c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:40:39.0397 0x058c PEAUTH - ok
19:40:39.0475 0x058c [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla C:\Windows\system32\pla.dll
19:40:39.0522 0x058c pla - ok
19:40:39.0600 0x058c [ 71DEF5EC79774C798342D0EA16E41780, 5B5A365E57A7ACE3C4EDA1D891BD613879B284831E8253FDE498E40B2091E3B6 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:40:39.0600 0x058c PlugPlay - ok
19:40:39.0616 0x058c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:40:39.0616 0x058c PNRPAutoReg - ok
19:40:39.0678 0x058c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:40:39.0694 0x058c PNRPsvc - ok
19:40:39.0756 0x058c [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:40:39.0772 0x058c PolicyAgent - ok
19:40:39.0803 0x058c [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power C:\Windows\system32\umpo.dll
19:40:39.0803 0x058c Power - ok
19:40:39.0881 0x058c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:40:39.0881 0x058c PptpMiniport - ok
19:40:39.0943 0x058c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:40:39.0943 0x058c Processor - ok
19:40:40.0021 0x058c [ AEA3BDBDBA667AA6F678CB38907E4F5E, AB698DCA117F8D5F22F9CD8D7884147BAB4E0C055B8A487BC035C18ED1634752 ] ProfSvc C:\Windows\system32\profsvc.dll
19:40:40.0037 0x058c ProfSvc - ok
19:40:40.0053 0x058c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] ProtectedStorage C:\Windows\system32\lsass.exe
19:40:40.0053 0x058c ProtectedStorage - ok
19:40:40.0131 0x058c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:40:40.0131 0x058c Psched - ok
19:40:40.0209 0x0694 Object required for P2P: [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax
19:40:40.0255 0x058c [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:40:40.0255 0x058c PSI_SVC_2 - ok
19:40:40.0349 0x058c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:40:40.0380 0x058c ql2300 - ok
19:40:40.0411 0x058c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:40:40.0411 0x058c ql40xx - ok
19:40:40.0427 0x058c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
19:40:40.0443 0x058c QWAVE - ok
19:40:40.0489 0x058c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:40:40.0489 0x058c QWAVEdrv - ok
19:40:40.0552 0x058c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:40:40.0552 0x058c RasAcd - ok
19:40:40.0614 0x058c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:40:40.0614 0x058c RasAgileVpn - ok
19:40:40.0630 0x058c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
19:40:40.0630 0x058c RasAuto - ok
19:40:40.0661 0x058c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:40:40.0661 0x058c Rasl2tp - ok
19:40:40.0692 0x058c [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan C:\Windows\System32\rasmans.dll
19:40:40.0692 0x058c RasMan - ok
19:40:40.0739 0x058c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:40:40.0739 0x058c RasPppoe - ok
19:40:40.0801 0x058c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:40:40.0801 0x058c RasSstp - ok
19:40:40.0895 0x058c [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:40:40.0895 0x058c rdbss - ok
19:40:40.0911 0x058c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:40:40.0911 0x058c rdpbus - ok
19:40:40.0926 0x058c [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:40:40.0926 0x058c RDPCDD - ok
19:40:40.0989 0x058c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:40:40.0989 0x058c RDPENCDD - ok
19:40:41.0051 0x058c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:40:41.0051 0x058c RDPREFMP - ok
19:40:41.0145 0x058c [ C5B8D47A4688DE9D335204EA757C2240, 2F646466120911B0CA0E331B4959A470E18DFD51C8FAAB69BE0461C31D52DBBE ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:40:41.0145 0x058c RDPWD - ok
19:40:41.0191 0x058c [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:40:41.0207 0x058c rdyboost - ok
19:40:41.0238 0x058c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:40:41.0238 0x058c RemoteAccess - ok
19:40:41.0301 0x058c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:40:41.0316 0x058c RemoteRegistry - ok
19:40:41.0363 0x058c rjaty - ok
19:40:41.0410 0x058c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:40:41.0410 0x058c RpcEptMapper - ok
19:40:41.0441 0x058c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
19:40:41.0441 0x058c RpcLocator - ok
19:40:41.0488 0x058c [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs C:\Windows\system32\rpcss.dll
19:40:41.0503 0x058c RpcSs - ok
19:40:41.0503 0x058c Object required for P2P: [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs
19:40:43.0032 0x076c Object required for P2P: [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP
19:40:44.0421 0x0200 Object required for P2P: [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation
19:40:45.0606 0x0764 Object required for P2P: [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc
19:40:46.0339 0x0080 Object send P2P result: true
19:40:47.0931 0x059c Object required for P2P: [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy
19:40:48.0211 0x067c Object send P2P result: true
19:40:57.0681 0x0598 Object send P2P result: true
19:40:57.0681 0x058c Object send P2P result: true
19:40:57.0681 0x0598 Object required for P2P: [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS
19:40:57.0681 0x0694 Object send P2P result: true
19:40:57.0681 0x0694 Object required for P2P: [ 7FE4995528A7529A761875151EE3D512 ] FontCache
19:40:57.0759 0x058c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:40:57.0759 0x058c rspndr - ok
19:40:57.0821 0x058c [ 0340A381B920A6E68178B832889F33F8, 725B829D44AF88EBB404DA8E62679F0A412AF15EB5E5B2A60344A44E3BDA1B92 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
19:40:57.0837 0x058c RSUSBSTOR - ok
19:40:57.0915 0x058c [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
19:40:57.0930 0x058c RTL8167 - ok
19:40:58.0008 0x058c [ CFD6C307BF5DB3B339BE9F92B95433B9, BAD48DA6B8F35D5A7E1C513BEAAA5F89AC05105B4AA8AD6281D688F3DF63CAF9 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
19:40:58.0008 0x05f0 Object required for P2P: [ C858CB77C577780ECC456A892E7E7D0F ] pci
19:40:58.0040 0x058c rtl8192se - ok
19:40:58.0055 0x058c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] SamSs C:\Windows\system32\lsass.exe
19:40:58.0055 0x058c SamSs - ok
19:40:58.0102 0x058c [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:40:58.0102 0x058c sbp2port - ok
19:40:58.0149 0x058c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:40:58.0149 0x058c SCardSvr - ok
19:40:58.0211 0x058c [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:40:58.0211 0x058c scfilter - ok
19:40:58.0289 0x058c [ DF1E5C82E4D09CF8105CC644980C4803, 36BB8402B29466CF1AE5BD56ED6CF6FE47DE162ADF04D44E2BCEA168CB0BD4D4 ] Schedule C:\Windows\system32\schedsvc.dll
19:40:58.0305 0x058c Schedule - ok
19:40:58.0461 0x058c [ 43BB01FA6B3E6E4D4343BDEAB3EC56B7, 535B392580D77EEAED3647836A8567223D44A7ADD629BA457D117F3C584D7120 ] scores C:\Windows\score.exe
19:40:58.0617 0x058c scores - ok
19:40:58.0648 0x058c [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:40:58.0648 0x058c SCPolicySvc - ok
19:40:58.0695 0x058c [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:40:58.0710 0x058c SDRSVC - ok
19:40:58.0788 0x058c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:40:58.0788 0x058c secdrv - ok
19:40:58.0820 0x058c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
19:40:58.0820 0x058c seclogon - ok
19:40:58.0835 0x058c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
19:40:58.0835 0x058c SENS - ok
19:40:58.0882 0x058c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:40:58.0882 0x058c SensrSvc - ok
19:40:58.0960 0x058c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:40:58.0960 0x058c Serenum - ok
19:40:59.0007 0x058c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:40:59.0007 0x058c Serial - ok
19:40:59.0069 0x058c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:40:59.0069 0x058c sermouse - ok
19:40:59.0225 0x058c [ A196F22AD8C0F724675C8385406B03E5, 2003CED05A336F7D84627C2C94F9AF7FAD5DC23AEA2FF7B31C6AB3F5E9B54E08 ] servervo C:\Users\Emily\AppData\Roaming\VOPackage\VOsrv.exe
19:40:59.0225 0x058c servervo - ok
19:40:59.0241 0x058c [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv C:\Windows\system32\sessenv.dll
19:40:59.0256 0x058c SessionEnv - ok
19:40:59.0272 0x058c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:40:59.0272 0x058c sffdisk - ok
19:40:59.0334 0x058c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:40:59.0334 0x058c sffp_mmc - ok
19:40:59.0381 0x058c [ A0708BBD07D245C06FF9DE549CA47185, 6A95ACD63A3E7CE6065D0A8B5C182C5B3F4540B8345AB5DCCBD3AC77E9D6CEAC ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:40:59.0381 0x058c sffp_sd - ok
19:40:59.0428 0x058c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:40:59.0428 0x058c sfloppy - ok
19:40:59.0459 0x058c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:40:59.0475 0x058c SharedAccess - ok
19:40:59.0506 0x058c [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:40:59.0506 0x058c ShellHWDetection - ok
19:40:59.0568 0x058c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
19:40:59.0568 0x076c Object send P2P result: true
19:40:59.0568 0x058c sisagp - ok
19:40:59.0568 0x076c Object required for P2P: [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT
19:40:59.0615 0x058c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:40:59.0615 0x058c SiSRaid2 - ok
19:40:59.0646 0x058c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:40:59.0646 0x058c SiSRaid4 - ok
19:40:59.0771 0x058c [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:40:59.0787 0x058c SkypeUpdate - ok
19:40:59.0849 0x058c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:40:59.0849 0x058c Smb - ok
19:40:59.0912 0x058c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:40:59.0912 0x058c SNMPTRAP - ok
19:40:59.0927 0x058c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
19:40:59.0927 0x058c spldr - ok
19:40:59.0958 0x058c [ E17323B0AA9FB3FF9945731D736EDA2F, 65837FC6329A4B2B042B0CDB04F139CA14C2BD1EE0CDB2C7705431E9D97D0597 ] Spooler C:\Windows\System32\spoolsv.exe
19:40:59.0974 0x058c Spooler - ok
19:41:00.0005 0x058c SPPD - ok
19:41:00.0177 0x058c [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc C:\Windows\system32\sppsvc.exe
19:41:00.0239 0x058c sppsvc - ok
19:41:00.0286 0x058c [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:41:00.0286 0x058c sppuinotify - ok
19:41:00.0333 0x058c [ C4A027B8C0BD3FC0699F41FA5E9E0C87, A709BD7DDF0ACA5CF65B5A541FC6013FF86181138B86D1BF631E4BF5F4F2E266 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:41:00.0348 0x058c srv - ok
19:41:00.0380 0x058c [ 414BB592CAD8A79649D01F9D94318FB3, 093F52568B48E94B6C53F2E7F229416B8643DD9CEBB3E41601C64E932E3098F3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:41:00.0395 0x058c srv2 - ok
19:41:00.0442 0x058c [ FF207D67700AA18242AAF985D3E7D8F4, CFB36B6AA3D6915D23654FB11E848EC47DA8346F47151BE66967E51101FD4222 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:41:00.0442 0x058c srvnet - ok
19:41:00.0458 0x058c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:41:00.0458 0x058c SSDPSRV - ok
19:41:00.0520 0x058c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:41:00.0520 0x058c SstpSvc - ok
19:41:00.0567 0x058c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:41:00.0567 0x058c stexstor - ok
19:41:00.0645 0x058c [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc C:\Windows\System32\wiaservc.dll
19:41:00.0660 0x058c StiSvc - ok
19:41:00.0692 0x058c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:41:00.0692 0x058c swenum - ok
19:41:00.0723 0x058c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
19:41:00.0738 0x058c swprv - ok
19:41:00.0785 0x058c [ D776EB85A20696D9D43129CCF6E703E2, F4C16C6EE09DA173A8FE3FD85E3F81E68AB4FF66D996FA3CCC47989052DD69C2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:41:00.0801 0x058c SynTP - ok
19:41:00.0848 0x058c [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain C:\Windows\system32\sysmain.dll
19:41:00.0879 0x058c SysMain - ok
19:41:00.0894 0x058c [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:41:00.0894 0x058c TabletInputService - ok
19:41:00.0941 0x058c [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:41:00.0941 0x058c TapiSrv - ok
19:41:00.0957 0x058c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
19:41:00.0972 0x058c TBS - ok
19:41:01.0066 0x058c [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:41:01.0097 0x058c Tcpip - ok
19:41:01.0144 0x058c [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:41:01.0175 0x058c TCPIP6 - ok
19:41:01.0206 0x058c [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:41:01.0222 0x058c tcpipreg - ok
19:41:01.0253 0x058c [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:41:01.0253 0x058c TDPIPE - ok
19:41:01.0284 0x058c [ 7156308896D34EA75A582F9A09E50C17, B5663B4035EE4D7957D2EDB4F9D3342806CB0E094D9661C6BD6AFC031160F176 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:41:01.0284 0x058c TDTCP - ok
19:41:01.0316 0x058c [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:41:01.0316 0x058c tdx - ok
19:41:01.0331 0x058c [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:41:01.0331 0x058c TermDD - ok
19:41:01.0394 0x058c [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService C:\Windows\System32\termsrv.dll
19:41:01.0409 0x058c TermService - ok
19:41:01.0425 0x058c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
19:41:01.0425 0x058c Themes - ok
19:41:01.0440 0x058c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
19:41:01.0440 0x058c THREADORDER - ok
19:41:01.0503 0x058c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
19:41:01.0503 0x058c TrkWks - ok
19:41:01.0550 0x058c [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:41:01.0550 0x058c TrustedInstaller - ok
19:41:01.0581 0x058c [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:41:01.0581 0x058c tssecsrv - ok
19:41:01.0690 0x058c [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:41:01.0690 0x058c tunnel - ok
19:41:01.0752 0x058c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:41:01.0752 0x058c uagp35 - ok
19:41:01.0815 0x058c [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:41:01.0830 0x058c udfs - ok
19:41:01.0877 0x058c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:41:01.0877 0x058c UI0Detect - ok
19:41:01.0955 0x058c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:41:01.0955 0x058c uliagpkx - ok
19:41:02.0018 0x058c [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:41:02.0018 0x058c umbus - ok
19:41:02.0096 0x058c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:41:02.0096 0x058c UmPass - ok
19:41:02.0283 0x058c [ AF905F4966CFC8B973623AB150CD4B2B, E1BF0481A584C10AE4A927A01A1E6B76036C18FAF7AB38D9B78641F5808D9888 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:41:02.0345 0x058c UNS - ok
19:41:02.0392 0x058c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
19:41:02.0392 0x058c upnphost - ok
19:41:02.0470 0x058c [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:41:02.0470 0x058c USBAAPL - ok
19:41:02.0517 0x058c [ C31AE588E403042632DC796CF09E30B0, 3EA64F9637D6F0AFC9DA70775AC6598828CB289BC1F7B028B3CC22878A443F30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:41:02.0517 0x058c usbccgp - ok
19:41:02.0595 0x058c [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:41:02.0595 0x058c usbcir - ok
19:41:02.0642 0x058c [ E4C436D914768CE965D5E659BA7EEBD8, 4FE0B360D2FE4C8B1D3FA5BD9A0E24CA6C186CD99B72EA58F6B669FABB0B1269 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:41:02.0642 0x058c usbehci - ok
19:41:02.0688 0x058c [ BDCD7156EC37448F08633FD899823620, 557A6E8B1CD43213FCCB247DEC9EEBC12F263DA13CFF72DEE724E830F7F22C33 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:41:02.0704 0x058c usbhub - ok
19:41:02.0782 0x058c [ EB2D819A639015253C871CDA09D91D58, E65757F3D162F26012BF9E16ECA0688BBCAE633AFFD1CE07083A3306376A4E82 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:41:02.0782 0x058c usbohci - ok
19:41:02.0813 0x058c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:41:02.0813 0x058c usbprint - ok
19:41:02.0844 0x058c [ 1C4287739A93594E57E2A9E6A3ED7353, FCA7D01D7A699B2C3514FD30D534C9ABA975D4AC2543546D94BEB224834BCA54 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:41:02.0844 0x058c USBSTOR - ok
19:41:02.0876 0x058c [ 22480BF4E5A09192E5E30BA4DDE79FA4, E5CB29CD419009AC0F641E50E8B0E0B7FF6AD68ADB48A959FFD07A37FCF7B9BE ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:41:02.0876 0x058c usbuhci - ok
19:41:02.0954 0x058c [ B5F6A992D996282B7FAE7048E50AF83A, CE8A3096DB78BD7E660A7B544AD3EE25AE747B3A63359D55B480B7FF1B6BEE8B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:41:02.0969 0x058c usbvideo - ok
19:41:03.0016 0x058c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
19:41:03.0016 0x058c UxSms - ok
19:41:03.0047 0x058c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] VaultSvc C:\Windows\system32\lsass.exe
19:41:03.0047 0x058c VaultSvc - ok
19:41:03.0094 0x058c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:41:03.0094 0x058c vdrvroot - ok
19:41:03.0125 0x058c [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds C:\Windows\System32\vds.exe
19:41:03.0141 0x058c vds - ok
19:41:03.0188 0x058c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:41:03.0188 0x058c vga - ok
19:41:03.0219 0x058c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:41:03.0219 0x058c VgaSave - ok
19:41:03.0266 0x058c [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:41:03.0266 0x058c vhdmp - ok
19:41:03.0344 0x058c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
19:41:03.0344 0x058c viaagp - ok
19:41:03.0375 0x058c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:41:03.0375 0x058c ViaC7 - ok
19:41:03.0390 0x058c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:41:03.0390 0x058c viaide - ok
19:41:03.0437 0x058c [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:41:03.0437 0x058c volmgr - ok
19:41:03.0468 0x058c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:41:03.0468 0x058c volmgrx - ok
19:41:03.0515 0x058c [ 59F06B4968E58BC83DFC56CA4517960E, F0ACE8D5F30B8C81E4FDE0CEBDBA71A212A3198ED09D92B2B40C48FBB243D3F5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:41:03.0515 0x058c volsnap - ok
19:41:03.0609 0x058c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:41:03.0609 0x058c vsmraid - ok
19:41:03.0656 0x058c [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS C:\Windows\system32\vssvc.exe
19:41:03.0687 0x058c VSS - ok
19:41:03.0702 0x058c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:41:03.0702 0x058c vwifibus - ok
19:41:03.0765 0x058c [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:41:03.0780 0x058c vwififlt - ok
19:41:03.0812 0x058c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
19:41:03.0827 0x058c W32Time - ok
19:41:03.0874 0x058c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:41:03.0874 0x058c WacomPen - ok
19:41:03.0936 0x058c [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:41:03.0936 0x058c WANARP - ok
19:41:03.0936 0x058c [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:41:03.0952 0x058c Wanarpv6 - ok
19:41:04.0030 0x058c [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine C:\Windows\system32\wbengine.exe
19:41:04.0061 0x058c wbengine - ok
19:41:04.0124 0x058c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:41:04.0124 0x058c WbioSrvc - ok
19:41:04.0170 0x058c [ 6D9B75275C3E3A5F51AEF81AFFADB2B6, 0805471A57DDF1974F3F7B36B0DD843731C608D10A1C00B01E6E9D0460098E1A ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:41:04.0170 0x058c wcncsvc - ok
19:41:04.0202 0x058c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:41:04.0202 0x058c WcsPlugInService - ok
19:41:04.0248 0x058c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:41:04.0248 0x058c Wd - ok
19:41:04.0295 0x058c [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:41:04.0311 0x058c Wdf01000 - ok
19:41:04.0326 0x058c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:41:04.0342 0x058c WdiServiceHost - ok
19:41:04.0358 0x058c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:41:04.0358 0x058c WdiSystemHost - ok
19:41:04.0404 0x058c [ BB5EC38F8D4600119B4720BC5D4211F1, F04F823A9FE77704F38D773C7350C71727C5E3309CD1EC754519C826A4599476 ] WebClient C:\Windows\System32\webclnt.dll
19:41:04.0404 0x058c WebClient - ok
19:41:04.0436 0x0200 Object send P2P result: false
19:41:04.0436 0x0200 Object required for P2P: [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc
19:41:04.0436 0x058c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:41:04.0451 0x058c Wecsvc - ok
19:41:04.0498 0x058c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:41:04.0498 0x058c wercplsupport - ok
19:41:04.0560 0x058c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
19:41:04.0560 0x058c WerSvc - ok
19:41:04.0638 0x058c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:41:04.0638 0x058c WfpLwf - ok
19:41:04.0685 0x058c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:41:04.0685 0x058c WIMMount - ok
19:41:04.0794 0x058c [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:41:04.0810 0x058c WinDefend - ok
19:41:04.0810 0x058c WinHttpAutoProxySvc - ok
19:41:04.0872 0x058c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:41:04.0872 0x058c Winmgmt - ok
19:41:04.0950 0x058c [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM C:\Windows\system32\WsmSvc.dll
19:41:04.0966 0x058c WinRM - ok
19:41:05.0060 0x058c [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:41:05.0060 0x058c WinUsb - ok
19:41:05.0153 0x058c [ 4C69A8E2E159C1C59BC4B688E9DD7F8C, 235C7A41425846EFE4966490EB7F72AA768B3FE1665843BF58520DDBD6822A74 ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
19:41:05.0153 0x058c WisLMSvc - ok
19:41:05.0200 0x058c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:41:05.0216 0x058c Wlansvc - ok
19:41:05.0278 0x058c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:41:05.0278 0x058c WmiAcpi - ok
19:41:05.0325 0x058c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:41:05.0325 0x058c wmiApSrv - ok
19:41:05.0465 0x058c [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:41:05.0481 0x058c WMPNetworkSvc - ok
19:41:05.0512 0x058c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:41:05.0528 0x058c WPCSvc - ok
19:41:05.0543 0x058c [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:41:05.0559 0x058c WPDBusEnum - ok
19:41:05.0637 0x0764 Object send P2P result: false
19:41:05.0637 0x0764 Object required for P2P: [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20
19:41:05.0637 0x058c Wpm - ok
19:41:05.0684 0x058c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:41:05.0684 0x058c ws2ifsl - ok
19:41:05.0715 0x058c [ A661A76333057B383A06E65F0073222F, B25AEC2B668C61F2E1C6F7AD27706EE10F8B04F09B5D069784131A6B8B5DF570 ] wscsvc C:\Windows\system32\wscsvc.dll
19:41:05.0715 0x058c wscsvc - ok
19:41:05.0730 0x058c WSearch - ok
19:41:05.0808 0x058c [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
19:41:05.0855 0x058c wuauserv - ok
19:41:05.0886 0x058c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:41:05.0886 0x058c WudfPf - ok
19:41:05.0933 0x058c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:41:05.0933 0x058c WUDFRd - ok
19:41:06.0011 0x058c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:41:06.0011 0x058c wudfsvc - ok
19:41:06.0058 0x058c [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:41:06.0074 0x058c WwanSvc - ok
19:41:06.0152 0x058c [ 1F93FCB5BAB3A921ECBA522F63586F4A, 0340B73DBC953B50572666EC603E87F253B9CEB9B0489A441A6A2171A04595D8 ] X10Hid C:\Windows\System32\Drivers\x10hid.sys
19:41:06.0152 0x058c X10Hid - ok
19:41:06.0276 0x058c [ 5A0C788C5BC5F2C993CB60940ADCF95E, FEEC158466040A6528E7FC8D33706B50D2F03479E0B62DF8F06B69A1A850A9FB ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
19:41:06.0276 0x058c x10nets - ok
19:41:06.0339 0x058c [ 378DC1B0B1F62A7488EE8D31A3C6E949, 8334CBC479797DC82551D38DFF1AEF5E41E4C6427D410C633DECC95C4FB84C0E ] XUIF C:\Windows\System32\Drivers\x10ufx2.sys
19:41:06.0339 0x058c XUIF - ok
19:41:06.0432 0x058c [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8, 967B7FA83171485DA1EEF51DB2A21FD17DFB4846E1F700C83E516BD40A542DCA ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
19:41:06.0432 0x058c Yontoo Desktop Updater - ok
19:41:06.0479 0x058c ================ Scan global ===============================
19:41:06.0510 0x058c [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
19:41:06.0557 0x058c [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
19:41:06.0573 0x058c [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
19:41:06.0604 0x058c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
19:41:06.0651 0x058c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
19:41:06.0651 0x058c [ Global ] - ok
19:41:06.0666 0x058c ================ Scan MBR ==================================
19:41:06.0666 0x058c [ 7827CE22D5B6A2E3FA5111270DD20242 ] \Device\Harddisk0\DR0
19:41:07.0946 0x059c Object send P2P result: false
19:41:07.0946 0x059c Object required for P2P: [ 2226496E34BD40734946A054B1CD657F ] NlaSvc
19:41:09.0100 0x058c \Device\Harddisk0\DR0 - ok
19:41:09.0100 0x058c ================ Scan VBR ==================================
19:41:09.0100 0x058c [ B0D5A8FBF3D19023AA16814C187EBAFB ] \Device\Harddisk0\DR0\Partition1
19:41:09.0100 0x058c \Device\Harddisk0\DR0\Partition1 - ok
19:41:09.0100 0x058c [ 94A25F0864972491B870D83B6C2142C2 ] \Device\Harddisk0\DR0\Partition2
19:41:09.0116 0x058c \Device\Harddisk0\DR0\Partition2 - ok
19:41:09.0131 0x058c [ E07850F3D6AF56E0D1116A7339A3B2DB ] \Device\Harddisk0\DR0\Partition3
19:41:09.0131 0x058c \Device\Harddisk0\DR0\Partition3 - ok
19:41:09.0162 0x058c ================ Scan generic autorun ======================
19:41:09.0552 0x058c [ 1FF6220D9CBFAC929E62ADA893C9F357, 9117852465969A9B12D364CCF51A8026BC3D8BA5D2B82212CAF7157E2D577AB7 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
19:41:09.0880 0x058c RtHDVCpl - ok
19:41:09.0958 0x058c [ C8215BBCA8F3E0E2A1B18C9BB51C042B, EEF2C61178DE052EA4AD7CF0106439CA17B212BAF53A2D3FA4C0169A26A15E3B ] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
19:41:09.0989 0x058c RtHDVBg - ok
19:41:10.0005 0x058c [ 8D2851FC8807D456319C721AE3809824, 3AB40A5538C04CC536523E1AB890BBD4BA648134BB594B852EB8434DCE80632C ] C:\Program Files\Launch Manager\HotkeyApp.exe
19:41:10.0020 0x058c HotkeyApp - ok
19:41:10.0052 0x058c [ DFA1067EA4157BCCCFD48F052066A076, 5E5B60C20CFF1F3F9D45588B0E0AEB59C3F4C11089CCB52AA92890773BAA081F ] C:\Program Files\Launch Manager\OSD.exe
19:41:10.0067 0x058c LMgrVolOSD - ok
19:41:10.0114 0x058c [ 94D2739E7F421BC0EE0B32387B78B619, D7835E81FD08EBBFBDF44712D48CBF4311A89FF505ADD4DF4ECC46A2ECCD6F1B ] C:\Program Files\Launch Manager\Wbutton.exe
19:41:10.0130 0x058c Wbutton - ok
19:41:10.0286 0x058c [ B2D2DB4C716665691816C77557AD685C, F8B919FED0B4E979DC3F39578D59CFB2D984AFBDD67A6A4D850F71930C28016D ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
19:41:10.0317 0x058c SynTPEnh - ok
19:41:10.0364 0x058c [ 51C8885B6A00904C0252704C9FB0F43A, BF2F58E6697DB10F3D6FB3859FADC2CE1D3CDD318E487E02FDC2BE171AF6CA29 ] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
19:41:10.0364 0x058c NUSB3MON - ok
19:41:10.0410 0x058c [ 69CAF0A923235ABD9887ED9CB9553CA4, CCACFE2B0A3992DEA56D92EC03E7CCD3F9FDE4A3FE240C2B2CFAF1095108261D ] C:\Windows\system32\igfxtray.exe
19:41:10.0426 0x058c IgfxTray - ok
19:41:10.0442 0x058c [ BD42EF6D8566CA5E46563C0103FF1875, 1D1B19ECB98C89298CC347F3AB969BA1108A4DA10BD830CDA934A618F81BAF95 ] C:\Windows\system32\hkcmd.exe
19:41:10.0442 0x058c HotKeysCmds - ok
19:41:10.0520 0x058c [ 48584955B0CE8545BB31CF0D4459E525, D65DF3C4E1DE39DCF3AD3C48C2560C538CB2C47D6EE7E94BD15484214B186433 ] C:\Windows\system32\igfxpers.exe
19:41:10.0520 0x058c Persistence - ok
19:41:10.0566 0x058c [ F8DBB32041336A94C676E6B70F759993, 5DD10E2696616F18A88526B06899C1874243BF2BF674F19C86228B975BCD9C1E ] C:\Program Files\QuickTime\qttask.exe
19:41:10.0566 0x058c QuickTime Task - ok
19:41:10.0722 0x058c [ F99ACEE528FE94E1BB7CCB6EF0E0A47C, FB5096E6AD83ACAA362EF56F61BDA0BD831E09FCE49482A5E905F5BCDB4172BC ] C:\Program Files\Ask.com\Updater\Updater.exe
19:41:10.0754 0x058c ApnUpdater - ok
19:41:10.0785 0x058c MRT - ok
19:41:10.0847 0x058c [ D267C1A121EB3B2772FE7B199008F2EF, BE9675B15EE21DC02022A695ED191B2ABC63ABC8164713ACDB34E06D1E692D85 ] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
19:41:10.0863 0x058c tvjbmonitor - ok
19:41:10.0925 0x058c [ 32133F73425463751C97FFD908AAF3DC, CB35F16442CEFC0026D2E68EAE15D32158F22C7D0E51D16A5D7A4FFF919C4E08 ] C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe
19:41:10.0925 0x058c Malwarebytes Anti-Rootkit (cleanup) - ok
19:41:11.0034 0x058c [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
19:41:11.0066 0x058c Sidebar - ok
19:41:11.0128 0x058c [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
19:41:11.0128 0x058c mctadmin - ok
19:41:11.0222 0x058c [ 522D7C043890F3D27D56548871959D9C, 7D77AD83AF781336C5F30C073F99EA6669F27832A3198055B7432FE16CA3FC37 ] C:\Windows\Web\Wallpaper\MEDION\start.vbs
19:41:11.0222 0x058c Screensaver - ok
19:41:11.0253 0x058c [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\sidebar.exe
19:41:11.0268 0x058c Sidebar - ok
19:41:11.0300 0x058c [ 5C42A1C410C1EA4D71B655D3B05D3181, 31D6C507D2220617D9789AF2B8A799C4E26E9C17A2F6429DB8AE4E96CE5CE360 ] C:\Windows\Speech\Common\sapisvr.exe
19:41:11.0315 0x058c Speech Recognition - ok
19:41:11.0424 0x058c [ 0C85B24C059C0614AA506D15C9A7978D, D0A66F2B3A72065F1ED323ABEC37EA02433B7CD566D01E6E8DC1E032C81BBD4D ] C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe
19:41:11.0424 0x058c Yontoo Desktop - ok
19:41:12.0111 0x058c [ 58920E6A409046BA06548D9D139CE0F0, 73FB33F5A76A3445C494482D520448EE02C0B1B7D3DD2E97BE3A9B15F89C5911 ] C:\Program Files\Skype\Phone\Skype.exe
19:41:12.0750 0x058c Skype - ok
19:41:12.0782 0x058c Waiting for KSN requests completion. In queue: 247
19:41:13.0796 0x058c Waiting for KSN requests completion. In queue: 247
19:41:14.0810 0x058c Waiting for KSN requests completion. In queue: 247
19:41:15.0824 0x058c Waiting for KSN requests completion. In queue: 247
19:41:16.0838 0x058c Waiting for KSN requests completion. In queue: 247
19:41:17.0696 0x0598 Object send P2P result: false
19:41:17.0727 0x0694 Object send P2P result: false
19:41:17.0727 0x0694 Object required for P2P: [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService
19:41:17.0852 0x058c Waiting for KSN requests completion. In queue: 226
19:41:18.0039 0x05f0 Object send P2P result: false
19:41:18.0866 0x058c Waiting for KSN requests completion. In queue: 209
19:41:19.0583 0x076c Object send P2P result: false
19:41:19.0880 0x058c Waiting for KSN requests completion. In queue: 199
19:41:20.0894 0x058c Waiting for KSN requests completion. In queue: 199
19:41:21.0908 0x058c Waiting for KSN requests completion. In queue: 199
19:41:22.0922 0x058c Waiting for KSN requests completion. In queue: 199
19:41:23.0936 0x058c Waiting for KSN requests completion. In queue: 199
19:41:24.0450 0x0200 Object send P2P result: false
19:41:24.0950 0x058c Waiting for KSN requests completion. In queue: 192
19:41:25.0652 0x0764 Object send P2P result: false
19:41:25.0964 0x058c Waiting for KSN requests completion. In queue: 175
19:41:26.0978 0x058c Waiting for KSN requests completion. In queue: 175
19:41:27.0960 0x059c Object send P2P result: false
19:41:27.0960 0x059c Object required for P2P: [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy
19:41:27.0992 0x058c Waiting for KSN requests completion. In queue: 172
19:41:29.0006 0x058c Waiting for KSN requests completion. In queue: 172
19:41:30.0020 0x058c Waiting for KSN requests completion. In queue: 36
19:41:31.0034 0x058c Waiting for KSN requests completion. In queue: 36
19:41:32.0048 0x058c Waiting for KSN requests completion. In queue: 36
19:41:33.0062 0x058c Waiting for KSN requests completion. In queue: 36
19:41:34.0076 0x058c Waiting for KSN requests completion. In queue: 15
19:41:35.0090 0x058c Waiting for KSN requests completion. In queue: 15
19:41:36.0104 0x058c Waiting for KSN requests completion. In queue: 15
19:41:36.0993 0x0694 Object send P2P result: true
19:41:36.0993 0x0694 Object required for P2P: [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus
19:41:37.0118 0x058c Waiting for KSN requests completion. In queue: 14
19:41:38.0132 0x058c Waiting for KSN requests completion. In queue: 14
19:41:39.0146 0x058c Waiting for KSN requests completion. In queue: 14
19:41:40.0160 0x058c Waiting for KSN requests completion. In queue: 14
19:41:40.0409 0x059c Object send P2P result: true
19:41:41.0174 0x058c Waiting for KSN requests completion. In queue: 3
19:41:42.0188 0x058c Waiting for KSN requests completion. In queue: 3
19:41:43.0202 0x058c Waiting for KSN requests completion. In queue: 3
19:41:44.0216 0x058c Waiting for KSN requests completion. In queue: 3
19:41:45.0230 0x058c Waiting for KSN requests completion. In queue: 3
19:41:46.0244 0x058c Waiting for KSN requests completion. In queue: 3
19:41:47.0258 0x058c Waiting for KSN requests completion. In queue: 3
19:41:48.0272 0x058c Waiting for KSN requests completion. In queue: 3
19:41:48.0365 0x0694 Object send P2P result: true
19:41:49.0520 0x058c Win FW state via NFP2: enabled
19:41:59.0348 0x058c ============================================================
19:41:59.0348 0x058c Scan finished
19:41:59.0348 0x058c ============================================================
19:41:59.0348 0x0688 Detected object count: 0
19:41:59.0348 0x0688 Actual detected object count: 0
|
|
07.02.2015, 21:54
| #7 |
| /// Malwareteam | Win 7: Schwarzbildschirm nach Start des Computers Na also, das sieht doch schonmal besser aus. Aber meine Vermutungen haben sie bestätigt. Du hattest dir ein Rootkit und einen Bankingtrojaner eingefangen (als Hauptproblem). Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Wenn du dich für eine weitere Bereinigung (und nochmal: wir haben gute Chancen den Rechner wieder sauber zu bekommen) entscheidest, solltest du auf jeden Fall am Ende der Bereinigung deine Passwörter ändern oder jetzt schon von einem anderen Rechner, bei dem du dir sicher bist, dass er ohne Malware ist. Des weiteren solltest du nichts weiter am Rechner machen. Probiere im normalen Modus zu starten. Falls das ohne Probleme funktioniert, führe direkt Schritt 1 aus. Wenn die explorer.exe wieder abstürzt, versuche über den Taskmanager die explorer.exe manuell zu starten. Dafür öffnest du den Taskmanager -> Neuer Task ... -> und gibts einfach explorer.exe ein. Falls diese sofort wieder abstürzt, wechsle wieder in den abgesicherten Modus mit Netzwerktreibern und führe folgenden Schritt aus: Schritt 1 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
08.02.2015, 12:46
| #8 |
| | Win 7: Schwarzbildschirm nach Start des Computers Hey Jonas, Also ich hätte kein Problem mit dem Fortfahren der Bereinigung, da ich noch nie Onlinebanking mit diesem PC gemacht habe (wegen der ganzen Werbung) und alle meine Daten eh schon gesichert habe und auch keine "sensiblen" Daten hier gespeichert habe. Eine Neuinstallation käme mir sogar ganz recht, da ich eh mal meine ganzen alten Programme entfernt haben wollte und nochmal alles neu einstellen wollte. Internet Explorer und Firefox funktionieren im normalen Modus. Hier ist der FRST log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Emily (administrator) on EMILY-PC on 08-02-2015 12:36:04
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\score.exe
() C:\Users\Emily\AppData\Roaming\VOPackage\VOsrv.exe
(app) C:\Program Files\Browsers Apps\4503c635-3e57-4083-ab3f-d96f93597eb9.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Microsoft) C:\Program Files\Yontoo\Y2Desktop.Updater.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
(Systweak) C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Yontoo LLC) C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
Failed to access process -> WMIADAP.exe
(Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-04-28] (Apple Computer, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [96303304 2014-08-15] (Microsoft Corporation)
HKLM\...\Run: [tvjbmonitor] => C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [53248 2006-12-26] ()
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1757648 2014-02-08] (APN)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Yontoo Desktop] => C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-02-02] (Yontoo LLC)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro 3.38\OptProLauncher.exe [148024 2015-02-02] (PC Utilities Software Limited)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-08-22] (Microsoft Corporation)
Startup: C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
ShortcutTarget: setup.lnk -> C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}\setup.exe (PC Utilities Software Limited)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.calcitapp.info/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=1E6B00262DC151E5&affID=119357&tsp=5019
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402691963&from=wpm0612&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0100161247274674&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=58&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DB5647D9A3684441AA70332AE49C6722 URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0100161247274674&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=58&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1E6B00262DC151E5&affID=119357&tsp=5019
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {4EEBDE03-4A52-43BC-A88B-B93E1A516942} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647959&src=kw&q={searchTerms}&locale=&apn_ptnrs=^8Q&apn_dtid=^YYYYYY^YY^DE&apn_uid=cabddbfa-b761-46ae-9501-77a247c4e860&apn_sauid=A0B9820A-406E-4682-A081-17EC3CD212F6
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: RegULArDeeaals -> {A63F6A27-6960-FFE7-5313-A90C10BAD43D} -> C:\ProgramData\RegULArDeeaals\2Ki.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual DJ Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\AskPartnerNetwork\Toolbar\VDJ\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
BHO: cosstminn -> {F0957C89-1479-61BB-1BCF-C64ED7C8EDC8} -> C:\Program Files\cosstminn\Znza9uVUEX.dll ()
Toolbar: HKLM - Virtual DJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\AskPartnerNetwork\Toolbar\VDJ\Passport.dll (APN LLC.)
Toolbar: HKU\.DEFAULT -> Virtual DJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\AskPartnerNetwork\Toolbar\VDJ\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB
FF DefaultSearchEngine: Trovi search
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/O1DPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml
FF Extension: Re-markit - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 [2013-11-15]
FF Extension: Fast Start - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\faststartff@gmail.com [2014-08-04]
FF Extension: Delta Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\ffxtlbr@delta.com [2013-09-25]
FF Extension: Browsers Apps - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\herman.thorne45@outlook.com [2015-02-08]
FF Extension: No Name - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com [2013-11-15]
FF Extension: shortcut - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\shortcutff@gmail.com [2014-08-04]
FF Extension: Plus-HD-1.3c - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com [2015-02-07]
FF Extension: Search-Results Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2013-02-01]
FF Extension: Iminent - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\firefoxmini@go.im.xpi [2014-08-12]
FF Extension: superfish - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\jid1-tce47bzfSrBDXQ@jetpack.xpi [2014-08-15]
FF Extension: PricePeep - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com.xpi [2013-11-05]
FF Extension: Virtual DJ Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\toolbar@ask.com.xpi [2014-02-14]
FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\shortcutff@gmail.com
FF HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Re-\x6d\x61rkit) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel [2013-11-15]
CHR Extension: (No Name) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg [2014-08-04]
CHR Extension: (No Name) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2013-09-28]
CHR HKLM\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Emily\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx [2013-06-11]
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Emily\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-25]
CHR HKLM\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\Emily\AppData\Roaming\zulagames\zulagames.crx [2013-07-01]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 8df1bcd0; c:\Program Files\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-08] ()
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-08] (APN LLC.)
S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-28] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-28] (BonanzaDeals)
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-04] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [761968 2014-06-12] (Cherished Technololgy LIMITED)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
R2 scores; C:\Windows\score.exe [4816384 2014-07-30] () [File not signed]
R2 servervo; C:\Users\Emily\AppData\Roaming\VOPackage\VOsrv.exe [73728 2014-08-04] () [File not signed] <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [540304 2014-06-11] (Cherished Technololgy LIMITED)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
R2 Yontoo Desktop Updater; C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-02-02] (Yontoo LLC)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech )
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2010-07-26] (NVIDIA Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 a2dda; \??\C:\Users\Emily\Desktop\MBRMastr.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Emily\AppData\Local\Temp\catchme.sys [X]
S1 cbbjpzjo; \??\C:\Windows\system32\drivers\cbbjpzjo.sys [X]
S0 rjaty; System32\drivers\imofugc.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 12:38 - 2015-02-08 12:38 - 00000000 ____D () C:\Windows\system32\SPReview
2015-02-08 12:37 - 2015-02-08 12:37 - 00000000 ____D () C:\9bcd6e346a1d0ed7c539f55b
2015-02-08 12:33 - 2015-02-08 12:33 - 00001065 _____ () C:\Users\Emily\Desktop\Optimizer Pro.lnk
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Optimizer Pro
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\ProgramData\APN
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.38
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2015-02-08 12:32 - 2015-02-08 12:32 - 00000000 ____D () C:\Users\Public\E3B468852C874837A8B554A1FA9071D5
2015-02-07 19:09 - 2015-02-07 19:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Emily\Desktop\tdsskiller.exe
2015-02-07 17:29 - 2015-02-08 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-07 17:29 - 2015-02-07 17:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 17:29 - 2015-02-07 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 17:27 - 2015-02-07 19:47 - 00000000 ____D () C:\Users\Emily\Desktop\mbar
2015-02-07 17:27 - 2015-02-07 17:53 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 17:24 - 2015-02-07 17:24 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Emily\Desktop\mbar-1.08.3.1004.exe
2015-02-07 12:21 - 2015-02-07 12:21 - 00158779 _____ () C:\Users\Emily\Desktop\Combofix.txt
2015-02-07 12:03 - 2015-02-07 12:03 - 00158779 _____ () C:\ComboFix.txt
2015-02-07 11:58 - 2015-02-07 11:58 - 00141616 _____ () C:\Windows\Minidump\020715-19718-01.dmp
2015-02-07 11:36 - 2015-02-07 12:03 - 00000000 ____D () C:\Qoobox
2015-02-07 11:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-07 11:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-07 11:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-07 11:35 - 2015-02-07 12:03 - 00000000 ____D () C:\Windows\erdnt
2015-02-07 11:35 - 2015-02-07 11:35 - 05611380 ____R (Swearware) C:\Users\Emily\Desktop\ComboFix.exe
2015-02-07 11:34 - 2015-02-07 11:35 - 05611380 _____ (Swearware) C:\Users\Emily\Downloads\ComboFix.exe
2015-02-07 11:33 - 2015-02-07 11:33 - 00788728 _____ (Emsisoft GmbH) C:\Users\Emily\Downloads\mbrmastr.exe
2015-02-07 11:33 - 2015-02-07 11:33 - 00017904 _____ (Emsi Software GmbH) C:\Users\Emily\Downloads\MBRMastr.sys
2015-02-06 23:13 - 2015-02-07 11:58 - 300521773 _____ () C:\Windows\MEMORY.DMP
2015-02-06 23:13 - 2015-02-07 11:58 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 23:13 - 2015-02-06 23:13 - 00141616 _____ () C:\Windows\Minidump\020615-23010-01.dmp
2015-02-06 22:48 - 2015-02-06 22:48 - 00003003 _____ () C:\Users\Emily\Desktop\gmer.txt
2015-02-06 22:34 - 2015-02-06 22:34 - 00043603 _____ () C:\Users\Emily\Desktop\Addition.txt
2015-02-06 22:33 - 2015-02-08 12:36 - 00000000 ____D () C:\FRST
2015-02-06 22:32 - 2015-02-06 22:33 - 00000000 ___RD () C:\Users\Emily\Desktop\Emilys Programme
2015-02-06 22:30 - 2015-02-06 22:30 - 00000472 _____ () C:\Users\Emily\Desktop\defogger_disable.log
2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 _____ () C:\Users\Emily\defogger_reenable
2015-02-06 22:01 - 2015-02-06 22:01 - 00000000 ____D () C:\Program Files\WaIntEnhance
2015-02-06 21:19 - 2015-02-06 22:58 - 00000000 ____D () C:\689882de6eaabdefc8
2015-02-06 20:07 - 2015-02-06 20:07 - 00000000 ____D () C:\ProgramData\Systweak
2015-02-06 19:58 - 2015-02-08 12:36 - 00000000 ____D () C:\Users\Emily\Desktop\AntiVirus Programme
2015-02-06 19:54 - 2015-02-06 19:54 - 00000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:52 - 2015-02-06 19:52 - 00009736 ____N () C:\bootsqm.dat
2015-02-06 19:51 - 2015-02-06 19:51 - 00000000 ____D () C:\found.000
2015-02-06 19:46 - 2015-02-06 19:46 - 00000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}
2015-02-06 19:45 - 2015-02-06 19:45 - 00000000 ____D () C:\Users\Emily\AppData\Local\SearchProtect
2015-02-05 19:40 - 2015-02-05 19:40 - 00000000 ____D () C:\Program Files\VS Revo Group
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 12:38 - 2011-04-28 20:27 - 01679154 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 12:35 - 2010-07-06 21:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 12:34 - 2013-08-06 16:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Skype
2015-02-08 12:32 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-08 11:32 - 2013-02-25 14:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Yontoo
2015-02-08 11:30 - 2014-08-04 10:04 - 00002066 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-4.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00003110 _____ () C:\Windows\Tasks\630346e9-1d7d-4aa1-b264-7e5276cba78a.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00002082 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5_user.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00002082 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00001582 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-1.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00001360 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-2.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00001284 _____ () C:\Windows\Tasks\4503c635-3e57-4083-ab3f-d96f93597eb9.job
2015-02-08 11:29 - 2014-08-04 10:03 - 00003792 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-11.job
2015-02-08 11:29 - 2014-08-04 10:03 - 00003110 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-3.job
2015-02-08 11:29 - 2014-08-04 10:03 - 00000874 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-08 11:29 - 2013-11-15 18:24 - 00001284 _____ () C:\Windows\Tasks\Plus-HD-1.3-updater.job
2015-02-08 11:29 - 2013-11-15 18:24 - 00001086 _____ () C:\Windows\Tasks\Plus-HD-1.3-enabler.job
2015-02-08 11:29 - 2013-11-15 18:23 - 00001186 _____ () C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2015-02-08 11:29 - 2013-11-15 18:22 - 00001882 _____ () C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2015-02-08 11:29 - 2013-11-15 18:22 - 00001806 _____ () C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
2015-02-08 11:29 - 2013-11-15 18:22 - 00000328 _____ () C:\Windows\Tasks\dsmonitor.job
2015-02-08 11:29 - 2013-09-28 14:20 - 00000908 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2015-02-08 11:29 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 11:29 - 2009-07-14 05:39 - 00088922 _____ () C:\Windows\setupact.log
2015-02-07 17:49 - 2010-07-07 19:31 - 00048408 _____ () C:\Windows\PFRO.log
2015-02-07 17:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Globalization
2015-02-07 17:41 - 2014-08-19 19:21 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Qaoxxie
2015-02-07 17:41 - 2014-08-19 19:15 - 00000000 ____D () C:\ProgramData\AqjiJzed
2015-02-07 17:41 - 2014-08-12 10:57 - 00000000 ____D () C:\Program Files\Supporter
2015-02-07 12:07 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\mozilla firefox
2015-02-07 11:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-07 11:52 - 2009-07-14 03:03 - 59768832 _____ () C:\Windows\system32\config\software.bak
2015-02-07 11:52 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-07 11:51 - 2009-07-14 03:03 - 17563648 _____ () C:\Windows\system32\config\system.bak
2015-02-07 11:51 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2015-02-07 11:49 - 2014-08-04 10:00 - 00000000 ____D () C:\Program Files\Probit Software
2015-02-07 11:49 - 2013-02-01 20:34 - 00000000 ____D () C:\Program Files\Search Results Toolbar
2015-02-07 11:47 - 2014-06-13 21:39 - 00000000 ____D () C:\Program Files\SupTab
2015-02-07 11:47 - 2013-09-25 16:37 - 00000000 ____D () C:\Program Files\Zula Games
2015-02-07 11:47 - 2013-09-25 16:37 - 00000000 ____D () C:\Program Files\Speed Analysis 2
2015-02-07 11:26 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-06 22:58 - 2014-09-05 14:58 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\InetStat
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\Program Files\PepperZip
2015-02-06 22:58 - 2014-06-13 21:40 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\337Games
2015-02-06 22:58 - 2014-03-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.0
2015-02-06 22:58 - 2013-11-15 18:21 - 00000000 ____D () C:\Program Files\Plus-HD-1.3
2015-02-06 22:58 - 2013-11-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2015-02-06 22:58 - 2013-11-15 17:19 - 00000000 ____D () C:\Program Files\Advanced System Protector
2015-02-06 22:58 - 2013-09-28 14:19 - 00000000 ____D () C:\Program Files\BonanzaDeals
2015-02-06 22:58 - 2013-09-25 16:39 - 00000000 ____D () C:\Program Files\77zip
2015-02-06 22:58 - 2013-08-04 15:10 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\.minecraft
2015-02-06 22:58 - 2013-05-11 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
2015-02-06 22:58 - 2013-02-25 14:01 - 00000000 ____D () C:\Program Files\Yontoo
2015-02-06 22:58 - 2013-02-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fessie
2015-02-06 22:58 - 2012-11-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-02-06 22:58 - 2010-08-09 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-06 22:58 - 2010-08-09 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack
2015-02-06 22:58 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-06 22:57 - 2013-11-15 17:18 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Systweak
2015-02-06 22:54 - 2011-11-06 17:20 - 00000000 ____D () C:\Program Files\Purplehills
2015-02-06 22:54 - 2011-04-28 22:44 - 00000000 ____D () C:\Program Files\Trend
2015-02-06 22:54 - 2011-04-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
2015-02-06 22:54 - 2010-08-09 13:53 - 00000000 ____D () C:\Program Files\Realtek
2015-02-06 22:53 - 2013-05-11 08:35 - 00000000 ____D () C:\Program Files\LEGO Media
2015-02-06 22:53 - 2012-01-11 17:55 - 00000000 ___RD () C:\MSOCache
2015-02-06 22:53 - 2011-04-28 22:31 - 00000000 ____D () C:\Program Files\Disney Interactive Studios
2015-02-06 22:53 - 2010-08-09 13:13 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-06 22:53 - 2010-08-09 13:11 - 00000000 ____D () C:\Program Files\Medion MediaPack
2015-02-06 22:30 - 2011-04-28 20:33 - 00000000 ____D () C:\Users\Emily
2015-02-06 22:00 - 2014-05-02 15:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-02-06 21:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-06 21:39 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 21:39 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 20:29 - 2010-08-09 13:53 - 00000000 ___HD () C:\Program Files\Temp
==================== Files in the root of some directories =======
2014-08-04 11:14 - 2014-08-04 11:14 - 0000314 _____ () C:\Users\Emily\AppData\Roaming\aps.uninstall.scan.results
2013-09-25 16:37 - 2013-09-25 16:36 - 0030894 _____ () C:\Users\Emily\AppData\Roaming\speedanalysis.ico
2011-06-18 18:20 - 2011-06-18 18:20 - 0018392 _____ () C:\Users\Emily\AppData\Roaming\UserTile.png
2013-09-28 16:08 - 2014-08-22 21:24 - 0000182 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2014-01-03 18:58 - 2014-01-03 18:58 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-09-28 16:08 - 2014-02-01 15:57 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-TTL.DAT
2014-08-19 20:10 - 2014-08-19 20:10 - 0007605 _____ () C:\Users\Emily\AppData\Local\Resmon.ResmonCfg
2015-02-06 19:54 - 2015-02-06 19:54 - 0000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:46 - 2015-02-06 19:46 - 0000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}
Some content of TEMP:
====================
C:\Users\Emily\AppData\Local\temp\optprosetup.exe
C:\Users\Emily\AppData\Local\temp\setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-30 06:23
==================== End Of Log ============================
LG Nailimixam Geändert von Nailimixam (08.02.2015 um 12:56 Uhr) |
|
08.02.2015, 14:49
| #9 |
| /// Malwareteam | Win 7: Schwarzbildschirm nach Start des Computers Ok, alles klar, dann machen wir weiter mit der Bereinigung . Wir kümmern uns jetzt um die ganze Werbung und die unnötigen Programme auf deinem Rechner.Schritt 1 Bitte deinstalliere folgende Programme:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8). Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
09.02.2015, 20:14
| #10 |
| | Win 7: Schwarzbildschirm nach Start des Computers Hey Jonas, Hier die gewünschten Files: AdwCleaner.txt: Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 08/02/2015 um 20:19:14
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium (x86)
# Benutzername : Emily - EMILY-PC
# Gestarted von : C:\Users\Emily\Desktop\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : APNMCP
[#] Dienst Gelöscht : bonanzadealslive
[#] Dienst Gelöscht : bonanzadealslivem
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : IePluginServices
Dienst Gelöscht : Scores
[#] Dienst Gelöscht : SPPD
Dienst Gelöscht : Wpm
Dienst Gelöscht : Yontoo Desktop Updater
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\wincert
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\cosstminn
Ordner Gelöscht : C:\ProgramData\RegULArDeeaals
Ordner Gelöscht : C:\ProgramData\f37bce10b200aa81
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Ordner Gelöscht : C:\Program Files\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files\BonanzaDeals
Ordner Gelöscht : C:\Program Files\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\Program Files\predm
Ordner Gelöscht : C:\Program Files\Probit Software
Ordner Gelöscht : C:\Program Files\Search Results Toolbar
Ordner Gelöscht : C:\Program Files\Speed Analysis 2
Ordner Gelöscht : C:\Program Files\supporter
Ordner Gelöscht : C:\Program Files\SupTab
Ordner Gelöscht : C:\Program Files\Uniblue
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\Program Files\77zip
Ordner Gelöscht : C:\Program Files\cosstminn
Ordner Gelöscht : C:\Program Files\RegULArDeeaals
Ordner Gelöscht : C:\Program Files\Browsers Apps
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Emily\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Emily\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Emily\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Emily\AppData\Local\torch
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Genesis_08040900
Ordner Gelöscht : C:\Users\Emily\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Emily\AppData\LocalLow\Feven 1.5
Ordner Gelöscht : C:\Users\Emily\AppData\LocalLow\ilividtoolbarguid
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\0D0S1L2Z1P1B
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\337Games
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Probit Software
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\SpeedAnalysis2
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Yontoo
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\zulagames
Ordner Gelöscht : C:\Users\Emily\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\torch
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\faststartff@gmail.com
[!] Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\firefoxmini@go.im.xpi
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com
[!] Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com.xpi
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\shortcutff@gmail.com
[!] Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\toolbar@ask.com.xpi
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\toolbar@ask.com.xpi
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\firefoxmini@go.im.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\score.exe
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\speedanalysis.ico
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
Datei Gelöscht : C:\Users\Emily\Desktop\Optimizer Pro.lnk
Datei Gelöscht : C:\Users\UpdatusUser\Desktop\NewPlayer.lnk
Datei Gelöscht : C:\Users\UpdatusUser\Desktop\PepperZip.lnk
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\invalidprefs.js
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\delta.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\delta-homes.xml
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\trovi-search.xml
***** [ Geplante Tasks ] *****
Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : BitGuard
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineCore
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineUA
Task Gelöscht : DigitalSite
Task Gelöscht : dsmonitor
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : 4503c635-3e57-4083-ab3f-d96f93597eb9
Task Gelöscht : 630346e9-1d7d-4aa1-b264-7e5276cba78a
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-1
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-11
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-2
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-3
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-4
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-5
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-5_user
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Emily\Desktop\Emilys Programme\Internet.lnk
Verknüpfung Desinfiziert : C:\Users\Emily\Desktop\Emilys Programme\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Emily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Emily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Emily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [shortcutff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.BackgroundHostObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.BackgroundHostObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.Navbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.Navbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.Tool.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RegularDealS.RegularDealS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RegularDealS.RegularDealS.7.2
Schlüssel Gelöscht : HKCU\Software\5a53d88bb36fbd44
Schlüssel Gelöscht : HKLM\SOFTWARE\5a53d88bb36fbd44
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0061787.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0061787.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0061787.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A63F6A27-6960-FFE7-5313-A90C10BAD43D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172287}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125557}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176687}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BB30FEA7-5866-406A-B47D-FB69E1AF8FD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A63F6A27-6960-FFE7-5313-A90C10BAD43D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A63F6A27-6960-FFE7-5313-A90C10BAD43D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A63F6A27-6960-FFE7-5313-A90C10BAD43D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45b4500a-39d4-4ebc-9962-0545df943550}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8dd9758c-0b65-462d-9a44-0cf3f531b65e}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DB5647D9A3684441AA70332AE49C6722
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4EEBDE03-4A52-43BC-A88B-B93E1A516942}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\Conduit
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\FreeSoftToday
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\ilividtoolbarguid
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\usyndication.com
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\Easy Speed Check
Schlüssel Gelöscht : HKCU\Software\USyndication
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Browsers Apps
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PricePeep
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re-Markable
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\aartemisSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\SOFTWARE\Browsers Apps
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\delta-homesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\do-searchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\iLividSRTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\NewPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\webssearchesSoftware
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsers Apps
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\77zip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\do-search.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getwebcake.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchgol.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16476
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v29.0.1 (de)
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.5CKUJzh324.url", "hxxp://webterminall.in/sync2/?q=hfZ9oehUBeCHtNbPhd98rdkEtMqLDe49CNU0mwkMCMlNhd9Fqda5rjUFpds9qjkMBzqUojw9rdYGrTsErTn8qih7hfs0pihPBMn0qTn6rTg4qja4qGhHC7n0rHY6rTn4[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119556&babsrc=NT_ss&mntrId=1e6b7ca500000000000000262dc151e5");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.VDJ.InstallDir", "\"C:\\\\Program Files\\\\Ask.com\\\\\"");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.VDJ.domain", "\"www.search.ask.com\"");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.VDJ.hpr_ff", "\"hxxp://www.search.ask.com/?l=dis&o=41647959&gct=hp\"");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.VDJ.hpr_ie", "\"hxxp://www.search.ask.com/?l=dis&o=41647959&gct=hp\"");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aUNGEDRJW444405LS70886362com62034.62034.internaldb.__ICM_DOWNLOADS__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22ant[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aUNGEDRJW444405LS70886362com62034.62034.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthropo[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aUNGEDRJW444405LS70886362com62034.62034.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22optionweb.com%22%2C%22pctool[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aUNGEDRJW444405LS70886362com62034.62034.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.ahermanthorne45outlookcom61787.61787.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthropolog[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.ahermanthorne45outlookcom61787.61787.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22optionweb.com%22%2C%22pctools.c[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.ahermanthorne45outlookcom61787.61787.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%2[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "1425ccb13f1d0aa3b57aea8cc57951a4");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.admin", false);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.aflt", "babsst");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.bbDpng", "8");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.cntry", "DE");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.dfltLng", "de");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.excTlbr", false);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.hdrMd5", "90FF83F56705D71C495128BD82D05FAF");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.id", "1e6b7ca500000000000000262dc151e5");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.instlDay", "15976");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.instlRef", "sst");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.24.615:20:26");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.newTab", false);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.prdct", "delta");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.rvrt", "false");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.sg", "azb");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.smplGrp", "azb");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.tlbrId", "base");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.615:20:26");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.babExt", "");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=5019");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledAddons", "pricepeep%40getpricepeep.com:2.2.0.4,shortcutff%40gmail.com:1.6.0,faststartff%40gmail.com:4.3.0,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.12,firefoxmini%4[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.installId", "c1bb0691-71c5-47cd-9b3a-9530dc74b7b8");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.LayoutId", "1");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0.00339711,\"s\":0,\"es\":3}");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.adapters", "{\"australianbrewingcompany\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"expireTime\":\"1386689055141259200\"},\"systweak\":{\"CountryCode\":\"DE\",\"NoAds\"[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"urlhxxps\[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrDCt8K4wrfCsMKywrHCtsKx\",\"raw_pkgid\":\"169613070\"}");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "[{\"ALERT_MESSAGES\":1,\"Analytics_code\":\"\",\"APPROVE_STRIP_COLOR\":\"4BBA42 \",\"CHARITY_URL\":\"hxxp://iminent.donation-tools.org[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCt8K4wrfCsMKywrHCtsKx");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.registerToolbarEvent101", "1400167150932");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.registerToolbarEvent102", "1400167183859");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts1", "1399570857046");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts13", "1423420152471");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts14", "1423304860998");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts15", "1423304860788");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts16", "1423420135236");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts2", "1399570857156");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts3", "1399570857427");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts4", "1402590586856");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts6", "1408471717351");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts7", "1408472359657");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts8", "1405518299039");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts9", "1423304860101");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.version", "9.6.2.1");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"9.6.2.1\",\"InstallEventCTime\":1423420096731,\"InstallEvent\":\"True\"}");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1369839517075");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1369834640587");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1370272634962");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1369839013014");
-\\ Google Chrome v
-\\ Comodo Dragon v
-\\ Chrome Canary v
*************************
AdwCleaner[R0].txt - [51572 Bytes] - [08/02/2015 20:17:02]
AdwCleaner[S0].txt - [51733 Bytes] - [08/02/2015 20:19:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [51793 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.02.2015 Suchlauf-Zeit: 18:20:30 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.09.08 Rootkit Datenbank: v2015.02.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x86 Dateisystem: NTFS Benutzer: Emily Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 419371 Verstrichene Zeit: 9 Min, 2 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.OptimizerPro, C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}\setup.exe, 4036, Löschen bei Neustart, [e587b7657119b6803e679b7f7092e11f] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 14 PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [a6c633e9c2c8f442258dbe48cc37a55b], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [a6c633e9c2c8f442258dbe48cc37a55b], PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE681A67-9477-CBE6-EB9D-FE534875F98D}, In Quarantäne, [f17be339e6a4de5803fe38cac34001ff], PUP.Optional.Zulagames.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{11577C71-9E04-4A42-ACC5-9C7F240BF4FE}, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2A16BB3D-56EA-472B-A8E8-7BB49ABDB37D}, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, HKLM\SOFTWARE\CLASSES\CLSID\{D2C54F93-A898-437F-AE89-7BDD918954A5}, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1B0DA3F5-D96D-483D-8BEF-224BA1B67620}, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Zula Games, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WaIntEnhance, In Quarantäne, [373527f547430531b13f4345f013d828], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [bfade735e1a9f83ec3573ad1e025bb45], PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{8df1bcd0}, In Quarantäne, [7af26cb06a200630ddb3aa033dc640c0], PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps, In Quarantäne, [6606a379e0aa270fe13a555215ee8977], PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, In Quarantäne, [79f3bc606c1ed16515b9bf0d47bc3cc4], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3, In Quarantäne, [90dcf12b4b3fab8ba237cef647bc6997], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 23 PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\config, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\Playlists, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\Snap, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\mz, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.PlusHD.A, C:\Users\Emily\AppData\LocalLow\Plus-HD-1.3, In Quarantäne, [91db23f9d5b522145eecf066bf44c13f], PUP.Optional.SearchResultsTB.A, C:\Windows\System32\config\systemprofile\AppData\LocalLow\searchresultstb, In Quarantäne, [323a110b63279c9a7915f47f33d053ad], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\defaults, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\defaults\preferences, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\userCode, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\locale, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\locale\en-US, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], Dateien: 164 PUP.Optional.OptimizerPro, C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}\setup.exe, Löschen bei Neustart, [e587b7657119b6803e679b7f7092e11f], PUP.Optional.OptimizerPro, C:\Program Files\Optimizer Pro 3.38\OptProSchedule.exe, In Quarantäne, [7def59c3a6e49a9c404f72dc768b41bf], PUP.Optional.OptimizerPro, C:\Program Files\Optimizer Pro 3.38\OptProSmartScan.exe, In Quarantäne, [0b6187952a6071c5ade3b797e1206c94], PUP.Optional.Somoto.A, C:\Users\Emily\Downloads\7ZipSetup.exe, In Quarantäne, [a4c8e13bf694a78f1a63de5a2cd42bd5], PUP.Optional.Conduit.A, C:\Users\Emily\Downloads\FileConverter_1.3.exe, In Quarantäne, [de8ee3396129d95d1ee01a56bd4423dd], PUP.Optional.RegCleanerPro, C:\Users\Emily\Downloads\rcpsetup_matomy_30679.exe, In Quarantäne, [501cd14b2367a5918308ee434ab7ee12], PUP.Optional.RegCleanerPro, C:\Users\Emily\Downloads\rcpsetup_softonic_new_de_pd_new.exe, In Quarantäne, [9dcf96860b7faa8cb8d37bb6e120bd43], PUP.Optional.Softonic, C:\Users\Emily\Downloads\SoftonicDownloader_fuer_virtual-dj-free-home-edition(1).exe, In Quarantäne, [36363ce09febbd7985cc37f452af39c7], PUP.Optional.Softonic, C:\Users\Emily\Downloads\SoftonicDownloader_fuer_virtual-dj-free-home-edition.exe, In Quarantäne, [c8a4b765f6945cda074ade4d748de61a], PUP.Optional.OptimizerPro, C:\Users\Public\E3B468852C874837A8B554A1FA9071D5\setup.exe, In Quarantäne, [600cc15b494190a67c29e139fc06d32d], PUP.Optional.Superfish.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\jid1-tce47bzfSrBDXQ@jetpack.xpi, In Quarantäne, [e983c557662480b69470307452b1f50b], PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\log.txt, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\config\config.ini, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], PUP.Optional.Searchqu.A, C:\Users\Emily\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, In Quarantäne, [ee7e7ba1f793b185ce0431b66e963fc1], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\background.html, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon128.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\AddonsFramework.Typelib.dll, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\BackgroundHost.exe, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\BackgroundHost64.exe, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\BackgroundHostPS.dll, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\bg.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\ButtonSite.dll, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\ButtonSite64.dll, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\config.xml, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\content.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon16.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon18.ico, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon18.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon24.ico, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon24.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon32.ico, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon32.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon48.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\jquery-1.9.1.min.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\json2.min.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\uninstall.exe, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\updater.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\updaterWrapper.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\zulagames.rdf, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\mz\background.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\mz\content.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], PUP.Optional.PlusHD.A, C:\Users\Emily\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p16808.dat, In Quarantäne, [91db23f9d5b522145eecf066bf44c13f], PUP.Optional.PlusHD.A, C:\Users\Emily\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p2300.dat, In Quarantäne, [91db23f9d5b522145eecf066bf44c13f], PUP.Optional.PlusHD.A, C:\Users\Emily\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p3800.dat, In Quarantäne, [91db23f9d5b522145eecf066bf44c13f], PUP.Optional.PlusHD.A, C:\Users\Emily\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p6504.dat, In Quarantäne, [91db23f9d5b522145eecf066bf44c13f], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome.manifest, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\install.rdf, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\2c1f8a6e50aa1c94ef60bae8aa1bf5ec.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\57e7929b45305b57d9a0de79e98c9489.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\6e95c05130ff097f160d3c57ee6ba28f.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\9a45f87ee8351a0cf83483061bd53792.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\b176883e352d26cd43db75eca3c14885.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\b292d109cfa50ec45233cee6ff5da70b.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\background.html, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\browser.xul, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\dialog.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\options.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\options.xul, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\search_dialog.xul, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\5c652b2fb759d42630e323758d09bade.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\0f4ec946678401589c1358a00057e960.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\11ae2f89d1e798f0ad12f10aa23a83b4.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\1b31e042d1b67fbe7dd2785ec0492a5d.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\1d2d43146833620402f964cc92f446ac.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\203ee0094b8845a290245fde57b8a8a6.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\30210a5ee4c5b3cfba0a0bbfd4cc9250.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\3803d71ec00b69996cb4351cd9cd2468.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\3cba06b41eebf31fb9c07429c2922ed0.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\630cd281e0b1ae42c0fc96b0a9a27c1f.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\81bb9b625359da0c3ff5ed2df2ebd984.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\820c7bf46bf85fbf16d455d70532c786.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\9eefbcd3b6b94b98ca40e653f2c874ab.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\a55b181375c5883e33be428980e7fef2.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\b999a96fd1cf0de5e049cd3eb6ec1b2d.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\c7344916630eae9306f244fa72307ba2.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\b19815695e6013719c9a610c6808a7a3.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\1140172464a3bebc130b417b5b5c6a98.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\1b4f2ee894b878a29d9aeb6105970b06.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\25eb3f7a6c5b8ee2a004fc74c06e087d.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\368340c3e4ac2a81ac1bfcf20604fbe2.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\41ea5accb04136001355aca7b70124f4.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\466c01f26fcc8853fb81b6721bba4d13.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\5e1711297f2ded34181e20f9f8837c1c.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\6273034e0a8bff85e9b3feef73f54da5.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\8ba71a8e45ae21e6ebbab0d6c5b0e667.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\8ec0828108316860e394217a63214e84.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\95d5828b0ec4ba26d7295abab22a9808.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\9d76436f5894498ea89bd907f06080c0.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\abdb8f7d474197e963eae3d844bb0bd8.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\bc7baebcb212348e4772b69133267875.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\ce1ae12f655e919ec6909b973229b7fc.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\de83dbbe45aeaf376519c64a7d21f3b9.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\e8463f2cdc5713fe1cb7a497bd234d99.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\f5829dc70d9a8f871d631698af86df4b.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\f84f2be286912063258b7b3bfe568ba2.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\installer.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\defaults\preferences\prefs.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\manifest.xml, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins.json, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\102.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\13.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\14.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\16.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\17.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\180.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\184.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\192.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\193.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\195.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\200.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\220.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\221.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\223.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\226.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\230.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\233.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\242.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\246.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\253.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\262.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\263.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\273.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\281.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\288.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\301.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\337.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\345.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\350.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\354.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\373.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\4.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\47.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\64.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\7.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\78.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\9.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\91.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\userCode\background.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\userCode\extension.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\locale\en-US\translations.dtd, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button1.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button2.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button3.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button4.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button5.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\crossrider_statusbar.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon128.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon16.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon24.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon48.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\panelarrow-up.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\popup.html, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\skin.css, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\update.css, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\ApiHandlr.dll, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\FiddlerCore.dll, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\HtmlAgilityPack.dll, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\InternetEnhancer.exe, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\InternetEnhancerService.exe, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\makecert.exe, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\Newtonsoft.Json.dll, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\WHttpServer.exe, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\wie, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015 Ran by Emily (administrator) on EMILY-PC on 09-02-2015 18:58:25 Running from C:\Users\Emily\Desktop\AntiVirus Programme Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily) Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (X10) C:\Program Files\Common Files\X10\Common\X10nets.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe () C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor) HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron) HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.) HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-04-28] (Apple Computer, Inc.) HKLM\...\Run: [tvjbmonitor] => C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [53248 2006-12-26] () HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-09] (Microsoft Corporation) Startup: C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk ShortcutTarget: setup.lnk -> C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}\setup.exe (No File) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle) Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default FF SearchEngineOrder.3: Bing FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/O1DPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: Re-markit - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 [2013-11-15] FF Extension: Plus-HD-1.3c - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com [2015-02-07] FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19] FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 8df1bcd0; c:\Program Files\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-08] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH) R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH) S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA) R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation) R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2010-07-26] (NVIDIA Corporation) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.) S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.) S3 a2dda; \??\C:\Users\Emily\Desktop\MBRMastr.sys [X] U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Emily\AppData\Local\Temp\catchme.sys [X] S1 cbbjpzjo; \??\C:\Windows\system32\drivers\cbbjpzjo.sys [X] S0 rjaty; System32\drivers\imofugc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 18:57 - 2015-02-09 18:57 - 00040338 _____ () C:\Users\Emily\Desktop\mbam.txt 2015-02-09 18:57 - 2015-02-09 18:57 - 00040338 _____ () C:\mbam.txt 2015-02-09 18:19 - 2015-02-09 18:19 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-09 18:19 - 2015-02-09 18:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-02-09 18:19 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-09 18:19 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-09 17:52 - 2015-02-09 17:52 - 00000000 ____D () C:\Windows\system32\SPReview 2015-02-08 20:58 - 2015-02-08 20:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Emily\Desktop\mbam-setup-2.0.4.1028.exe 2015-02-08 20:43 - 2015-02-08 20:43 - 00051874 _____ () C:\Users\Emily\Desktop\AdwCleaner[S0].txt 2015-02-08 20:16 - 2015-02-08 20:19 - 00000000 ____D () C:\AdwCleaner 2015-02-08 20:15 - 2015-02-08 20:15 - 02112512 _____ () C:\Users\Emily\Desktop\AdwCleaner_4.110.exe 2015-02-08 20:05 - 2015-02-08 20:05 - 00001230 _____ () C:\Users\Emily\Desktop\Revo Uninstaller.lnk 2015-02-08 12:37 - 2014-09-15 01:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-08 12:36 - 2015-02-08 12:39 - 00039945 _____ () C:\Users\Emily\Desktop\FRST.txt 2015-02-08 12:33 - 2015-02-09 18:31 - 00000000 ____D () C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4} 2015-02-08 12:33 - 2015-02-09 18:30 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.38 2015-02-08 12:32 - 2015-02-09 18:30 - 00000000 ____D () C:\Users\Public\E3B468852C874837A8B554A1FA9071D5 2015-02-07 19:09 - 2015-02-07 19:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Emily\Desktop\tdsskiller.exe 2015-02-07 17:29 - 2015-02-09 18:33 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-07 17:29 - 2015-02-09 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-07 17:29 - 2015-02-08 20:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-02-07 17:27 - 2015-02-07 19:47 - 00000000 ____D () C:\Users\Emily\Desktop\mbar 2015-02-07 17:27 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-07 17:24 - 2015-02-07 17:24 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Emily\Desktop\mbar-1.08.3.1004.exe 2015-02-07 12:21 - 2015-02-07 12:21 - 00158779 _____ () C:\Users\Emily\Desktop\Combofix.txt 2015-02-07 12:03 - 2015-02-07 12:03 - 00158779 _____ () C:\ComboFix.txt 2015-02-07 11:58 - 2015-02-07 11:58 - 00141616 _____ () C:\Windows\Minidump\020715-19718-01.dmp 2015-02-07 11:36 - 2015-02-07 12:03 - 00000000 ____D () C:\Qoobox 2015-02-07 11:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-07 11:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-07 11:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-07 11:35 - 2015-02-07 12:03 - 00000000 ____D () C:\Windows\erdnt 2015-02-07 11:35 - 2015-02-07 11:35 - 05611380 ____R (Swearware) C:\Users\Emily\Desktop\ComboFix.exe 2015-02-07 11:34 - 2015-02-07 11:35 - 05611380 _____ (Swearware) C:\Users\Emily\Downloads\ComboFix.exe 2015-02-07 11:33 - 2015-02-07 11:33 - 00788728 _____ (Emsisoft GmbH) C:\Users\Emily\Downloads\mbrmastr.exe 2015-02-07 11:33 - 2015-02-07 11:33 - 00017904 _____ (Emsi Software GmbH) C:\Users\Emily\Downloads\MBRMastr.sys 2015-02-06 23:13 - 2015-02-07 11:58 - 300521773 _____ () C:\Windows\MEMORY.DMP 2015-02-06 23:13 - 2015-02-07 11:58 - 00000000 ____D () C:\Windows\Minidump 2015-02-06 23:13 - 2015-02-06 23:13 - 00141616 _____ () C:\Windows\Minidump\020615-23010-01.dmp 2015-02-06 22:48 - 2015-02-06 22:48 - 00003003 _____ () C:\Users\Emily\Desktop\gmer.txt 2015-02-06 22:34 - 2015-02-06 22:34 - 00043603 _____ () C:\Users\Emily\Desktop\Addition.txt 2015-02-06 22:33 - 2015-02-09 18:58 - 00000000 ____D () C:\FRST 2015-02-06 22:32 - 2015-02-08 20:19 - 00000000 ___RD () C:\Users\Emily\Desktop\Emilys Programme 2015-02-06 22:30 - 2015-02-06 22:30 - 00000472 _____ () C:\Users\Emily\Desktop\defogger_disable.log 2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 _____ () C:\Users\Emily\defogger_reenable 2015-02-06 21:19 - 2015-02-06 22:58 - 00000000 ____D () C:\689882de6eaabdefc8 2015-02-06 19:58 - 2015-02-09 18:58 - 00000000 ____D () C:\Users\Emily\Desktop\AntiVirus Programme 2015-02-06 19:54 - 2015-02-06 19:54 - 00000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E} 2015-02-06 19:52 - 2015-02-06 19:52 - 00009736 ____N () C:\bootsqm.dat 2015-02-06 19:51 - 2015-02-06 19:51 - 00000000 ____D () C:\found.000 2015-02-06 19:46 - 2015-02-06 19:46 - 00000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0} 2015-02-05 19:40 - 2015-02-05 19:40 - 00000000 ____D () C:\Program Files\VS Revo Group ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 18:40 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-09 18:40 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-09 18:37 - 2011-04-28 20:27 - 01929830 _____ () C:\Windows\WindowsUpdate.log 2015-02-09 18:35 - 2013-11-15 17:17 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-09 18:34 - 2013-08-06 16:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Skype 2015-02-09 18:34 - 2011-05-20 12:37 - 00120360 _____ () C:\Users\Emily\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-09 18:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-09 18:32 - 2009-07-14 05:39 - 00089034 _____ () C:\Windows\setupact.log 2015-02-09 18:32 - 2009-07-14 05:33 - 00424232 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-09 18:31 - 2010-07-07 19:31 - 00123406 _____ () C:\Windows\PFRO.log 2015-02-09 18:22 - 2013-10-07 15:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-09 17:58 - 2011-05-20 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-09 17:41 - 2010-07-06 21:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-08 20:26 - 2013-10-07 15:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-08 20:26 - 2013-10-07 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-08 20:19 - 2013-05-05 14:39 - 00001027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-08 20:02 - 2013-09-28 16:08 - 00000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG 2015-02-08 12:32 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-02-07 17:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Globalization 2015-02-07 17:41 - 2014-08-19 19:21 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Qaoxxie 2015-02-07 17:41 - 2014-08-19 19:15 - 00000000 ____D () C:\ProgramData\AqjiJzed 2015-02-07 12:07 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\mozilla firefox 2015-02-07 11:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-02-07 11:52 - 2009-07-14 03:03 - 59768832 _____ () C:\Windows\system32\config\software.bak 2015-02-07 11:52 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak 2015-02-07 11:51 - 2009-07-14 03:03 - 17563648 _____ () C:\Windows\system32\config\system.bak 2015-02-07 11:51 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\default.bak 2015-02-07 11:26 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2015-02-06 22:58 - 2014-03-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.0 2015-02-06 22:58 - 2013-08-04 15:10 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\.minecraft 2015-02-06 22:58 - 2013-05-11 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media 2015-02-06 22:58 - 2013-02-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fessie 2015-02-06 22:58 - 2012-11-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 2015-02-06 22:58 - 2010-08-09 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM 2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema 2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-02-06 22:58 - 2010-08-09 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack 2015-02-06 22:58 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2015-02-06 22:54 - 2011-11-06 17:20 - 00000000 ____D () C:\Program Files\Purplehills 2015-02-06 22:54 - 2011-04-28 22:44 - 00000000 ____D () C:\Program Files\Trend 2015-02-06 22:54 - 2011-04-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios 2015-02-06 22:54 - 2010-08-09 13:53 - 00000000 ____D () C:\Program Files\Realtek 2015-02-06 22:53 - 2013-05-11 08:35 - 00000000 ____D () C:\Program Files\LEGO Media 2015-02-06 22:53 - 2012-01-11 17:55 - 00000000 ___RD () C:\MSOCache 2015-02-06 22:53 - 2011-04-28 22:31 - 00000000 ____D () C:\Program Files\Disney Interactive Studios 2015-02-06 22:53 - 2010-08-09 13:13 - 00000000 ____D () C:\Program Files\CyberLink 2015-02-06 22:53 - 2010-08-09 13:11 - 00000000 ____D () C:\Program Files\Medion MediaPack 2015-02-06 22:30 - 2011-04-28 20:33 - 00000000 ____D () C:\Users\Emily 2015-02-06 22:00 - 2014-05-02 15:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2015-02-06 21:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-02-05 20:29 - 2010-08-09 13:53 - 00000000 ___HD () C:\Program Files\Temp ==================== Files in the root of some directories ======= 2011-06-18 18:20 - 2011-06-18 18:20 - 0018392 _____ () C:\Users\Emily\AppData\Roaming\UserTile.png 2013-09-28 16:08 - 2015-02-08 20:02 - 0000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG 2014-01-03 18:58 - 2014-01-03 18:58 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-Q5-TTL.DAT 2013-09-28 16:08 - 2014-02-01 15:57 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-TTL.DAT 2014-08-19 20:10 - 2014-08-19 20:10 - 0007605 _____ () C:\Users\Emily\AppData\Local\Resmon.ResmonCfg 2015-02-06 19:54 - 2015-02-06 19:54 - 0000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E} 2015-02-06 19:46 - 2015-02-06 19:46 - 0000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0} Some content of TEMP: ==================== C:\Users\Emily\AppData\Local\temp\optprosetup.exe C:\Users\Emily\AppData\Local\temp\Quarantine.exe C:\Users\Emily\AppData\Local\temp\setup.exe C:\Users\Emily\AppData\Local\temp\sqlite3.dll C:\Users\Emily\AppData\Local\temp\uninst1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-30 06:23 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- (auf der 2. Seite gehts weiter!) Geändert von Nailimixam (09.02.2015 um 20:20 Uhr) |
|
09.02.2015, 20:17
| #11 |
| | Win 7: Schwarzbildschirm nach Start des Computers und Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2015
Ran by Emily at 2015-02-09 18:59:04
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
Angry Birds Rio (HKLM\...\{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}) (Version: 1.4.2 - Rovio)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
Disney Rapunzel (HKLM\...\{AEAEA61F-ECE0-4528-AD7A-8A916F5F576E}) (Version: 1.00.0000 - Disney Interactive Studios)
EG21 Vokabelkartei interaktiv 1 (HKLM\...\{A036DB99-B62F-4110-8D87-9DF0D6DC4022}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
EG21 Vokabelkartei interaktiv 2 (HKLM\...\{D9C1E527-F7B8-4C32-8186-E59DDD38C475}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Euro Truck Simulator 2 (HKLM\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.0.2 - SCS Software)
Fessie 1.01 (HKLM\...\Fessie) (Version: 1.01 - Connecta AG)
Globy (HKLM\...\Globy) (Version: - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HyperBalloidCE (HKLM\...\HyperBalloidCE) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java(TM) 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
Lernspaß 4 (HKLM\...\{F932A61A-4FAD-4390-8163-AB50F5FDE61B}) (Version: 1.00.0000 - Terzio Verlag)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Monster Training Einmaleins (HKLM\...\{5F87EF36-A373-11D5-AA2E-0008C760B784}) (Version: - )
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mysteryville 2 (HKLM\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
Ottifanten Ostfriesen Lemminge in Not (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Ottifanten Ostfriesen Lemminge in Not) (Version: V1.000000 - )
Pearl Poppers (HKLM\...\Pearl Poppers) (Version: - )
ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.5 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Great Mahjongg (HKLM\...\The Great Mahjongg) (Version: - )
TV Jukebox 3.0 (HKLM\...\{F3F1D08D-ABEF-4528-8383-54C46369EBB6}) (Version: 3.00.000 - Meta Media Inc)
Versteckt - Entdeckt! Fantasy (HKLM\...\{FD2A02A5-C285-11DC-AA69-00E07DDCAF19}) (Version: 1.00.0000 - Terzio Verlag)
Virtual DJ Toolbar (HKLM\...\{56444A00-6A76-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4331 - APN, LLC)
VirtualDJ Home FREE (HKLM\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Vokabelkartei interaktiv À plus! 1 (HKLM\...\{C7BD31A9-B17E-4125-8AE6-217C1FF8BE10}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Google Talk Plugin\gtpo3d_host.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
09-02-2015 17:52:41 Windows 7 Service Pack 1
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2015-02-07 11:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {091F344D-E5A6-40D2-B9C6-98AD2E6CDC50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001UA => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {13807DC3-5338-4132-84C1-05A3EB4BE663} - System32\Tasks\{E0FF7EA4-B9D4-41E6-AD9E-7E276684870D} => Firefox.exe
Task: {31F7DA48-CCA9-463C-90DC-C85A98190360} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {35B0D312-4D59-4C8C-976E-7C0D5D88EBD0} - System32\Tasks\{1FD47CF6-8F71-479D-99D6-0872FB2552A0} => Firefox.exe
Task: {48953138-6F84-4657-937E-E7C0BA169CC1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {496AC240-80AF-447B-BCD7-E913C55B1BA5} - System32\Tasks\{BFBC5E6D-AB99-48FB-A633-4AFBF761FA4D} => pcalua.exe -a C:\Users\Emily\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
Task: {733E8250-2532-4C70-A3DF-36E8FC0F1605} - System32\Tasks\{7A1D3718-8647-4D69-A2DC-E4EE9D091E84} => pcalua.exe -a C:\Windows\unin0407.exe -c -f"C:\Program Files\LEGO Media\Games\LEGO Schach\DeIsL1.isu"
Task: {B9410FCF-FACF-4ECF-AF3B-F3D70AA17553} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {C608BD0D-3ABC-4E57-8A2B-65D8E95EF791} - System32\Tasks\{1FAF4A1B-0C2D-4ABB-812E-78E6585C27EC} => Firefox.exe
Task: {D5F6E2C0-B410-40F2-A544-0698068D997D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001Core => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {F5BA07E2-72EE-4258-8F67-2171E541A678} - System32\Tasks\Security Center Update - 2034009945 => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe <==== ATTENTION
Task: {FAC5AEDC-E380-4246-8289-273225370801} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-03-28 20:41 - 2006-12-26 17:08 - 00053248 _____ () C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
2013-11-15 20:10 - 2013-11-15 20:10 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-08-09 13:36 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-16 18:30 - 2014-07-16 18:31 - 03839088 _____ () C:\Program Files\mozilla firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2221341230-3600195835-1468495209-500 - Administrator - Disabled)
Emily (S-1-5-21-2221341230-3600195835-1468495209-1001 - Administrator - Enabled) => C:\Users\Emily
Gast (S-1-5-21-2221341230-3600195835-1468495209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2221341230-3600195835-1468495209-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2221341230-3600195835-1468495209-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 73852964
Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 73852964
Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012
Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012
Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2015 08:19:15 PM) (Source: scores) (EventID: 0) (User: )
Description: Service failed on stop: 301: Interrupted.
System errors:
=============
Error: (02/09/2015 06:32:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
rjaty
Error: (02/09/2015 05:56:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007371b fehlgeschlagen: Windows 7 Service Pack 1 (KB976932)
Error: (02/08/2015 08:21:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
rjaty
Error: (02/08/2015 08:21:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "X10 Device Network Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/08/2015 08:21:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst X10 Device Network Service erreicht.
Error: (02/08/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/08/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/08/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Optimizer Pro Crash Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/08/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/08/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 73852964
Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 73852964
Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012
Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012
Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2015 08:19:15 PM) (Source: scores) (EventID: 0) (User: )
Description: Service failed on stop: 301: Interrupted.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3253.42 MB
Available physical RAM: 1803.73 MB
Total Pagefile: 6505.12 MB
Available Pagefile: 4686.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.27 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:522.66 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:9.61 GB) NTFS
Drive e: (22 Jul 2014) (CDROM) (Total:4.38 GB) (Free:2.51 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
10.02.2015, 19:31
| #12 |
| /// Malwareteam | Win 7: Schwarzbildschirm nach Start des Computers Ok, das sieht doch jetzt schon wieder fast gut aus . Du müsstest deutlich weniger Werbung angezeigt bekommen, wenn du deine Browser öffnest.Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 8df1bcd0; c:\Program Files\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-08] ()
Startup: C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF Extension: Re-markit - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 [2013-11-15]
FF Extension: Plus-HD-1.3c - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com [2015-02-07]
S1 cbbjpzjo; \??\C:\Windows\system32\drivers\cbbjpzjo.sys [X]
S0 rjaty; System32\drivers\imofugc.sys [X]
2015-02-08 12:33 - 2015-02-09 18:31 - 00000000 ____D () C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}
2015-02-08 12:33 - 2015-02-09 18:30 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.38
2015-02-08 12:32 - 2015-02-09 18:30 - 00000000 ____D () C:\Users\Public\E3B468852C874837A8B554A1FA9071D5
2015-02-07 17:41 - 2014-08-19 19:21 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Qaoxxie
2015-02-07 17:41 - 2014-08-19 19:15 - 00000000 ____D () C:\ProgramData\AqjiJzed
Task: {496AC240-80AF-447B-BCD7-E913C55B1BA5} - System32\Tasks\{BFBC5E6D-AB99-48FB-A633-4AFBF761FA4D} => pcalua.exe -a C:\Users\Emily\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
Task: {F5BA07E2-72EE-4258-8F67-2171E541A678} - System32\Tasks\Security Center Update - 2034009945 => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
Hast du jetzt noch irgendwelche Probleme zu beklagen (z.B. Werbung in Browsern, Firewall startet nicht, ...)? Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
11.02.2015, 17:47
| #13 |
| | Win 7: Schwarzbildschirm nach Start des Computers Hey Jonas, Nein es gibt zurzeit keinerlei Probleme mehr ! Danke vielmals dafür Hier die logs: fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-02-2015 01
Ran by Emily at 2015-02-11 16:13:38 Run:1
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
S2 8df1bcd0; c:\Program Files\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-08] ()
Startup: C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF Extension: Re-markit - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 [2013-11-15]
FF Extension: Plus-HD-1.3c - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com [2015-02-07]
S1 cbbjpzjo; \??\C:\Windows\system32\drivers\cbbjpzjo.sys [X]
S0 rjaty; System32\drivers\imofugc.sys [X]
2015-02-08 12:33 - 2015-02-09 18:31 - 00000000 ____D () C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}
2015-02-08 12:33 - 2015-02-09 18:30 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.38
2015-02-08 12:32 - 2015-02-09 18:30 - 00000000 ____D () C:\Users\Public\E3B468852C874837A8B554A1FA9071D5
2015-02-07 17:41 - 2014-08-19 19:21 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Qaoxxie
2015-02-07 17:41 - 2014-08-19 19:15 - 00000000 ____D () C:\ProgramData\AqjiJzed
Task: {496AC240-80AF-447B-BCD7-E913C55B1BA5} - System32\Tasks\{BFBC5E6D-AB99-48FB-A633-4AFBF761FA4D} => pcalua.exe -a C:\Users\Emily\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
Task: {F5BA07E2-72EE-4258-8F67-2171E541A678} - System32\Tasks\Security Center Update - 2034009945 => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
*****************
8df1bcd0 => Service deleted successfully.
C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 => Moved successfully.
C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com => Moved successfully.
cbbjpzjo => Service deleted successfully.
rjaty => Service deleted successfully.
C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4} => Moved successfully.
C:\Program Files\Optimizer Pro 3.38 => Moved successfully.
C:\Users\Public\E3B468852C874837A8B554A1FA9071D5 => Moved successfully.
C:\Users\Emily\AppData\Roaming\Qaoxxie => Moved successfully.
C:\ProgramData\AqjiJzed => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{496AC240-80AF-447B-BCD7-E913C55B1BA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{496AC240-80AF-447B-BCD7-E913C55B1BA5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BFBC5E6D-AB99-48FB-A633-4AFBF761FA4D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BFBC5E6D-AB99-48FB-A633-4AFBF761FA4D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5BA07E2-72EE-4258-8F67-2171E541A678}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5BA07E2-72EE-4258-8F67-2171E541A678}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2034009945 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2034009945" => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
The system needed a reboot.
==== End of Fixlog 16:13:39 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b536ee049e85c345970e34fecae58421
# engine=22422
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-11 04:41:33
# local_time=2015-02-11 05:41:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8709 175304084 0 0
# scanned=153984
# found=220
# cleaned=0
# scan_time=3243
sh=1D35C5005E8B2CBE463BE8840D8B519BCBDAEE3D ft=1 fh=57608bffe13529a4 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-2221341230-3600195835-1468495209-1001\$R6WE68G\_Setupx.dll"
sh=AA8FF80CB504D6C7CD680D0F098A3896E680A8E9 ft=1 fh=4fc511e7f3924f0b vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir"
sh=AA8FF80CB504D6C7CD680D0F098A3896E680A8E9 ft=1 fh=4fc511e7f3924f0b vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir"
sh=D5639EC96BB23E91CCC655C4E765797930866676 ft=1 fh=611e9e9c9165914e vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir"
sh=AA8FF80CB504D6C7CD680D0F098A3896E680A8E9 ft=1 fh=4fc511e7f3924f0b vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir"
sh=609D8E76D3CC9811543AE9FF60C99FA238755DEB ft=1 fh=ae6efe48edf4869d vn="Variante von Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir"
sh=FEC645D6BF74FD011FA9EE2075478E9E059B3EEF ft=1 fh=258f8231b82cc0cb vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir"
sh=E59C40DBDFFBFC64CB01080F85ADB47515919AAD ft=1 fh=25b1bb1ca23e3ee4 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=61999ADB14A580A2D965FB8E6AA0AC31B61CF3C1 ft=1 fh=54b10837e69fea4a vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir"
sh=7589639BBD0B6B0B2A054F7DFDBA593FD29024C8 ft=1 fh=695860d343b88911 vn="Variante von Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir"
sh=9C2787DC9E576D2E41708DE8C1BEB33DEB15D61E ft=1 fh=c7caabdcdebc939d vn="Variante von Win32/Toolbar.CrossRider.AG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\4503c635-3e57-4083-ab3f-d96f93597eb9.exe.vir"
sh=8D57ED223372029604A58E28A836C2C8C2E9704A ft=1 fh=7d230d90e957aef6 vn="Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-11.exe.vir"
sh=FD00BCA35C8591EF1E845A20D483DED135151FDF ft=1 fh=b7c4b1882a9d9679 vn="Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-2.exe.vir"
sh=8D57ED223372029604A58E28A836C2C8C2E9704A ft=1 fh=7d230d90e957aef6 vn="Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-3.exe.vir"
sh=04D4C54F52BC74CCF1A4E83F85B14286243BD504 ft=1 fh=80ca5f910089e023 vn="Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe.vir"
sh=6434B75488BF75D37A371694C2F858776CA362C7 ft=1 fh=152a1c9c1a78823e vn="Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe.vir"
sh=6B4362E535A0BCF1E4C81A297E07DF557480BF74 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da.crx.vir"
sh=AC216A957B0E8F56D00ED4818EAF98B3F061A662 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da.xpi.vir"
sh=259F6A6A0A48FA2D7A3BA87BD79C9B7D2AD01B13 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da_.xpi.vir"
sh=3FD221495EC5445B4CD23E81CB5AAB5236F5AD4F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\7ca3042b-9ed4-4eb1-a697-0a7d537e6c18.crx.vir"
sh=6B4362E535A0BCF1E4C81A297E07DF557480BF74 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\b016e406-0d37-4013-a459-fa5f39829182.crx.vir"
sh=4522FF99A4C4C9DFA2052C2E29E63E5D58C219FA ft=1 fh=43f36c18abce6610 vn="Variante von Win32/Toolbar.CrossRider.AL evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\Browsers Apps-bg.exe.vir"
sh=1CDF8704E1FA09D6E112F1EB3AC9270AC2998D5D ft=1 fh=1a54a32b92a89dcf vn="Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\Browsers Apps-bho.dll.vir"
sh=42BC4467BA787D6FF595AC8AAEC40498DE9A1155 ft=1 fh=841443a6fd0099b3 vn="Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\Browsers Apps-codedownloader.exe.vir"
sh=7F2A3D482E96FA628D93730AFAF277C15D2F1F7F ft=1 fh=670e1a428a992442 vn="Variante von Win32/Toolbar.CrossRider.AW evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\Uninstall.exe.vir"
sh=0B9C2E4B33F8B9D1B6F24E59751338A421AC4426 ft=1 fh=e08f2cd1b954de4b vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\utils.exe.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\uninstall.exe.vir"
sh=741518CA17409E0C108EA202464829E6C664ED1E ft=1 fh=52477f93f91d8732 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=0144DAD6530EDBF83280FF7B7ACE933567C6AF13 ft=1 fh=1852f3471a1c93e3 vn="Win32/AdWare.Yontoo.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\Y2Desktop.Updater.exe.vir"
sh=35F99C843B7AE9A4EA9039D0EB2C604012C1C610 ft=1 fh=c71c0011107b1fae vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\cosstminn\FQ7ipqPJviI.exe.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=4EDACB162E79B13F82774B4D1951DDAD8C518115 ft=1 fh=eba317b2b14505a9 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=EEA5DA42D4BBD9D95EC87F167D7B8CA37C34380C ft=1 fh=c71c001150440d8f vn="Variante von Win32/AdWare.MultiPlug.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\RegULArDeeaals\2Ki.exe.vir"
sh=08F655DCDE8449EF57A3FA5CC2FA9B2535633869 ft=1 fh=82f7a571cc924085 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Systweak\Advanced System Protector\updates\aspsetup_update.exe.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=1CBE4131517EA02318B4E507FFBF2DC13C9C1640 ft=1 fh=c39ecf1f8dcb1733 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"
sh=B2555C0BADDF0837A51D44D34CB8D78B2B22B91D ft=1 fh=8aacdf23ffe8d7a9 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"
sh=22A3F74C8FA3BAF363B26F1CED92FA6E048F4A9E ft=1 fh=210043307b82281e vn="Variante von Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"
sh=5918876B66D0E8BD574EA9B07E3E774B4D3D919F ft=1 fh=1bef8d0f35b0bd2e vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"
sh=77918B0878255FC1383E41084977C8CF7CD463D9 ft=1 fh=c71c00119ea191b0 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=4B438C9B64DD27C64140EC83EA5020B761BA94B3 ft=1 fh=c35f7b16075203da vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=84FE61ACEE90134C6BFBD3CECF1FB07BC22C997C ft=1 fh=dc261decc3a37fad vn="Variante von Win32/DealPly.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\digitalsite\UpdateProc\UpdateTask.exe.vir"
sh=0903A766E581AACA95D4CD6AA88BBCD97D419B2D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\firefoxmini@go.im.xpi.vir"
sh=77603C73753651529C22CF2ECB5B977FCD4D7E35 ft=1 fh=b873605b24f73a7b vn="Variante von MSIL/WebCake.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe.vir"
sh=7B439FB6CD9AE4A46F402F0A44DB0B22F3479CE6 ft=1 fh=739fca2ab5e7f1a8 vn="Variante von Win32/BrowseFox.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\Yontoo\dat\DIBS.dat.vir"
sh=12883B42F1321524DFC99A0C433A2306154469CE ft=1 fh=6c051e8af692ba0f vn="Variante von Win32/Agent.WGA Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\score.exe.vir"
sh=615447E6F302CC41089D7C1EA09F4F007330C8A3 ft=1 fh=42c5de6a5b8e8081 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=5CC86FE93E7A871C52C8F9CE44AE0F5D01D5B6D9 ft=1 fh=91f916f1ca21642a vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Optimizer Pro 3.38\OptimizerPro.exe"
sh=9D8D0015189F1FB80B7C20518A941011736A1C64 ft=1 fh=f20030823d0ba1bd vn="Variante von Win32/OptimizerPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Optimizer Pro 3.38\OptProHelper.dll"
sh=1AA97E63ABBB08E9E3E06C3FED249D8FD7B4CFB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com\extensionData\plugins\91.js"
sh=69965658CBE50E2BDADB72755BB94332A4D5F971 ft=1 fh=b5c5c236bb0c961e vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\AddonNP.exe.vir"
sh=43A123C825F2DB7104D75DA73B6B71C0A2B320DA ft=1 fh=36bf59f3c65f5b85 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\NewVideoPlayer.exe.vir"
sh=8F6E476776CD4FA44D506E22250FA6E5CC3082E3 ft=1 fh=079aa239846523ec vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\NewVideoPlayerUpdater.exe.vir"
sh=E519ED8E680E82B608957A593691208AF95AFC36 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\manifest.json.vir"
sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\script.js.vir"
sh=DBAE067FA9F72487D9331D77AFE14E3C6D77AE6F ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir"
sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir"
sh=08120C49FFCC10FFF09C4965E1CCC99F08EC06E3 ft=1 fh=c4065e695ff8e78d vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\references\NewPlayerChecker.exe.vir"
sh=599A62BB9002AAD8D9D86A13A271D2A392560620 ft=1 fh=c71c0011cd782379 vn="Variante von Win32/AdWare.PricePeep.A Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\PricePeep\prICepeep.dll.vir"
sh=B018ADBCA951AC0EB0757AFFD7EAB8FC0228CA91 ft=1 fh=fda9a5748d3eb594 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Probit Software\Easy Speed PC\ESPCSmartScan.exe.vir"
sh=35B91359601850759FE50DCE27B038418D33E80E ft=1 fh=a4817a2a71291fe2 vn="Win32/Toolbar.SearchSuite.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll.vir"
sh=59E30A83FC710528D0A8A5EEF8CFEFFEFFE17881 ft=1 fh=98c3f5977377438a vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\datamngr.dll.vir"
sh=AD24D72F8876F45CB18DEF319804D546C92E904B ft=1 fh=ab949da295df187e vn="Variante von Win32/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe.vir"
sh=B9EA675D8106F830BAF07501A498BCB94DB97A75 ft=1 fh=5e7e7dc0a08ecdd0 vn="Variante von Win32/Toolbar.SearchSuite.R evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\DnsBHO.dll.vir"
sh=155EFD07D8D9E403412371E6057D4AC4F95D9C98 ft=1 fh=49a75721ee6af88a vn="Variante von Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll.vir"
sh=327B4D7CE381BB22132DEEEE770830A5CD855B04 ft=1 fh=c71c0011acd358ec vn="Variante von Win32/Toolbar.SearchSuite.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\installhelper.dll.vir"
sh=785BAA44888EA404E503E828E8A963CF107E450D ft=1 fh=c71c0011aedbd345 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll.vir"
sh=35B966343014852B925997600B1400F656AC2BC0 ft=1 fh=c71c001125a516b4 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll.vir"
sh=D85044E04626EE9ABB7CBE23EB21462118B9532C ft=1 fh=c71c0011f9f90ab1 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll.vir"
sh=AE5E307560B0AA3903C934D565EB8265A164693F ft=1 fh=c71c00110a465468 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll.vir"
sh=96C1C8A9E53D94CACA348AD548F2ED3DB4ECB596 ft=1 fh=c71c00117e2a3620 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll.vir"
sh=8B12CBBA703C8BD13656F760B39E2334298AA75A ft=1 fh=c71c00116ecb61ab vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll.vir"
sh=0A080A481AA4638269BEC117BC0DF55DE989AFBD ft=1 fh=c71c0011273ceb73 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF16.dll.vir"
sh=9683ABB8D38F5EA1738D595BCF871966C231A204 ft=1 fh=c71c0011dfa83c27 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF17.dll.vir"
sh=8910FC4F7320E6B689ECEC5BDCFD20B2D8C22BA6 ft=1 fh=c71c0011cd123c27 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF18.dll.vir"
sh=56A2213459FE27FAD705242321C47257CDDDF12D ft=1 fh=c71c00116a6f70f9 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll.vir"
sh=294BCF6E5DA692300C76DB67476B925AF3A7A5DC ft=1 fh=c71c001137b4187c vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll.vir"
sh=D5D390992E9A9DFA36F1314D30D3E44A01949745 ft=1 fh=c71c0011febf293c vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll.vir"
sh=E2B05D8BF5DDDB4324C4DFB9B3C1A74241D66BD7 ft=1 fh=c71c001104691cfa vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll.vir"
sh=30D40E57570F161FA7A193E822EEFB9481010C6B ft=1 fh=c71c0011926aa342 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll.vir"
sh=1CCE7EB841FA770FD4CAF733DB9CDF7FDA6449DD ft=1 fh=c71c0011dfd7aceb vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll.vir"
sh=8151222086D8598B10D9E150897897BB2FC6C17C ft=1 fh=c71c0011d919f634 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll.vir"
sh=BFDC3839ACE19D582651CBDBCA401D85ACB87CEE ft=1 fh=c71c0011ea55d4ef vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe.vir"
sh=E02E52D8D6D4809A43A0747AD2D43EA571EFAF81 ft=1 fh=28dc55d634c41655 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll.vir"
sh=AEE777C33B56057601631AB4644C0978BCA2A1C8 ft=1 fh=42e798c3bb668ec2 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultstb.dll.vir"
sh=064680D54E8FBA2D06E2A5E35060BB16B3636C3B ft=1 fh=4ae2a46f410a297c vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=E6BF88B3390FEA12DB1F6F150800B531FEDADB01 ft=1 fh=4a10605500753c35 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=40B63087012BF7DA70AE82BD473BCCFDD93BF8F5 ft=1 fh=027554fe6efee6bd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=584265F2BA0B47696184876335BAF6E175C81BEF ft=1 fh=2f2b206b1a22bc74 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=2D9A7EAF0637343E63C8622AA99C16E817A0F204 ft=1 fh=79672f4490f328fb vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=6CDD189837D5C70B6F11EC1467DFC06B5B1DAB56 ft=1 fh=8d9f8b9dd40f9b55 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=295FC6612C9C97760937DF651A963A44C99CD0C0 ft=1 fh=aaec07ed4cd90b5d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=1281BC2E05EBA5C4AEA26227C68ABBBF6ED9A2BC ft=1 fh=78661b0bb1b930fe vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=2510D5FD078002C413DAA2B68FEBA3E9AC8BDE80 ft=1 fh=b3c45eb818ca1528 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=E18E67AF494118B8B73EC4EC2269E89AA9C18237 ft=1 fh=d7d3a79201d8389a vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=519D351E7D451CF8965426034C27558B024323A9 ft=1 fh=ee3584189238a1b3 vn="Variante von Win32/Toolbar.Besttoolbars.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Speed Analysis 2\ScRIpthost.dll.vir"
sh=03DBFA1572019E6B0A7745CA443E74CCA8FEEFFD ft=1 fh=c71c0011e74d8dee vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SupTab\SuPTab.dll.vir"
sh=DF42B242EADAD093ACC54961BB0C38670EAD848F ft=1 fh=a6df0048ea629c0a vn="Variante von Win32/Toolbar.Besttoolbars.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Zula Games\ScRIpthost.dll.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=181AC2B9057F4DDC5D1A2E7CD5EFEAC269C15F1C ft=1 fh=9e0b256bf3bd13ec vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\nst139B.tmp.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\108_icm_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\120_luck_m.js.vir"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=E2AAC0A6807AABEFDD15388FE0DF40EDD826084E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=89A2473F8804B70DE1D0953DFDD5D3F4D970FB7C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=631D51C0D12FBED68BBF95F6E6505F2CE3692BAB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\108_icm_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\120_luck_m.js.vir"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=E2AAC0A6807AABEFDD15388FE0DF40EDD826084E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=89A2473F8804B70DE1D0953DFDD5D3F4D970FB7C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=631D51C0D12FBED68BBF95F6E6505F2CE3692BAB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\108_icm_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\120_luck_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=E2AAC0A6807AABEFDD15388FE0DF40EDD826084E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=B78A18D3D82E3FB5057E12E1DB7FAD86C538E687 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=0541B9683E2C0FE8FA316A14FBFE39F8B6B25340 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=34C172F21F03BA75D0ECA4AB4687596BBE5963ED ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\91.js.vir"
sh=0E9341513B2301CFF2630A188567E0CDFEDE6DE2 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com\content\bg.js.vir"
sh=745D9E2C15B9F297D137FE3B8C604B285303669A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com\content\bg.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=AA36B059945D6670093606079029A1D95535A8D2 ft=1 fh=1ff55921747a3893 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFYR4D6X\Setup[1].exe"
sh=D87AFBC2EE869E294517FDA1D5B0756B1466B0DF ft=1 fh=5066bc0bb3c35ed5 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\23IX2TXH\setup[1].exe"
sh=2B2E9BF5CEEC740AF537FAC859DAE71334295C53 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHL Trojaner" ac=I fn="C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6LCV346O\8twy0q1cod[1].htm"
sh=DC0F743421D79250BC0A46E0407FD9EACFC7CCFD ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NFT Trojaner" ac=I fn="C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9S8336K0\wmeuqn6lm8[1].htm"
sh=AA36B059945D6670093606079029A1D95535A8D2 ft=1 fh=1ff55921747a3893 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Emily\AppData\Local\temp\nsv8CDD.tmp"
sh=E5D7080471FFE7DB9DC0600FA01FC4AAB5C2B290 ft=1 fh=5f007986cda230ad vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Emily\AppData\Local\temp\optprosetup.exe"
sh=4847D7866FD98E323B9D3F313E3C63BDEFB58708 ft=1 fh=3f72015d81b1b6a0 vn="Variante von Win32/SoftPulse.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Emily\Downloads\Player.exe"
sh=6BC17F637711C4EBF329BBD8FBA845C373A1C299 ft=1 fh=d95d4f54d0a56649 vn="Win32/Wajam.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63RKJ3WJ\wajam_update[1].066"
sh=D9BC4A8300516B14ED7E084CFEDA4D9625C7726E ft=1 fh=f77004a6a7cc6f37 vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71C9F72W\update-util[1].exe"
sh=329A982A1B2E7D8BD3AEB7FECC339640F08032F4 ft=1 fh=a14a1a98964039e4 vn="Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71C9F72W\WIE_2.23.2.8[1]"
sh=D9BC4A8300516B14ED7E084CFEDA4D9625C7726E ft=1 fh=f77004a6a7cc6f37 vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFOIG2L2\update-util[1].exe"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 01 Ran by Emily (administrator) on EMILY-PC on 11-02-2015 17:43:36 Running from C:\Users\Emily\Desktop\AntiVirus Programme Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily) Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (X10) C:\Program Files\Common Files\X10\Common\X10nets.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe () C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor) HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron) HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.) HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-04-28] (Apple Computer, Inc.) HKLM\...\Run: [tvjbmonitor] => C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [53248 2006-12-26] () HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-09] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default FF SearchEngineOrder.3: Bing FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/O1DPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19] FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH) R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH) S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA) R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation) R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2010-07-26] (NVIDIA Corporation) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.) S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.) S3 a2dda; \??\C:\Users\Emily\Desktop\MBRMastr.sys [X] U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Emily\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 16:19 - 2015-02-11 16:19 - 00000000 ____D () C:\Program Files\ESET 2015-02-11 16:18 - 2015-02-11 16:19 - 02347384 _____ (ESET) C:\Users\Emily\Downloads\esetsmartinstaller_deu.exe 2015-02-09 20:22 - 2015-02-09 20:22 - 00000000 ____D () C:\Windows\system32\SPReview 2015-02-09 18:57 - 2015-02-09 18:57 - 00040338 _____ () C:\mbam.txt 2015-02-09 18:19 - 2015-02-09 18:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-02-09 18:19 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-09 18:19 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-08 20:43 - 2015-02-08 20:43 - 00051874 _____ () C:\Users\Emily\Desktop\AdwCleaner[S0].txt 2015-02-08 20:16 - 2015-02-08 20:19 - 00000000 ____D () C:\AdwCleaner 2015-02-08 12:37 - 2014-09-15 01:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-07 17:29 - 2015-02-11 16:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-07 17:29 - 2015-02-09 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-07 17:29 - 2015-02-08 20:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-02-07 17:27 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-07 12:03 - 2015-02-07 12:03 - 00158779 _____ () C:\ComboFix.txt 2015-02-07 11:58 - 2015-02-07 11:58 - 00141616 _____ () C:\Windows\Minidump\020715-19718-01.dmp 2015-02-07 11:36 - 2015-02-07 12:03 - 00000000 ____D () C:\Qoobox 2015-02-07 11:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-07 11:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-07 11:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-07 11:35 - 2015-02-07 12:03 - 00000000 ____D () C:\Windows\erdnt 2015-02-07 11:35 - 2015-02-07 11:35 - 05611380 ____R (Swearware) C:\Users\Emily\Desktop\ComboFix.exe 2015-02-07 11:34 - 2015-02-07 11:35 - 05611380 _____ (Swearware) C:\Users\Emily\Downloads\ComboFix.exe 2015-02-07 11:33 - 2015-02-07 11:33 - 00788728 _____ (Emsisoft GmbH) C:\Users\Emily\Downloads\mbrmastr.exe 2015-02-07 11:33 - 2015-02-07 11:33 - 00017904 _____ (Emsi Software GmbH) C:\Users\Emily\Downloads\MBRMastr.sys 2015-02-06 23:13 - 2015-02-07 11:58 - 300521773 _____ () C:\Windows\MEMORY.DMP 2015-02-06 23:13 - 2015-02-07 11:58 - 00000000 ____D () C:\Windows\Minidump 2015-02-06 23:13 - 2015-02-06 23:13 - 00141616 _____ () C:\Windows\Minidump\020615-23010-01.dmp 2015-02-06 22:33 - 2015-02-11 17:43 - 00000000 ____D () C:\FRST 2015-02-06 22:32 - 2015-02-08 20:19 - 00000000 ___RD () C:\Users\Emily\Desktop\Emilys Programme 2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 _____ () C:\Users\Emily\defogger_reenable 2015-02-06 21:19 - 2015-02-06 22:58 - 00000000 ____D () C:\689882de6eaabdefc8 2015-02-06 19:58 - 2015-02-11 17:43 - 00000000 ____D () C:\Users\Emily\Desktop\AntiVirus Programme 2015-02-06 19:54 - 2015-02-06 19:54 - 00000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E} 2015-02-06 19:51 - 2015-02-06 19:51 - 00000000 ____D () C:\found.000 2015-02-06 19:46 - 2015-02-06 19:46 - 00000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0} 2015-02-05 19:40 - 2015-02-05 19:40 - 00000000 ____D () C:\Program Files\VS Revo Group ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 17:28 - 2011-04-28 20:27 - 01642680 _____ () C:\Windows\WindowsUpdate.log 2015-02-11 17:22 - 2013-10-07 15:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-11 16:21 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-11 16:21 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-11 16:16 - 2013-08-06 16:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Skype 2015-02-11 16:14 - 2014-05-02 15:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-02-11 16:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-11 16:14 - 2009-07-14 05:39 - 00089146 _____ () C:\Windows\setupact.log 2015-02-11 16:13 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-02-11 16:13 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-02-11 15:52 - 2010-07-07 19:31 - 00123760 _____ () C:\Windows\PFRO.log 2015-02-09 19:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-02-09 18:35 - 2013-11-15 17:17 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-09 18:34 - 2011-05-20 12:37 - 00120360 _____ () C:\Users\Emily\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-09 18:32 - 2009-07-14 05:33 - 00424232 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-09 17:58 - 2011-05-20 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-09 17:41 - 2010-07-06 21:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-08 20:26 - 2013-10-07 15:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-08 20:26 - 2013-10-07 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-08 20:19 - 2013-05-05 14:39 - 00001027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-08 20:02 - 2013-09-28 16:08 - 00000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG 2015-02-07 17:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Globalization 2015-02-07 12:07 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\mozilla firefox 2015-02-07 11:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-02-07 11:52 - 2009-07-14 03:03 - 59768832 _____ () C:\Windows\system32\config\software.bak 2015-02-07 11:52 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak 2015-02-07 11:51 - 2009-07-14 03:03 - 17563648 _____ () C:\Windows\system32\config\system.bak 2015-02-07 11:51 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\default.bak 2015-02-07 11:26 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2015-02-06 22:58 - 2014-03-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.0 2015-02-06 22:58 - 2013-08-04 15:10 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\.minecraft 2015-02-06 22:58 - 2013-05-11 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media 2015-02-06 22:58 - 2013-02-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fessie 2015-02-06 22:58 - 2012-11-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 2015-02-06 22:58 - 2010-08-09 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM 2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema 2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-02-06 22:58 - 2010-08-09 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack 2015-02-06 22:58 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2015-02-06 22:54 - 2011-11-06 17:20 - 00000000 ____D () C:\Program Files\Purplehills 2015-02-06 22:54 - 2011-04-28 22:44 - 00000000 ____D () C:\Program Files\Trend 2015-02-06 22:54 - 2011-04-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios 2015-02-06 22:54 - 2010-08-09 13:53 - 00000000 ____D () C:\Program Files\Realtek 2015-02-06 22:53 - 2013-05-11 08:35 - 00000000 ____D () C:\Program Files\LEGO Media 2015-02-06 22:53 - 2012-01-11 17:55 - 00000000 ___RD () C:\MSOCache 2015-02-06 22:53 - 2011-04-28 22:31 - 00000000 ____D () C:\Program Files\Disney Interactive Studios 2015-02-06 22:53 - 2010-08-09 13:13 - 00000000 ____D () C:\Program Files\CyberLink 2015-02-06 22:53 - 2010-08-09 13:11 - 00000000 ____D () C:\Program Files\Medion MediaPack 2015-02-06 22:30 - 2011-04-28 20:33 - 00000000 ____D () C:\Users\Emily 2015-02-06 21:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-02-05 20:29 - 2010-08-09 13:53 - 00000000 ___HD () C:\Program Files\Temp ==================== Files in the root of some directories ======= 2011-06-18 18:20 - 2011-06-18 18:20 - 0018392 _____ () C:\Users\Emily\AppData\Roaming\UserTile.png 2013-09-28 16:08 - 2015-02-08 20:02 - 0000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG 2014-01-03 18:58 - 2014-01-03 18:58 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-Q5-TTL.DAT 2013-09-28 16:08 - 2014-02-01 15:57 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-TTL.DAT 2014-08-19 20:10 - 2014-08-19 20:10 - 0007605 _____ () C:\Users\Emily\AppData\Local\Resmon.ResmonCfg 2015-02-06 19:54 - 2015-02-06 19:54 - 0000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E} 2015-02-06 19:46 - 2015-02-06 19:46 - 0000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0} Some content of TEMP: ==================== C:\Users\Emily\AppData\Local\temp\optprosetup.exe C:\Users\Emily\AppData\Local\temp\Quarantine.exe C:\Users\Emily\AppData\Local\temp\setup.exe C:\Users\Emily\AppData\Local\temp\sqlite3.dll C:\Users\Emily\AppData\Local\temp\uninst1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-09 19:30 ==================== End Of Log ============================ LG Nailimixam |
|
11.02.2015, 19:02
| #14 |
| /// Malwareteam | Win 7: Schwarzbildschirm nach Start des Computers Ok, das sieht jetzt schon fast wieder schön aus. Jedoch hast du total veraltete Programme, welche in hohes Sicherheitsrisiko darstellen. Daher werden wir jetzt noch dein System wieder auf den aktuellen Stand bringen .Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Emily\Downloads\Player.exe
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Installiere das Service Pack 1 für Windows 7 anhand folgender Anleitung: Installieren von Windows 7 Service Pack 1 (SP1). Lies dir die Anweisungen unter Vorbereitungen durch und befolge die Schritte unter Installieren von SP1 über Windows Update (empfohlen). Schritt 3 Lade dir bitte den Internet Explorer 11 herunter und installiere diesen. Auch wenn du den Internet Explorer nicht primär verwenden solltest, ist es trotzdem wichtig, diesen aktuell zu halten. Schritt 4 Nachdem du jetzt deine Systemkomponenten wieder up-to-date haben, updaten wir noch weitere Programme, bzw. deinstallieren veraltete Versionen: Deinstallieren veralteter Software
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8). Java Version 8 Update 31 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Adobe Reader Version XI (11.0.10)
Firefox 35.0.1 Gehe auf Hilfe -> "Über Firefox" und lasse die neusten Updates suchen. Schritt 5 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
12.02.2015, 17:36
| #15 |
| | Win 7: Schwarzbildschirm nach Start des Computers Hey Jonas, eigentlich hat alles geklappt nur konnte ich nicht Windows updaten da jedesmal eine Fehlermeldung am Ende der Instalation erschien. Dewgen konnte ich auch nicht den Internet Explorer aktualiesieren... Hier sind die Beiden Files: Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-02-2015 02
Ran by Emily at 2015-02-12 16:21:28 Run:2
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Emily\Downloads\Player.exe
EmptyTemp:
*****************
C:\Users\Emily\Downloads\Player.exe => Moved successfully.
EmptyTemp: => Removed 526.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog 16:23:01 ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02 Ran by Emily (administrator) on EMILY-PC on 12-02-2015 17:32:11 Running from C:\Users\Emily\Desktop\AntiVirus Programme Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily) Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (X10) C:\Program Files\Common Files\X10\Common\X10nets.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe () C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor) HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron) HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.) HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-04-28] (Apple Computer, Inc.) HKLM\...\Run: [tvjbmonitor] => C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [53248 2006-12-26] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated) HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-12] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default FF SearchEngineOrder.3: Bing FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/O1DPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19] FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH) R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH) S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA) R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation) R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2010-07-26] (NVIDIA Corporation) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.) S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.) S3 a2dda; \??\C:\Users\Emily\Desktop\MBRMastr.sys [X] U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Emily\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 17:29 - 2015-02-12 17:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-02-12 17:29 - 2015-02-12 17:29 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-02-12 17:29 - 2015-02-12 17:29 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-02-12 17:21 - 2015-02-12 17:22 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-12 17:21 - 2015-02-12 17:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-02-12 17:21 - 2015-02-12 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-02-12 17:21 - 2015-02-12 17:21 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-02-12 17:20 - 2015-02-12 17:20 - 00639912 _____ (Oracle Corporation) C:\Users\Emily\Downloads\jxpiinstall.exe 2015-02-12 17:15 - 2015-02-12 17:16 - 37059280 _____ (Microsoft Corporation) C:\Users\Emily\Downloads\IE11-Windows6.1-x86-de-de.exe 2015-02-12 16:46 - 2015-02-12 16:46 - 00000000 ____D () C:\Windows\system32\SPReview 2015-02-11 16:19 - 2015-02-11 16:19 - 00000000 ____D () C:\Program Files\ESET 2015-02-11 16:18 - 2015-02-11 16:19 - 02347384 _____ (ESET) C:\Users\Emily\Downloads\esetsmartinstaller_deu.exe 2015-02-09 18:57 - 2015-02-09 18:57 - 00040338 _____ () C:\mbam.txt 2015-02-09 18:19 - 2015-02-09 18:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-02-09 18:19 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-09 18:19 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-08 20:16 - 2015-02-08 20:19 - 00000000 ____D () C:\AdwCleaner 2015-02-08 12:37 - 2014-09-15 01:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-07 17:29 - 2015-02-12 16:26 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-07 17:29 - 2015-02-09 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-07 17:29 - 2015-02-08 20:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-02-07 17:27 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-07 12:03 - 2015-02-07 12:03 - 00158779 _____ () C:\ComboFix.txt 2015-02-07 11:58 - 2015-02-07 11:58 - 00141616 _____ () C:\Windows\Minidump\020715-19718-01.dmp 2015-02-07 11:36 - 2015-02-07 12:03 - 00000000 ____D () C:\Qoobox 2015-02-07 11:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-07 11:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-07 11:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-07 11:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-07 11:35 - 2015-02-07 12:03 - 00000000 ____D () C:\Windows\erdnt 2015-02-07 11:35 - 2015-02-07 11:35 - 05611380 ____R (Swearware) C:\Users\Emily\Desktop\ComboFix.exe 2015-02-07 11:34 - 2015-02-07 11:35 - 05611380 _____ (Swearware) C:\Users\Emily\Downloads\ComboFix.exe 2015-02-07 11:33 - 2015-02-07 11:33 - 00788728 _____ (Emsisoft GmbH) C:\Users\Emily\Downloads\mbrmastr.exe 2015-02-07 11:33 - 2015-02-07 11:33 - 00017904 _____ (Emsi Software GmbH) C:\Users\Emily\Downloads\MBRMastr.sys 2015-02-06 23:13 - 2015-02-07 11:58 - 300521773 _____ () C:\Windows\MEMORY.DMP 2015-02-06 23:13 - 2015-02-07 11:58 - 00000000 ____D () C:\Windows\Minidump 2015-02-06 23:13 - 2015-02-06 23:13 - 00141616 _____ () C:\Windows\Minidump\020615-23010-01.dmp 2015-02-06 22:33 - 2015-02-12 17:32 - 00000000 ____D () C:\FRST 2015-02-06 22:32 - 2015-02-08 20:19 - 00000000 ___RD () C:\Users\Emily\Desktop\Emilys Programme 2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 _____ () C:\Users\Emily\defogger_reenable 2015-02-06 21:19 - 2015-02-06 22:58 - 00000000 ____D () C:\689882de6eaabdefc8 2015-02-06 19:58 - 2015-02-12 17:32 - 00000000 ____D () C:\Users\Emily\Desktop\AntiVirus Programme 2015-02-06 19:54 - 2015-02-06 19:54 - 00000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E} 2015-02-06 19:51 - 2015-02-06 19:51 - 00000000 ____D () C:\found.000 2015-02-06 19:46 - 2015-02-06 19:46 - 00000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0} 2015-02-05 19:40 - 2015-02-05 19:40 - 00000000 ____D () C:\Program Files\VS Revo Group ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 17:31 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\mozilla firefox 2015-02-12 17:29 - 2011-12-21 12:44 - 00000000 ____D () C:\Users\Emily\AppData\Local\Adobe 2015-02-12 17:29 - 2010-07-06 22:27 - 00000000 ____D () C:\ProgramData\Adobe 2015-02-12 17:29 - 2010-07-06 22:27 - 00000000 ____D () C:\Program Files\Adobe 2015-02-12 17:22 - 2013-10-07 15:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-12 17:21 - 2010-07-09 16:52 - 00000000 ____D () C:\Program Files\Java 2015-02-12 17:21 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-12 17:21 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-12 17:16 - 2013-11-15 18:21 - 00002504 _____ () C:\Windows\IE11_main.log 2015-02-12 16:49 - 2011-04-28 20:27 - 01859574 _____ () C:\Windows\WindowsUpdate.log 2015-02-12 16:25 - 2010-07-07 19:31 - 00124094 _____ () C:\Windows\PFRO.log 2015-02-12 16:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-12 16:25 - 2009-07-14 05:39 - 00089258 _____ () C:\Windows\setupact.log 2015-02-11 19:40 - 2013-11-15 17:17 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 19:40 - 2011-05-20 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-11 19:40 - 2010-07-06 22:03 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-11 19:40 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini 2015-02-11 16:16 - 2013-08-06 16:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Skype 2015-02-11 16:14 - 2014-05-02 15:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-02-11 16:13 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-02-11 16:13 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-02-09 19:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-02-09 18:34 - 2011-05-20 12:37 - 00120360 _____ () C:\Users\Emily\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-09 18:32 - 2009-07-14 05:33 - 00424232 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-09 17:41 - 2010-07-06 21:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-08 20:26 - 2013-10-07 15:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-08 20:26 - 2013-10-07 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-08 20:19 - 2013-05-05 14:39 - 00001027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-08 20:02 - 2013-09-28 16:08 - 00000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG 2015-02-07 17:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Globalization 2015-02-07 11:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-02-07 11:52 - 2009-07-14 03:03 - 59768832 _____ () C:\Windows\system32\config\software.bak 2015-02-07 11:52 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak 2015-02-07 11:51 - 2009-07-14 03:03 - 17563648 _____ () C:\Windows\system32\config\system.bak 2015-02-07 11:51 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\default.bak 2015-02-07 11:26 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2015-02-06 22:58 - 2014-03-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.0 2015-02-06 22:58 - 2013-08-04 15:10 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\.minecraft 2015-02-06 22:58 - 2013-05-11 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media 2015-02-06 22:58 - 2013-02-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fessie 2015-02-06 22:58 - 2012-11-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 2015-02-06 22:58 - 2010-08-09 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM 2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema 2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-02-06 22:58 - 2010-08-09 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack 2015-02-06 22:58 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2015-02-06 22:54 - 2011-11-06 17:20 - 00000000 ____D () C:\Program Files\Purplehills 2015-02-06 22:54 - 2011-04-28 22:44 - 00000000 ____D () C:\Program Files\Trend 2015-02-06 22:54 - 2011-04-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios 2015-02-06 22:54 - 2010-08-09 13:53 - 00000000 ____D () C:\Program Files\Realtek 2015-02-06 22:53 - 2013-05-11 08:35 - 00000000 ____D () C:\Program Files\LEGO Media 2015-02-06 22:53 - 2012-01-11 17:55 - 00000000 ___RD () C:\MSOCache 2015-02-06 22:53 - 2011-04-28 22:31 - 00000000 ____D () C:\Program Files\Disney Interactive Studios 2015-02-06 22:53 - 2010-08-09 13:13 - 00000000 ____D () C:\Program Files\CyberLink 2015-02-06 22:53 - 2010-08-09 13:11 - 00000000 ____D () C:\Program Files\Medion MediaPack 2015-02-06 22:30 - 2011-04-28 20:33 - 00000000 ____D () C:\Users\Emily 2015-02-06 21:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-02-05 20:29 - 2010-08-09 13:53 - 00000000 ___HD () C:\Program Files\Temp ==================== Files in the root of some directories ======= 2011-06-18 18:20 - 2011-06-18 18:20 - 0018392 _____ () C:\Users\Emily\AppData\Roaming\UserTile.png 2013-09-28 16:08 - 2015-02-08 20:02 - 0000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG 2014-01-03 18:58 - 2014-01-03 18:58 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-Q5-TTL.DAT 2013-09-28 16:08 - 2014-02-01 15:57 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-TTL.DAT 2014-08-19 20:10 - 2014-08-19 20:10 - 0007605 _____ () C:\Users\Emily\AppData\Local\Resmon.ResmonCfg 2015-02-06 19:54 - 2015-02-06 19:54 - 0000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E} 2015-02-06 19:46 - 2015-02-06 19:46 - 0000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-09 19:30 ==================== End Of Log ============================ LG Nailimixam |
|
| Themen zu Win 7: Schwarzbildschirm nach Start des Computers |
| 32-bit, antivirus, blackscreen nach windows start, bonjour, browser, computer, desktop, device driver, euro, firefox, flash player, google, helper, home, homepage, iexplore.exe, installation, kennworteingabe, launch, mozilla, newtab, nvpciflt.sys, object, realtek, registry, revo uninstaller, scan, schach, schwarzbildschirm, security, software, svchost.exe, system, werbung, win 7, windows |
Linear-Darstellung
