| |
| |||||||
Log-Analyse und Auswertung: Geräusche und Werbung laufen im Hintergrund.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.03.2015, 11:57
| #1 |
 |  Geräusche und Werbung laufen im Hintergrund. Hallo, auch mich hat es wohl erwischt. Bei Benutzung des Notebooks ertönt ab und an im Hintergrund Werbung oder so etwas die eine Dokumentation. Im Audiomixer wird der Internetexplorer als aktiv angezeigt. Obwohl das Programm nicht aktiv ist. In den Prozessen im Task Manager sind diese auch aktiv. Wenn ich diese Prozesse stoppe kommen Sie irgendwann wieder. Ich habe Avira Antivirus drauf, damit gescannt aber nichts gefunden. Könnt Ihr mir helfen? Grüße hbi17 FRST.TXT Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Horst (administrator) on CONTROL on 25-03-2015 11:19:15
Running from C:\Users\Horst\Downloads
Loaded Profiles: Horst (Available profiles: Horst & Gast)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PnkBstrB.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Akamai Technologies, Inc.) C:\Users\Horst\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Horst\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\Run: [Hoolapp Android] => "C:\Users\Horst\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Horst\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\Run: [Facebook Update] => C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-12-04] (Facebook Inc.)
HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\Run: [Wolf Team - Downloader] => C:\Users\Horst\Downloads\wolf team.exe auto
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-143702537-521537602-2995010692-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKU\S-1-5-21-143702537-521537602-2995010692-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-143702537-521537602-2995010692-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1419775398&from=amt&uid=WDCXWD2500BEVS-08VAT2_WD-WX70A59U5187U5187
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> DefaultScope {BBAC3AB6-0FC6-4DDE-9CDC-8DC5C74EBB06} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss_gin2g&mntrId=F4CE0022FADBC93F
SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {3017DF27-5E32-4317-8740-14DD077E9CAD} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=f4ced6d800000000000000242cbc6b4c&r=179
SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419775398&from=amt&uid=WDCXWD2500BEVS-08VAT2_WD-WX70A59U5187U5187&q={searchTerms}
SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {BBAC3AB6-0FC6-4DDE-9CDC-8DC5C74EBB06} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {CDC7C307-DCF2-456D-95AD-92C50F479D61} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=C0C432D7-C101-4174-897A-BCD429ADB3F8&apn_sauid=CD79E393-D8E5-428D-865B-10B773D57AB2
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1419775398&from=amt&uid=WDCXWD2500BEVS-08VAT2_WD-WX70A59U5187U5187
FireFox:
========
FF ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchUrl:
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: mystartsearch
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin: @esn/npbattlelog,version=2.4.0 -> C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-143702537-521537602-2995010692-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Horst\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\searchplugins\bingp.xml [2013-07-17]
FF SearchPlugin: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\searchplugins\softonic.xml [2013-11-08]
FF Extension: Avira Browser Safety - C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\Extensions\abs@avira.com [2015-03-10]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [sparpilot@sparpilot.com] - C:\Program Files\SparPilot\sparpilot_8.xpi
FF Extension: SparPilot - Gutscheine & mehr... - C:\Program Files\SparPilot\sparpilot_8.xpi [2014-12-10]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1419775398&from=amt&uid=WDCXWD2500BEVS-08VAT2_WD-WX70A59U5187U5187
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1419775398&from=amt&uid=WDCXWD2500BEVS-08VAT2_WD-WX70A59U5187U5187"
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Battlefield Heroes) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-07-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (The Walking Dead) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mldegbgicinanjcfknlopehddepkpial [2014-07-20]
CHR Extension: (BrowseToolE0191) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk [2013-12-21]
CHR Extension: (Google Wallet) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Steel Clash) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\odlndclfdjfdbdgkjghpmkahffaghldh [2014-07-20]
CHR Extension: (Battlefield Play4Free) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2014-06-10]
CHR Extension: (Battlefield 3) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni [2014-07-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Horst\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2012-12-01]
CHR HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Horst\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2012-12-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [282104 2014-07-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-02-04] (Avira Operations GmbH & Co. KG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-02-04] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 11:19 - 2015-03-25 11:19 - 00014294 _____ () C:\Users\Horst\Downloads\FRST.txt
2015-03-25 11:19 - 2015-03-25 11:19 - 00000000 ____D () C:\FRST
2015-03-25 11:16 - 2015-03-25 11:16 - 00380416 _____ () C:\Users\Horst\Downloads\Gmer-19357.exe
2015-03-24 21:47 - 2015-03-24 21:47 - 00050994 _____ () C:\Users\Horst\AVSCAN-20150324-173027-9281AE55.LOG
2015-03-24 17:28 - 2015-03-24 17:28 - 01135104 _____ (Farbar) C:\Users\Horst\Downloads\FRST.exe
2015-03-24 17:27 - 2015-03-24 17:27 - 00000472 _____ () C:\Users\Horst\Downloads\defogger_disable.log
2015-03-24 17:27 - 2015-03-24 17:27 - 00000000 _____ () C:\Users\Horst\defogger_reenable
2015-03-24 17:25 - 2015-03-24 17:25 - 00050477 _____ () C:\Users\Horst\Downloads\Defogger.exe
2015-03-24 17:09 - 2015-03-24 17:09 - 00168708 _____ () C:\Windows\PFRO.log
2015-03-24 17:06 - 2015-03-24 17:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-24 16:40 - 2015-03-24 16:40 - 00000000 ____D () C:\OETemp
2015-03-24 16:31 - 2015-03-24 16:31 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\uwmtrncm
2015-03-22 19:13 - 2015-03-22 19:13 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\ljrtmhgs
2015-03-21 20:07 - 2015-03-21 20:07 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\jlwgqiga
2015-03-20 16:51 - 2015-03-20 16:51 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dkznjdkn
2015-03-19 20:26 - 2015-03-19 20:26 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\xxxcowcb
2015-03-17 17:08 - 2015-03-17 17:08 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\anapqudk
2015-03-17 13:47 - 2015-03-17 13:47 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\olpkvwvv
2015-03-16 17:06 - 2015-03-16 17:06 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\jsvsfryq
2015-03-16 16:43 - 2015-03-16 16:43 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\qawldwoc
2015-03-15 20:26 - 2015-03-25 10:03 - 00001344 _____ () C:\Windows\setupact.log
2015-03-15 20:26 - 2015-03-15 20:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-15 19:45 - 2015-03-15 19:45 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\fitkpcsr
2015-03-13 20:28 - 2015-03-13 20:28 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\envwamoi
2015-03-11 08:43 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:43 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:43 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:43 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:43 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:43 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:43 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:43 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:43 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:43 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:43 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:43 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:43 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:43 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:43 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:43 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:43 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:43 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:43 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:43 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:43 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:43 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:43 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:43 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:43 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:43 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:43 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:43 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:43 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:43 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:43 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:43 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:43 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:43 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:41 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:41 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:41 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:41 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:41 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:41 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:41 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:41 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:41 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:41 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:41 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:41 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:41 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:41 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:41 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:41 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:41 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:41 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:41 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 08:41 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:41 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 08:41 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 08:41 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:41 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:41 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:40 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 08:40 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:40 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:40 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:40 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:40 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:40 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:40 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:40 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:40 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:40 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:40 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:40 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:40 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:40 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:40 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:40 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:40 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:40 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:40 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:40 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:40 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:40 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 08:40 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 22:52 - 2015-03-10 22:52 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dpzojlri
2015-03-10 07:46 - 2015-03-10 07:46 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\bofgqbau
2015-03-07 15:29 - 2015-03-07 15:29 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dlqjfxpy
2015-03-01 10:09 - 2015-03-01 10:09 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\cveopnbf
2015-03-01 10:03 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-28 22:20 - 2015-02-28 22:20 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\fyggtkvz
2015-02-24 15:13 - 2015-02-24 15:13 - 04196968 _____ (Piriform Ltd) C:\Users\Horst\Downloads\ccsetup502_slim.exe
2015-02-23 17:12 - 2015-02-23 17:12 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\nlvsjqyi
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 11:17 - 2013-05-15 09:49 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 11:04 - 2012-07-17 00:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 11:00 - 2013-05-09 10:00 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2015-03-25 10:59 - 2013-07-29 16:59 - 00000292 _____ () C:\Windows\Tasks\DigitalSite.job
2015-03-25 10:13 - 2011-08-25 12:43 - 01319464 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 10:11 - 2009-07-14 05:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 10:11 - 2009-07-14 05:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 10:03 - 2013-05-15 09:49 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 10:03 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 10:02 - 2013-05-09 10:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-24 21:47 - 2011-08-25 12:47 - 00000000 ____D () C:\Users\Horst
2015-03-24 21:04 - 2013-12-04 17:59 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001UA.job
2015-03-24 20:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-24 18:04 - 2013-12-04 17:59 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001Core.job
2015-03-24 16:55 - 2015-01-20 19:10 - 00000000 ___HD () C:\$Windows.~BT
2015-03-24 16:46 - 2014-10-26 20:09 - 00000000 ____D () C:\Program Files\WarThunder
2015-03-24 16:45 - 2014-07-14 13:57 - 00000000 ____D () C:\Users\Horst\Steam
2015-03-24 16:45 - 2014-03-15 13:58 - 00000000 ____D () C:\Users\Horst\AppData\Local\Unity
2015-03-24 16:40 - 2015-02-14 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-24 16:40 - 2015-02-14 20:00 - 00000000 ____D () C:\ProgramData\Avira
2015-03-24 16:40 - 2015-02-14 20:00 - 00000000 ____D () C:\Program Files\Avira
2015-03-24 16:40 - 2014-08-06 10:51 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-24 16:39 - 2014-06-10 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-03-24 16:39 - 2014-05-30 07:38 - 00000000 ____D () C:\Program Files\Origin
2015-03-24 16:38 - 2014-05-30 07:38 - 00000000 ____D () C:\ProgramData\Origin
2015-03-24 16:37 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 16:34 - 2011-08-25 13:39 - 00000000 ____D () C:\Windows\Panther
2015-03-23 15:46 - 2015-02-15 18:40 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\Avira
2015-03-21 19:36 - 2013-05-15 09:50 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 14:41 - 2014-01-17 18:17 - 02346993 _____ () C:\Users\Horst\Downloads\TechnicLauncher (1).exe
2015-03-13 14:40 - 2014-01-14 13:59 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\.technic
2015-03-12 08:24 - 2009-07-14 05:33 - 00280264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 08:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-12 08:15 - 2013-08-15 13:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 08:05 - 2011-08-25 13:08 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 16:09 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2014-06-10 18:45 - 2014-07-11 11:22 - 0138056 _____ () C:\Users\Horst\AppData\Roaming\PnkBstrK.sys
2013-07-29 17:59 - 2014-10-23 12:24 - 0000089 _____ () C:\Users\Horst\AppData\Roaming\WB.CFG
2013-07-31 13:19 - 2014-01-03 05:40 - 0000005 _____ () C:\Users\Horst\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-07-29 17:59 - 2014-01-31 02:41 - 0000005 _____ () C:\Users\Horst\AppData\Roaming\WBPU-TTL.DAT
Files to move or delete:
====================
C:\Users\Horst\jagex_cl_runescape_LIVE.dat
C:\Users\Horst\libeay32.dll
C:\Users\Horst\msvcp110.dll
C:\Users\Horst\msvcr110.dll
C:\Users\Horst\Qt5Core.dll
C:\Users\Horst\Qt5Gui.dll
C:\Users\Horst\Qt5Network.dll
C:\Users\Horst\Qt5Sql.dll
C:\Users\Horst\Qt5Widgets.dll
C:\Users\Horst\quazip.dll
C:\Users\Horst\ssleay32.dll
Some content of TEMP:
====================
C:\Users\Horst\AppData\Local\Temp\avgnt.exe
C:\Users\Horst\AppData\Local\Temp\tmd_34012077.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-25 10:24
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Horst at 2015-03-25 11:20:16
Running from C:\Users\Horst\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.502 - Avira Operations GmbH & Co. KG)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 5.7.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
SketchUp 2013 (HKLM\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 2014 (HKLM\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.10194 - TeamViewer GmbH)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
Update for Image Editor (HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\DSite) (Version: - ) <==== ATTENTION
Update for Zip Opener (HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\DigitalSite) (Version: - ) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Horst\AppData\Roaming\uwmtrncm\colers.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Horst\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Horst\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Horst\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Horst\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Horst\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Horst\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
16-03-2015 16:45:09 Windows Update
20-03-2015 16:51:13 Windows Update
24-03-2015 16:31:32 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1AF57493-ECC1-4C3F-8EB2-3F7529998F96} - System32\Tasks\{B01BF3FE-4D0F-4012-983E-3E80F9C32263} => pcalua.exe -a C:\Users\Horst\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
Task: {1B389032-6FC5-42BD-9D73-DA10B563CDE0} - System32\Tasks\{6369C025-2599-425D-B9D6-25CC92766567} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.2.0.106/pl/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {5CCB3FEF-2502-47EA-BC23-98355F6D4773} - System32\Tasks\Your File Updater => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {630A5B52-A9BD-4F3D-961A-120248423B1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)
Task: {67968E66-C705-45EE-AB61-FD2D9FAB1EA7} - System32\Tasks\DealPly => C:\Users\Horst\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {69661425-A3BE-4F94-9485-A7C8965EB2ED} - System32\Tasks\DSite => C:\Users\Horst\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {738683E1-6ECD-45E0-B67E-3265F1BFEB0F} - System32\Tasks\DigitalSite => C:\Users\Horst\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {85DCA914-DC7D-4671-B605-7BB3F7C23267} - System32\Tasks\MySearchDial => C:\Users\Horst\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {8615A9B1-2A18-4AEF-8C91-F2F9C1E6E9E3} - System32\Tasks\Hoolapp For Android => C:\Users\Horst\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9579F568-C4BB-41A6-B8E7-F7F9D2ED0599} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)
Task: {AFABA366-ADEB-4832-AA39-DAC4A9870B4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {B76CD957-9487-4D14-97CC-F05CD1DE7B2D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001UA => C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-04] (Facebook Inc.)
Task: {D2089729-833A-44ED-B915-1F0A2856741D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001Core => C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-04] (Facebook Inc.)
Task: {D352507E-69E0-4D7A-BD71-02459DE12F74} - System32\Tasks\Hoolapp Init => C:\Users\Horst\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION
Task: {DE87EC71-49C8-4744-92ED-A1913D41B0C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E2F58399-BDE2-4B05-87F1-9040F156B795} - System32\Tasks\QtraxPlayer => 453160056.portal.qtrax.com
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Horst\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Horst\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001Core.job => C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001UA.job => C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Horst\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2014-06-10 18:45 - 2014-07-11 18:16 - 00282104 _____ () C:\Windows\system32\PnkBstrB.exe
2015-03-24 16:31 - 2015-03-24 16:31 - 00133120 _____ () C:\Users\Horst\AppData\Roaming\uwmtrncm\colers.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-143702537-521537602-2995010692-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Horst\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MSSE => "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
==================== Accounts: =============================
Administrator (S-1-5-21-143702537-521537602-2995010692-500 - Administrator - Disabled)
Gast (S-1-5-21-143702537-521537602-2995010692-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-143702537-521537602-2995010692-1002 - Limited - Enabled)
Horst (S-1-5-21-143702537-521537602-2995010692-1001 - Administrator - Enabled) => C:\Users\Horst
==================== Faulty Device Manager Devices =============
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Ericsson F3507g Mobile Broadband Minicard Composite Device
Description: Ericsson F3507g Mobile Broadband Minicard Composite Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/21/2015 09:07:50 PM) (Source: Google Update) (EventID: 20) (User: CONTROL)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (03/18/2015 02:15:00 PM) (Source: Google Update) (EventID: 20) (User: CONTROL)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (03/13/2015 00:56:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17689, Zeitstempel: 0x54e68526
Name des fehlerhaften Moduls: Flash32_16_0_0_305.ocx, Version: 16.0.0.305, Zeitstempel: 0x54cff11b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001ffe43
ID des fehlerhaften Prozesses: 0xdb8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (03/11/2015 05:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Name des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017600
ID des fehlerhaften Prozesses: 0x7ac
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3
Error: (03/11/2015 08:02:43 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).
Error: (03/09/2015 08:03:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17631, Zeitstempel: 0x54b31a70
Name des fehlerhaften Moduls: urlmon.dll, Version: 11.0.9600.17631, Zeitstempel: 0x54b31bc3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003218a
ID des fehlerhaften Prozesses: 0x880
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (03/09/2015 01:52:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17631, Zeitstempel: 0x54b31a70
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17631, Zeitstempel: 0x54b33039
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001e36c3
ID des fehlerhaften Prozesses: 0x111c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (03/01/2015 01:17:35 PM) (Source: Google Update) (EventID: 20) (User: CONTROL)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (03/01/2015 10:09:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SoftwareUpdate.exe, Version 2.1.3.127 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14c0
Startzeit: 01d053fdffc4c46c
Endzeit: 358
Anwendungspfad: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Berichts-ID: 5d37823b-bff2-11e4-b9d5-00242cbc6b4c
Error: (02/24/2015 07:22:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (03/25/2015 11:17:03 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (03/25/2015 11:17:03 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (03/25/2015 11:16:38 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (03/25/2015 11:16:34 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (03/25/2015 11:16:34 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (03/25/2015 11:16:33 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (03/25/2015 11:16:33 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (03/25/2015 10:07:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Technical Preview 9926
Error: (03/24/2015 05:11:05 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{DFEA779F-AF48-4A0E-9AC9-8DD648A11A-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/24/2015 05:03:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0xc190010e fehlgeschlagen: Upgrade auf Windows 10 Technical Preview 9926
Microsoft Office Sessions:
=========================
Error: (03/21/2015 09:07:50 PM) (Source: Google Update) (EventID: 20) (User: CONTROL)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (03/18/2015 02:15:00 PM) (Source: Google Update) (EventID: 20) (User: CONTROL)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (03/13/2015 00:56:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1768954e68526Flash32_16_0_0_305.ocx16.0.0.30554cff11bc0000005001ffe43db801d05d1f121e9705C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\Flash32_16_0_0_305.ocx7510d25b-c913-11e4-975e-00242cbc6b4c
Error: (03/11/2015 05:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff37940000015000176007ac01d05c0de207020cC:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeC:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exec56c4650-c80e-11e4-9b87-00242cbc6b4c
Error: (03/11/2015 08:02:43 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101
Error: (03/09/2015 08:03:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1763154b31a70urlmon.dll11.0.9600.1763154b31bc3c00000050003218a88001d05a97e088daabC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\urlmon.dll07936ab6-c68f-11e4-9b94-00242cbc6b4c
Error: (03/09/2015 01:52:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1763154b31a70MSHTML.dll11.0.9600.1763154b33039c0000005001e36c3111c01d05a643575dc09C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll15fbc400-c65b-11e4-a20e-00242cbc6b4c
Error: (03/01/2015 01:17:35 PM) (Source: Google Update) (EventID: 20) (User: CONTROL)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (03/01/2015 10:09:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftwareUpdate.exe2.1.3.12714c001d053fdffc4c46c358C:\Program Files\Apple Software Update\SoftwareUpdate.exe5d37823b-bff2-11e4-b9d5-00242cbc6b4c
Error: (02/24/2015 07:22:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Users\Horst\Steam\steamapps\common\Warframe\Warframe.x64.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 3037.3 MB
Available physical RAM: 1725.27 MB
Total Pagefile: 6072.89 MB
Available Pagefile: 4356.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.46 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:115.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 119DBBCC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-25 11:44:42
Windows 6.1.7601 Service Pack 1
Running: Gmer-19357.exe; Driver: C:\Users\Horst\AppData\Local\Temp\kxldqpow.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cbc6b4c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cbc6b4c@308ccefb5a0d 0x1D 0x7D 0xD5 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cbc6b4c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cbc6b4c@308ccefb5a0d 0x1D 0x7D 0xD5 0xE0 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\PerfTrack\ScenarioOccurrences\20@TotalOccurrences 17836
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\PerfTrack\ScenarioOccurrences\20@OccurrencesLessThanOrEqualTo25ScaledTPI 805
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\PerfTrack\ScenarioOccurrences\20@OccurrencesLessThanOrEqualTo50ScaledTPI 206
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@B541DE9C 802
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{FD7390CE-CF0E-11E0-8F42-806E6F6E6963} 9172382096
---- EOF - GMER 2.1 ----
|
|
25.03.2015, 12:00
| #2 |
| /// the machine /// TB-Ausbilder    | Geräusche und Werbung laufen im Hintergrund. hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
25.03.2015, 13:26
| #3 |
| | Geräusche und Werbung laufen im Hintergrund. Hallo, danke für die schnelle Antwort.
__________________habe die Schritte jetzt gemacht. Zwischendurch ist die Werbung wieder zu hören gewesen. MBAR Log Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.25.02
rootkit: v2015.02.25.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
Horst :: CONTROL [administrator]
25.03.2015 12:34:17
mbar-log-2015-03-25 (12-34-17).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 355533
Time elapsed: 21 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 13:01:26.0907 0x10e4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:01:31.0531 0x10e4 ============================================================
13:01:31.0531 0x10e4 Current date / time: 2015/03/25 13:01:31.0531
13:01:31.0531 0x10e4 SystemInfo:
13:01:31.0531 0x10e4
13:01:31.0531 0x10e4 OS Version: 6.1.7601 ServicePack: 1.0
13:01:31.0531 0x10e4 Product type: Workstation
13:01:31.0531 0x10e4 ComputerName: CONTROL
13:01:31.0531 0x10e4 UserName: Horst
13:01:31.0531 0x10e4 Windows directory: C:\Windows
13:01:31.0531 0x10e4 System windows directory: C:\Windows
13:01:31.0531 0x10e4 Processor architecture: Intel x86
13:01:31.0531 0x10e4 Number of processors: 2
13:01:31.0531 0x10e4 Page size: 0x1000
13:01:31.0531 0x10e4 Boot type: Normal boot
13:01:31.0531 0x10e4 ============================================================
13:01:33.0997 0x10e4 KLMD registered as C:\Windows\system32\drivers\68715828.sys
13:01:34.0346 0x10e4 System UUID: {821B485D-7920-FC8D-0BBB-3959AFD12EBA}
13:01:35.0290 0x10e4 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:01:35.0291 0x10e4 ============================================================
13:01:35.0291 0x10e4 \Device\Harddisk0\DR0:
13:01:35.0291 0x10e4 MBR partitions:
13:01:35.0291 0x10e4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:01:35.0292 0x10e4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
13:01:35.0292 0x10e4 ============================================================
13:01:35.0315 0x10e4 C: <-> \Device\Harddisk0\DR0\Partition2
13:01:35.0315 0x10e4 ============================================================
13:01:35.0315 0x10e4 Initialize success
13:01:35.0315 0x10e4 ============================================================
13:02:14.0984 0x12e0 ============================================================
13:02:14.0984 0x12e0 Scan started
13:02:14.0984 0x12e0 Mode: Manual; SigCheck; TDLFS;
13:02:14.0984 0x12e0 ============================================================
13:02:14.0984 0x12e0 KSN ping started
13:02:28.0788 0x12e0 KSN ping finished: true
13:02:32.0130 0x12e0 ================ Scan system memory ========================
13:02:32.0130 0x12e0 System memory - ok
13:02:32.0130 0x12e0 ================ Scan services =============================
13:02:32.0342 0x12e0 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:02:32.0502 0x12e0 1394ohci - ok
13:02:32.0542 0x12e0 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:02:32.0572 0x12e0 ACPI - ok
13:02:32.0602 0x12e0 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:02:32.0692 0x12e0 AcpiPmi - ok
13:02:32.0822 0x12e0 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:02:32.0832 0x12e0 AdobeARMservice - ok
13:02:32.0892 0x12e0 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:02:32.0912 0x12e0 AdobeFlashPlayerUpdateSvc - ok
13:02:32.0972 0x12e0 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:02:33.0022 0x12e0 adp94xx - ok
13:02:33.0053 0x12e0 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:02:33.0074 0x12e0 adpahci - ok
13:02:33.0094 0x12e0 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:02:33.0134 0x12e0 adpu320 - ok
13:02:33.0194 0x12e0 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:02:33.0264 0x12e0 AeLookupSvc - ok
13:02:33.0344 0x12e0 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
13:02:33.0444 0x12e0 AFD - ok
13:02:33.0484 0x12e0 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:02:33.0523 0x12e0 agp440 - ok
13:02:33.0566 0x12e0 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:02:33.0596 0x12e0 aic78xx - ok
13:02:33.0656 0x12e0 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
13:02:33.0716 0x12e0 ALG - ok
13:02:33.0836 0x12e0 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
13:02:33.0862 0x12e0 aliide - ok
13:02:33.0894 0x12e0 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:02:33.0908 0x12e0 amdagp - ok
13:02:33.0938 0x12e0 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
13:02:33.0955 0x12e0 amdide - ok
13:02:34.0000 0x12e0 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:02:34.0050 0x12e0 AmdK8 - ok
13:02:34.0070 0x12e0 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:02:34.0120 0x12e0 AmdPPM - ok
13:02:34.0170 0x12e0 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:02:34.0200 0x12e0 amdsata - ok
13:02:34.0231 0x12e0 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:02:34.0252 0x12e0 amdsbs - ok
13:02:34.0262 0x12e0 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:02:34.0282 0x12e0 amdxata - ok
13:02:34.0402 0x12e0 [ 62A6B0A393591878A1E00224EA698AD7, 691B6E248D0682477543455B67E85C768A4A53A92139E153320ED4E4CED1E010 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
13:02:34.0452 0x12e0 AntiVirMailService - ok
13:02:34.0552 0x12e0 [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:02:34.0572 0x12e0 AntiVirSchedulerService - ok
13:02:34.0632 0x12e0 [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:02:34.0652 0x12e0 AntiVirService - ok
13:02:34.0712 0x12e0 [ C7A60BDEE3AFF06F4BB1B16E53CA0EF0, 646A98809E41B4857512744BFDBD0C8E0E17EDCD95BC5C9915FCB0D41E469E20 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
13:02:34.0772 0x12e0 AntiVirWebService - ok
13:02:34.0822 0x12e0 [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\Windows\system32\drivers\appid.sys
13:02:34.0882 0x12e0 AppID - ok
13:02:34.0922 0x12e0 [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:02:34.0962 0x12e0 AppIDSvc - ok
13:02:35.0002 0x12e0 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
13:02:35.0072 0x12e0 Appinfo - ok
13:02:35.0102 0x12e0 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:02:35.0122 0x12e0 arc - ok
13:02:35.0162 0x12e0 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:02:35.0172 0x12e0 arcsas - ok
13:02:35.0302 0x12e0 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:02:35.0322 0x12e0 aspnet_state - ok
13:02:35.0372 0x12e0 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:02:35.0544 0x12e0 AsyncMac - ok
13:02:35.0604 0x12e0 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
13:02:35.0624 0x12e0 atapi - ok
13:02:35.0734 0x12e0 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:02:35.0824 0x12e0 AudioEndpointBuilder - ok
13:02:35.0844 0x12e0 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:02:35.0874 0x12e0 Audiosrv - ok
13:02:35.0944 0x12e0 [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:02:35.0974 0x12e0 avgntflt - ok
13:02:36.0024 0x12e0 [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:02:36.0044 0x12e0 avipbb - ok
13:02:36.0064 0x12e0 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:02:36.0084 0x12e0 avkmgr - ok
13:02:36.0154 0x12e0 [ 3303FB85532093FC6723632B5947E8C4, F8301069A8EAD7303CAE5B7CAE3F119747E7B7B4402178018EB5254087238A42 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
13:02:36.0164 0x12e0 avnetflt - ok
13:02:36.0224 0x12e0 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:02:36.0294 0x12e0 AxInstSV - ok
13:02:36.0344 0x12e0 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:02:36.0424 0x12e0 b06bdrv - ok
13:02:36.0454 0x12e0 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:02:36.0504 0x12e0 b57nd60x - ok
13:02:36.0564 0x12e0 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
13:02:36.0594 0x12e0 BDESVC - ok
13:02:36.0614 0x12e0 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
13:02:36.0674 0x12e0 Beep - ok
13:02:36.0736 0x12e0 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
13:02:36.0806 0x12e0 BFE - ok
13:02:36.0876 0x12e0 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
13:02:37.0036 0x12e0 BITS - ok
13:02:37.0056 0x12e0 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:02:37.0076 0x12e0 blbdrive - ok
13:02:37.0106 0x12e0 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:02:37.0166 0x12e0 bowser - ok
13:02:37.0196 0x12e0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:02:37.0276 0x12e0 BrFiltLo - ok
13:02:37.0306 0x12e0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:02:37.0336 0x12e0 BrFiltUp - ok
13:02:37.0376 0x12e0 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
13:02:37.0466 0x12e0 Browser - ok
13:02:37.0536 0x12e0 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:02:37.0646 0x12e0 Brserid - ok
13:02:37.0666 0x12e0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:02:37.0716 0x12e0 BrSerWdm - ok
13:02:37.0743 0x12e0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:02:37.0776 0x12e0 BrUsbMdm - ok
13:02:37.0788 0x12e0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:02:37.0818 0x12e0 BrUsbSer - ok
13:02:37.0868 0x12e0 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:02:37.0950 0x12e0 BthEnum - ok
13:02:37.0970 0x12e0 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:02:38.0080 0x12e0 BTHMODEM - ok
13:02:38.0124 0x12e0 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:02:38.0441 0x12e0 BthPan - ok
13:02:38.0519 0x12e0 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:02:38.0631 0x12e0 BTHPORT - ok
13:02:38.0683 0x12e0 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
13:02:38.0753 0x12e0 bthserv - ok
13:02:38.0812 0x12e0 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:02:38.0842 0x12e0 BTHUSB - ok
13:02:38.0882 0x12e0 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:02:38.0942 0x12e0 cdfs - ok
13:02:39.0012 0x12e0 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:02:39.0052 0x12e0 cdrom - ok
13:02:39.0102 0x12e0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
13:02:39.0162 0x12e0 CertPropSvc - ok
13:02:39.0182 0x12e0 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:02:39.0222 0x12e0 circlass - ok
13:02:39.0272 0x12e0 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
13:02:39.0292 0x12e0 CLFS - ok
13:02:39.0372 0x12e0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:02:39.0392 0x12e0 clr_optimization_v2.0.50727_32 - ok
13:02:39.0434 0x12e0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:02:39.0454 0x12e0 clr_optimization_v4.0.30319_32 - ok
13:02:39.0464 0x12e0 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:02:39.0506 0x12e0 CmBatt - ok
13:02:39.0556 0x12e0 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:02:39.0566 0x12e0 cmdide - ok
13:02:39.0616 0x12e0 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
13:02:39.0666 0x12e0 CNG - ok
13:02:39.0686 0x12e0 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:02:39.0706 0x12e0 Compbatt - ok
13:02:39.0742 0x12e0 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:02:39.0778 0x12e0 CompositeBus - ok
13:02:39.0798 0x12e0 COMSysApp - ok
13:02:39.0830 0x12e0 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:02:39.0840 0x12e0 crcdisk - ok
13:02:39.0902 0x12e0 [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:02:39.0962 0x12e0 CryptSvc - ok
13:02:40.0037 0x12e0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
13:02:40.0094 0x12e0 DcomLaunch - ok
13:02:40.0137 0x12e0 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
13:02:40.0216 0x12e0 defragsvc - ok
13:02:40.0257 0x12e0 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:02:40.0353 0x12e0 DfsC - ok
13:02:40.0412 0x12e0 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:02:40.0470 0x12e0 Dhcp - ok
13:02:40.0511 0x12e0 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
13:02:40.0572 0x12e0 discache - ok
13:02:40.0604 0x12e0 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:02:40.0624 0x12e0 Disk - ok
13:02:40.0670 0x12e0 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:02:40.0734 0x12e0 Dnscache - ok
13:02:40.0774 0x12e0 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
13:02:40.0885 0x12e0 dot3svc - ok
13:02:40.0936 0x12e0 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
13:02:40.0996 0x12e0 DPS - ok
13:02:41.0046 0x12e0 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:02:41.0096 0x12e0 drmkaud - ok
13:02:41.0156 0x12e0 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:02:41.0216 0x12e0 DXGKrnl - ok
13:02:41.0236 0x12e0 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
13:02:41.0296 0x12e0 EapHost - ok
13:02:41.0446 0x12e0 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:02:41.0631 0x12e0 ebdrv - ok
13:02:41.0681 0x12e0 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] EFS C:\Windows\System32\lsass.exe
13:02:41.0721 0x12e0 EFS - ok
13:02:41.0813 0x12e0 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:02:41.0877 0x12e0 ehRecvr - ok
13:02:41.0905 0x12e0 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
13:02:41.0955 0x12e0 ehSched - ok
13:02:42.0025 0x12e0 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:02:42.0065 0x12e0 elxstor - ok
13:02:42.0097 0x12e0 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:02:42.0127 0x12e0 ErrDev - ok
13:02:42.0187 0x12e0 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
13:02:42.0232 0x12e0 EventSystem - ok
13:02:42.0252 0x12e0 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
13:02:42.0302 0x12e0 exfat - ok
13:02:42.0332 0x12e0 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:02:42.0382 0x12e0 fastfat - ok
13:02:42.0452 0x12e0 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
13:02:42.0532 0x12e0 Fax - ok
13:02:42.0552 0x12e0 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:02:42.0592 0x12e0 fdc - ok
13:02:42.0642 0x12e0 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
13:02:42.0732 0x12e0 fdPHost - ok
13:02:42.0752 0x12e0 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
13:02:42.0802 0x12e0 FDResPub - ok
13:02:42.0832 0x12e0 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:02:42.0852 0x12e0 FileInfo - ok
13:02:42.0862 0x12e0 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:02:42.0902 0x12e0 Filetrace - ok
13:02:42.0932 0x12e0 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:02:43.0004 0x12e0 flpydisk - ok
13:02:43.0054 0x12e0 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:02:43.0074 0x12e0 FltMgr - ok
13:02:43.0146 0x12e0 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
13:02:43.0246 0x12e0 FontCache - ok
13:02:43.0326 0x12e0 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:02:43.0346 0x12e0 FontCache3.0.0.0 - ok
13:02:43.0376 0x12e0 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:02:43.0406 0x12e0 FsDepends - ok
13:02:43.0435 0x12e0 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:02:43.0454 0x12e0 Fs_Rec - ok
13:02:43.0498 0x12e0 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:02:43.0528 0x12e0 fvevol - ok
13:02:43.0567 0x12e0 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:02:43.0580 0x12e0 gagp30kx - ok
13:02:43.0642 0x12e0 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
13:02:43.0726 0x12e0 gpsvc - ok
13:02:43.0816 0x12e0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:02:43.0837 0x12e0 gupdate - ok
13:02:43.0845 0x12e0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:02:43.0859 0x12e0 gupdatem - ok
13:02:43.0914 0x12e0 [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
13:02:43.0934 0x12e0 hamachi - ok
13:02:43.0984 0x12e0 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:02:44.0004 0x12e0 hcw85cir - ok
13:02:44.0054 0x12e0 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:02:44.0094 0x12e0 HdAudAddService - ok
13:02:44.0144 0x12e0 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:02:44.0184 0x12e0 HDAudBus - ok
13:02:44.0214 0x12e0 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:02:44.0244 0x12e0 HidBatt - ok
13:02:44.0264 0x12e0 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:02:44.0284 0x12e0 HidBth - ok
13:02:44.0304 0x12e0 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:02:44.0344 0x12e0 HidIr - ok
13:02:44.0374 0x12e0 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
13:02:44.0434 0x12e0 hidserv - ok
13:02:44.0484 0x12e0 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:02:44.0534 0x12e0 HidUsb - ok
13:02:44.0574 0x12e0 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
13:02:44.0646 0x12e0 hkmsvc - ok
13:02:44.0686 0x12e0 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:02:44.0726 0x12e0 HomeGroupListener - ok
13:02:44.0766 0x12e0 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:02:44.0806 0x12e0 HomeGroupProvider - ok
13:02:44.0856 0x12e0 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:02:44.0866 0x12e0 HpSAMD - ok
13:02:44.0936 0x12e0 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:02:44.0996 0x12e0 HTTP - ok
13:02:45.0036 0x12e0 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:02:45.0056 0x12e0 hwpolicy - ok
13:02:45.0076 0x12e0 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:02:45.0118 0x12e0 i8042prt - ok
13:02:45.0158 0x12e0 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:02:45.0198 0x12e0 iaStorV - ok
13:02:45.0268 0x12e0 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:02:45.0348 0x12e0 idsvc - ok
13:02:45.0388 0x12e0 IEEtwCollectorService - ok
13:02:45.0758 0x12e0 [ DCE0B53570703CCE580D066F89EF58CD, C5C2C4F51F2DB2BB6E7F1218472AEAAD996514AB99EA84946A473CB7A64D9E15 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
13:02:46.0280 0x12e0 igfx - ok
13:02:46.0340 0x12e0 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:02:46.0350 0x12e0 iirsp - ok
13:02:46.0420 0x12e0 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
13:02:46.0480 0x12e0 IKEEXT - ok
13:02:46.0520 0x12e0 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
13:02:46.0530 0x12e0 intelide - ok
13:02:46.0550 0x12e0 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:02:46.0590 0x12e0 intelppm - ok
13:02:46.0620 0x12e0 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:02:46.0650 0x12e0 IPBusEnum - ok
13:02:46.0670 0x12e0 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:02:46.0700 0x12e0 IpFilterDriver - ok
13:02:46.0750 0x12e0 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:02:46.0830 0x12e0 iphlpsvc - ok
13:02:46.0870 0x12e0 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:02:46.0900 0x12e0 IPMIDRV - ok
13:02:46.0920 0x12e0 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:02:46.0970 0x12e0 IPNAT - ok
13:02:47.0010 0x12e0 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:02:47.0050 0x12e0 IRENUM - ok
13:02:47.0070 0x12e0 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:02:47.0090 0x12e0 isapnp - ok
13:02:47.0130 0x12e0 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:02:47.0150 0x12e0 iScsiPrt - ok
13:02:47.0190 0x12e0 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:02:47.0210 0x12e0 kbdclass - ok
13:02:47.0250 0x12e0 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:02:47.0270 0x12e0 kbdhid - ok
13:02:47.0300 0x12e0 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] KeyIso C:\Windows\system32\lsass.exe
13:02:47.0310 0x12e0 KeyIso - ok
13:02:47.0360 0x12e0 [ 4DAC97CF81FAE4B2988AEF0DF40D04AE, 5560304972693DE5D5B21CE010A76067FA5B64AD5968122EE9F8248B3EA4878E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:02:47.0370 0x12e0 KSecDD - ok
13:02:47.0420 0x12e0 [ 9EED5E0B7BF784C491C2289A09920BDA, 9E82EB777A01AB32EDA2AE0420546602A82C850D68D2C0AEDB4EA5ADEDF835E6 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:02:47.0440 0x12e0 KSecPkg - ok
13:02:47.0500 0x12e0 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:02:47.0580 0x12e0 KtmRm - ok
13:02:47.0630 0x12e0 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:02:47.0670 0x12e0 LanmanServer - ok
13:02:47.0720 0x12e0 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:02:47.0820 0x12e0 LanmanWorkstation - ok
13:02:47.0900 0x12e0 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:02:47.0950 0x12e0 lltdio - ok
13:02:47.0990 0x12e0 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:02:48.0030 0x12e0 lltdsvc - ok
13:02:48.0060 0x12e0 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:02:48.0090 0x12e0 lmhosts - ok
13:02:48.0120 0x12e0 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:02:48.0140 0x12e0 LSI_FC - ok
13:02:48.0160 0x12e0 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:02:48.0180 0x12e0 LSI_SAS - ok
13:02:48.0190 0x12e0 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:02:48.0200 0x12e0 LSI_SAS2 - ok
13:02:48.0230 0x12e0 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:02:48.0250 0x12e0 LSI_SCSI - ok
13:02:48.0270 0x12e0 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
13:02:48.0320 0x12e0 luafv - ok
13:02:48.0390 0x12e0 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:02:48.0410 0x12e0 Mcx2Svc - ok
13:02:48.0430 0x12e0 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:02:48.0450 0x12e0 megasas - ok
13:02:48.0480 0x12e0 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:02:48.0513 0x12e0 MegaSR - ok
13:02:48.0541 0x12e0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
13:02:48.0579 0x12e0 MMCSS - ok
13:02:48.0582 0x12e0 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
13:02:48.0642 0x12e0 Modem - ok
13:02:48.0692 0x12e0 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:02:48.0722 0x12e0 monitor - ok
13:02:48.0762 0x12e0 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:02:48.0782 0x12e0 mouclass - ok
13:02:48.0802 0x12e0 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:02:48.0832 0x12e0 mouhid - ok
13:02:48.0872 0x12e0 [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:02:48.0882 0x12e0 mountmgr - ok
13:02:48.0962 0x12e0 [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:02:48.0982 0x12e0 MozillaMaintenance - ok
13:02:49.0022 0x12e0 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
13:02:49.0042 0x12e0 mpio - ok
13:02:49.0062 0x12e0 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:02:49.0102 0x12e0 mpsdrv - ok
13:02:49.0144 0x12e0 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:02:49.0254 0x12e0 MpsSvc - ok
13:02:49.0304 0x12e0 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:02:49.0374 0x12e0 MRxDAV - ok
13:02:49.0424 0x12e0 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:02:49.0474 0x12e0 mrxsmb - ok
13:02:49.0524 0x12e0 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:02:49.0584 0x12e0 mrxsmb10 - ok
13:02:49.0654 0x12e0 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:02:49.0664 0x12e0 mrxsmb20 - ok
13:02:49.0714 0x12e0 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
13:02:49.0734 0x12e0 msahci - ok
13:02:49.0754 0x12e0 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:02:49.0785 0x12e0 msdsm - ok
13:02:49.0816 0x12e0 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
13:02:49.0836 0x12e0 MSDTC - ok
13:02:49.0876 0x12e0 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:02:49.0926 0x12e0 Msfs - ok
13:02:49.0956 0x12e0 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:02:50.0006 0x12e0 mshidkmdf - ok
13:02:50.0026 0x12e0 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:02:50.0046 0x12e0 msisadrv - ok
13:02:50.0086 0x12e0 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:02:50.0116 0x12e0 MSiSCSI - ok
13:02:50.0126 0x12e0 msiserver - ok
13:02:50.0146 0x12e0 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:02:50.0206 0x12e0 MSKSSRV - ok
13:02:50.0238 0x12e0 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:02:50.0268 0x12e0 MSPCLOCK - ok
13:02:50.0288 0x12e0 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:02:50.0328 0x12e0 MSPQM - ok
13:02:50.0358 0x12e0 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:02:50.0378 0x12e0 MsRPC - ok
13:02:50.0388 0x12e0 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:02:50.0408 0x12e0 mssmbios - ok
13:02:50.0428 0x12e0 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:02:50.0478 0x12e0 MSTEE - ok
13:02:50.0498 0x12e0 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:02:50.0538 0x12e0 MTConfig - ok
13:02:50.0568 0x12e0 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
13:02:50.0588 0x12e0 Mup - ok
13:02:50.0641 0x12e0 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
13:02:50.0700 0x12e0 napagent - ok
13:02:50.0740 0x12e0 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:02:50.0780 0x12e0 NativeWifiP - ok
13:02:50.0830 0x12e0 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:02:50.0890 0x12e0 NDIS - ok
13:02:50.0930 0x12e0 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:02:50.0980 0x12e0 NdisCap - ok
13:02:51.0010 0x12e0 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:02:51.0040 0x12e0 NdisTapi - ok
13:02:51.0080 0x12e0 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:02:51.0120 0x12e0 Ndisuio - ok
13:02:51.0170 0x12e0 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:02:51.0210 0x12e0 NdisWan - ok
13:02:51.0250 0x12e0 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:02:51.0300 0x12e0 NDProxy - ok
13:02:51.0320 0x12e0 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:02:51.0382 0x12e0 NetBIOS - ok
13:02:51.0422 0x12e0 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:02:51.0482 0x12e0 NetBT - ok
13:02:51.0514 0x12e0 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] Netlogon C:\Windows\system32\lsass.exe
13:02:51.0524 0x12e0 Netlogon - ok
13:02:51.0564 0x12e0 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
13:02:51.0614 0x12e0 Netman - ok
13:02:51.0664 0x12e0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:02:51.0684 0x12e0 NetMsmqActivator - ok
13:02:51.0714 0x12e0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:02:51.0734 0x12e0 NetPipeActivator - ok
13:02:51.0764 0x12e0 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
13:02:51.0834 0x12e0 netprofm - ok
13:02:51.0844 0x12e0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:02:51.0864 0x12e0 NetTcpActivator - ok
13:02:51.0874 0x12e0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:02:51.0894 0x12e0 NetTcpPortSharing - ok
13:02:52.0154 0x12e0 [ EF51B405AD8ACAAE6F0231290D20F516, 2BBD53127E1375E36590ECBA9DA6AAD133E850A90D5B5610DED99D37987CAADD ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
13:02:52.0516 0x12e0 NETw5s32 - ok
13:02:52.0718 0x12e0 [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
13:02:52.0940 0x12e0 netw5v32 - ok
13:02:53.0080 0x12e0 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:02:53.0160 0x12e0 nfrd960 - ok
13:02:53.0210 0x12e0 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:02:53.0270 0x12e0 NlaSvc - ok
13:02:53.0300 0x12e0 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:02:53.0350 0x12e0 Npfs - ok
13:02:53.0380 0x12e0 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
13:02:53.0420 0x12e0 nsi - ok
13:02:53.0440 0x12e0 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:02:53.0470 0x12e0 nsiproxy - ok
13:02:53.0562 0x12e0 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:02:53.0632 0x12e0 Ntfs - ok
13:02:53.0662 0x12e0 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
13:02:53.0702 0x12e0 Null - ok
13:02:53.0752 0x12e0 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:02:53.0772 0x12e0 nvraid - ok
13:02:53.0842 0x12e0 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:02:53.0862 0x12e0 nvstor - ok
13:02:53.0902 0x12e0 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:02:53.0922 0x12e0 nv_agp - ok
13:02:53.0942 0x12e0 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:02:53.0962 0x12e0 ohci1394 - ok
13:02:54.0012 0x12e0 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:02:54.0022 0x12e0 ose - ok
13:02:54.0062 0x12e0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:02:54.0112 0x12e0 p2pimsvc - ok
13:02:54.0152 0x12e0 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
13:02:54.0212 0x12e0 p2psvc - ok
13:02:54.0252 0x12e0 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:02:54.0282 0x12e0 Parport - ok
13:02:54.0312 0x12e0 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:02:54.0332 0x12e0 partmgr - ok
13:02:54.0352 0x12e0 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:02:54.0392 0x12e0 Parvdm - ok
13:02:54.0432 0x12e0 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
13:02:54.0472 0x12e0 PcaSvc - ok
13:02:54.0512 0x12e0 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
13:02:54.0532 0x12e0 pci - ok
13:02:54.0562 0x12e0 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
13:02:54.0582 0x12e0 pciide - ok
13:02:54.0602 0x12e0 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:02:54.0622 0x12e0 pcmcia - ok
13:02:54.0632 0x12e0 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
13:02:54.0652 0x12e0 pcw - ok
13:02:54.0692 0x12e0 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:02:54.0764 0x12e0 PEAUTH - ok
13:02:54.0874 0x12e0 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
13:02:54.0996 0x12e0 pla - ok
13:02:55.0066 0x12e0 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:02:55.0116 0x12e0 PlugPlay - ok
13:02:55.0168 0x12e0 [ 0E4C4FCAE8646C62362FDE5F1281245C, 114411F54A9A65D2ADC8B181A43D06BFE793FEF28E394C9A01DA206178CF3ED2 ] PnkBstrB C:\Windows\system32\PnkBstrB.exe
13:02:55.0198 0x12e0 PnkBstrB - ok
13:02:55.0228 0x12e0 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:02:55.0258 0x12e0 PNRPAutoReg - ok
13:02:55.0318 0x12e0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:02:55.0338 0x12e0 PNRPsvc - ok
13:02:55.0408 0x12e0 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:02:55.0465 0x12e0 PolicyAgent - ok
13:02:55.0500 0x12e0 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
13:02:55.0540 0x12e0 Power - ok
13:02:55.0582 0x12e0 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:02:55.0632 0x12e0 PptpMiniport - ok
13:02:55.0662 0x12e0 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:02:55.0682 0x12e0 Processor - ok
13:02:55.0722 0x12e0 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
13:02:55.0762 0x12e0 ProfSvc - ok
13:02:55.0782 0x12e0 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:02:55.0802 0x12e0 ProtectedStorage - ok
13:02:55.0834 0x12e0 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:02:55.0894 0x12e0 Psched - ok
13:02:55.0978 0x12e0 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:02:56.0067 0x12e0 ql2300 - ok
13:02:56.0087 0x12e0 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:02:56.0109 0x12e0 ql40xx - ok
13:02:56.0148 0x12e0 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
13:02:56.0210 0x12e0 QWAVE - ok
13:02:56.0233 0x12e0 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:02:56.0267 0x12e0 QWAVEdrv - ok
13:02:56.0287 0x12e0 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:02:56.0327 0x12e0 RasAcd - ok
13:02:56.0361 0x12e0 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:02:56.0389 0x12e0 RasAgileVpn - ok
13:02:56.0422 0x12e0 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
13:02:56.0462 0x12e0 RasAuto - ok
13:02:56.0478 0x12e0 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:02:56.0521 0x12e0 Rasl2tp - ok
13:02:56.0603 0x12e0 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
13:02:56.0685 0x12e0 RasMan - ok
13:02:56.0703 0x12e0 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:02:56.0755 0x12e0 RasPppoe - ok
13:02:56.0805 0x12e0 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:02:56.0857 0x12e0 RasSstp - ok
13:02:56.0902 0x12e0 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:02:56.0959 0x12e0 rdbss - ok
13:02:56.0991 0x12e0 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:02:57.0021 0x12e0 rdpbus - ok
13:02:57.0061 0x12e0 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:02:57.0111 0x12e0 RDPCDD - ok
13:02:57.0153 0x12e0 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:02:57.0213 0x12e0 RDPENCDD - ok
13:02:57.0238 0x12e0 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:02:57.0286 0x12e0 RDPREFMP - ok
13:02:57.0325 0x12e0 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:02:57.0365 0x12e0 RDPWD - ok
13:02:57.0417 0x12e0 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:02:57.0437 0x12e0 rdyboost - ok
13:02:57.0467 0x12e0 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:02:57.0517 0x12e0 RemoteAccess - ok
13:02:57.0550 0x12e0 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:02:57.0609 0x12e0 RemoteRegistry - ok
13:02:57.0672 0x12e0 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:02:57.0691 0x12e0 RFCOMM - ok
13:02:57.0721 0x12e0 [ 6C1F93C0760C9F79A1869D07233DF39D, 70DD037E76F6E89CE9630175772707BB8588324058079B5F18C505B31306BACE ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
13:02:57.0771 0x12e0 rismxdp - ok
13:02:57.0791 0x12e0 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:02:57.0851 0x12e0 RpcEptMapper - ok
13:02:57.0881 0x12e0 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
13:02:57.0911 0x12e0 RpcLocator - ok
13:02:57.0941 0x12e0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
13:02:57.0981 0x12e0 RpcSs - ok
13:02:58.0021 0x12e0 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:02:58.0071 0x12e0 rspndr - ok
13:02:58.0133 0x12e0 [ AA9C3881A74A6D66A2AD869B03E8D3F5, 71B88B6CB9DF076BB6E0FE473252282A4774D78EA5CB845FF424D4971961703A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
13:02:58.0163 0x12e0 RTL8167 - ok
13:02:58.0196 0x12e0 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] SamSs C:\Windows\system32\lsass.exe
13:02:58.0213 0x12e0 SamSs - ok
13:02:58.0315 0x12e0 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:02:58.0355 0x12e0 sbp2port - ok
13:02:58.0485 0x12e0 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:02:58.0525 0x12e0 SCardSvr - ok
13:02:58.0545 0x12e0 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:02:58.0585 0x12e0 scfilter - ok
13:02:58.0655 0x12e0 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
13:02:58.0745 0x12e0 Schedule - ok
13:02:58.0775 0x12e0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:02:58.0805 0x12e0 SCPolicySvc - ok
13:02:58.0825 0x12e0 [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:02:58.0865 0x12e0 sdbus - ok
13:02:58.0905 0x12e0 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:02:58.0965 0x12e0 SDRSVC - ok
13:02:58.0995 0x12e0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:02:59.0025 0x12e0 secdrv - ok
13:02:59.0055 0x12e0 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
13:02:59.0115 0x12e0 seclogon - ok
13:02:59.0159 0x12e0 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
13:02:59.0197 0x12e0 SENS - ok
13:02:59.0240 0x12e0 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:02:59.0319 0x12e0 SensrSvc - ok
13:02:59.0349 0x12e0 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:02:59.0379 0x12e0 Serenum - ok
13:02:59.0409 0x12e0 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:02:59.0429 0x12e0 Serial - ok
13:02:59.0469 0x12e0 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:02:59.0499 0x12e0 sermouse - ok
13:02:59.0549 0x12e0 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
13:02:59.0589 0x12e0 SessionEnv - ok
13:02:59.0609 0x12e0 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
13:02:59.0649 0x12e0 sffdisk - ok
13:02:59.0679 0x12e0 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:02:59.0710 0x12e0 sffp_mmc - ok
13:02:59.0731 0x12e0 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
13:02:59.0751 0x12e0 sffp_sd - ok
13:02:59.0761 0x12e0 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:02:59.0781 0x12e0 sfloppy - ok
13:02:59.0821 0x12e0 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:02:59.0891 0x12e0 SharedAccess - ok
13:02:59.0931 0x12e0 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:02:59.0981 0x12e0 ShellHWDetection - ok
13:03:00.0001 0x12e0 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:03:00.0031 0x12e0 sisagp - ok
13:03:00.0071 0x12e0 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:03:00.0081 0x12e0 SiSRaid2 - ok
13:03:00.0112 0x12e0 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:03:00.0132 0x12e0 SiSRaid4 - ok
13:03:00.0153 0x12e0 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:03:00.0203 0x12e0 Smb - ok
13:03:00.0253 0x12e0 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:03:00.0315 0x12e0 SNMPTRAP - ok
13:03:00.0335 0x12e0 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
13:03:00.0355 0x12e0 spldr - ok
13:03:00.0395 0x12e0 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
13:03:00.0455 0x12e0 Spooler - ok
13:03:00.0605 0x12e0 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
13:03:00.0765 0x12e0 sppsvc - ok
13:03:00.0815 0x12e0 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:03:00.0865 0x12e0 sppuinotify - ok
13:03:00.0905 0x12e0 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:03:00.0955 0x12e0 srv - ok
13:03:00.0985 0x12e0 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:03:01.0045 0x12e0 srv2 - ok
13:03:01.0095 0x12e0 [ E00FDFAFF025E94F9821153750C35A6D, 6ECDC5F314A29B859B0DCB7FF114CACE0718612556299B16412C21F9539DC9B5 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:03:01.0135 0x12e0 SrvHsfHDA - ok
13:03:01.0195 0x12e0 [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:03:01.0275 0x12e0 SrvHsfV92 - ok
13:03:01.0335 0x12e0 [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:03:01.0385 0x12e0 SrvHsfWinac - ok
13:03:01.0435 0x12e0 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:03:01.0475 0x12e0 srvnet - ok
13:03:01.0515 0x12e0 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:03:01.0575 0x12e0 SSDPSRV - ok
13:03:01.0638 0x12e0 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:03:01.0658 0x12e0 ssmdrv - ok
13:03:01.0678 0x12e0 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:03:01.0718 0x12e0 SstpSvc - ok
13:03:01.0738 0x12e0 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:03:01.0748 0x12e0 stexstor - ok
13:03:01.0818 0x12e0 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
13:03:01.0868 0x12e0 StiSvc - ok
13:03:01.0898 0x12e0 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
13:03:01.0918 0x12e0 swenum - ok
13:03:01.0938 0x12e0 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
13:03:01.0998 0x12e0 swprv - ok
13:03:02.0048 0x12e0 [ D7DC30B8B41E7A913C3FCCC0631E72EC, B066708F75231547D263BEEA265CC5B7D87F4DF52174BF5CA141D2FD9B49E546 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:03:02.0080 0x12e0 SynTP - ok
13:03:02.0160 0x12e0 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
13:03:02.0260 0x12e0 SysMain - ok
13:03:02.0290 0x12e0 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
13:03:02.0320 0x12e0 TabletInputService - ok
13:03:02.0360 0x12e0 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
13:03:02.0400 0x12e0 TapiSrv - ok
13:03:02.0440 0x12e0 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
13:03:02.0480 0x12e0 TBS - ok
13:03:02.0560 0x12e0 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:03:02.0658 0x12e0 Tcpip - ok
13:03:02.0722 0x12e0 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:03:02.0772 0x12e0 TCPIP6 - ok
13:03:02.0822 0x12e0 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:03:02.0862 0x12e0 tcpipreg - ok
13:03:02.0892 0x12e0 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:03:02.0922 0x12e0 TDPIPE - ok
13:03:02.0942 0x12e0 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:03:02.0982 0x12e0 TDTCP - ok
13:03:03.0022 0x12e0 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:03:03.0052 0x12e0 tdx - ok
13:03:03.0202 0x12e0 [ FE559178000347D2CA1B7847F0379749, A30D1535E5FC3C9577A7C19A12DC5EC4527CDBE8430DB0D2E65CA15A72B389DE ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
13:03:03.0274 0x12e0 TeamViewer6 - ok
13:03:03.0364 0x12e0 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:03:03.0374 0x12e0 TermDD - ok
13:03:03.0434 0x12e0 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
13:03:03.0504 0x12e0 TermService - ok
13:03:03.0544 0x12e0 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
13:03:03.0584 0x12e0 Themes - ok
13:03:03.0604 0x12e0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
13:03:03.0644 0x12e0 THREADORDER - ok
13:03:03.0664 0x12e0 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
13:03:03.0704 0x12e0 TrkWks - ok
13:03:03.0764 0x12e0 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:03:03.0804 0x12e0 TrustedInstaller - ok
13:03:03.0834 0x12e0 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:03:03.0854 0x12e0 tssecsrv - ok
13:03:03.0914 0x12e0 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:03:03.0974 0x12e0 TsUsbFlt - ok
13:03:04.0014 0x12e0 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:03:04.0064 0x12e0 tunnel - ok
13:03:04.0114 0x12e0 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:03:04.0124 0x12e0 uagp35 - ok
13:03:04.0144 0x12e0 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:03:04.0194 0x12e0 udfs - ok
13:03:04.0234 0x12e0 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:03:04.0264 0x12e0 UI0Detect - ok
13:03:04.0294 0x12e0 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:03:04.0304 0x12e0 uliagpkx - ok
13:03:04.0344 0x12e0 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
13:03:04.0374 0x12e0 umbus - ok
13:03:04.0404 0x12e0 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:03:04.0414 0x12e0 UmPass - ok
13:03:04.0444 0x12e0 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
13:03:04.0519 0x12e0 upnphost - ok
13:03:04.0576 0x12e0 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:03:04.0596 0x12e0 usbaudio - ok
13:03:04.0636 0x12e0 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:03:04.0656 0x12e0 usbccgp - ok
13:03:04.0696 0x12e0 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:03:04.0716 0x12e0 usbcir - ok
13:03:04.0746 0x12e0 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:03:04.0786 0x12e0 usbehci - ok
13:03:04.0846 0x12e0 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:03:04.0876 0x12e0 usbhub - ok
13:03:04.0916 0x12e0 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:03:04.0946 0x12e0 usbohci - ok
13:03:04.0986 0x12e0 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:03:05.0016 0x12e0 usbprint - ok
13:03:05.0026 0x12e0 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:03:05.0056 0x12e0 USBSTOR - ok
13:03:05.0086 0x12e0 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:03:05.0126 0x12e0 usbuhci - ok
13:03:05.0216 0x12e0 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:03:05.0246 0x12e0 usbvideo - ok
13:03:05.0276 0x12e0 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
13:03:05.0336 0x12e0 UxSms - ok
13:03:05.0356 0x12e0 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] VaultSvc C:\Windows\system32\lsass.exe
13:03:05.0366 0x12e0 VaultSvc - ok
13:03:05.0396 0x12e0 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:03:05.0416 0x12e0 vdrvroot - ok
13:03:05.0476 0x12e0 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
13:03:05.0546 0x12e0 vds - ok
13:03:05.0586 0x12e0 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:03:05.0626 0x12e0 vga - ok
13:03:05.0656 0x12e0 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:03:05.0716 0x12e0 VgaSave - ok
13:03:05.0756 0x12e0 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:03:05.0776 0x12e0 vhdmp - ok
13:03:05.0786 0x12e0 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:03:05.0796 0x12e0 viaagp - ok
13:03:05.0816 0x12e0 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:03:05.0836 0x12e0 ViaC7 - ok
13:03:05.0866 0x12e0 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
13:03:05.0876 0x12e0 viaide - ok
13:03:05.0906 0x12e0 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:03:05.0916 0x12e0 volmgr - ok
13:03:05.0946 0x12e0 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:03:05.0986 0x12e0 volmgrx - ok
13:03:06.0006 0x12e0 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:03:06.0026 0x12e0 volsnap - ok
13:03:06.0066 0x12e0 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:03:06.0086 0x12e0 vsmraid - ok
13:03:06.0156 0x12e0 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
13:03:06.0256 0x12e0 VSS - ok
13:03:06.0276 0x12e0 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:03:06.0302 0x12e0 vwifibus - ok
13:03:06.0318 0x12e0 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:03:06.0358 0x12e0 vwififlt - ok
13:03:06.0378 0x12e0 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:03:06.0408 0x12e0 vwifimp - ok
13:03:06.0449 0x12e0 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
13:03:06.0500 0x12e0 W32Time - ok
13:03:06.0520 0x12e0 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:03:06.0550 0x12e0 WacomPen - ok
13:03:06.0610 0x12e0 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:03:06.0640 0x12e0 WANARP - ok
13:03:06.0650 0x12e0 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:03:06.0680 0x12e0 Wanarpv6 - ok
13:03:06.0790 0x12e0 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:03:06.0870 0x12e0 WatAdminSvc - ok
13:03:06.0950 0x12e0 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
13:03:07.0040 0x12e0 wbengine - ok
13:03:07.0090 0x12e0 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:03:07.0110 0x12e0 WbioSrvc - ok
13:03:07.0170 0x12e0 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:03:07.0240 0x12e0 wcncsvc - ok
13:03:07.0280 0x12e0 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:03:07.0330 0x12e0 WcsPlugInService - ok
13:03:07.0380 0x12e0 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:03:07.0390 0x12e0 Wd - ok
13:03:07.0450 0x12e0 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:03:07.0490 0x12e0 Wdf01000 - ok
13:03:07.0550 0x12e0 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:03:07.0580 0x12e0 WdiServiceHost - ok
13:03:07.0580 0x12e0 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:03:07.0600 0x12e0 WdiSystemHost - ok
13:03:07.0640 0x12e0 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
13:03:07.0712 0x12e0 WebClient - ok
13:03:07.0762 0x12e0 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:03:07.0802 0x12e0 Wecsvc - ok
13:03:07.0822 0x12e0 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:03:07.0852 0x12e0 wercplsupport - ok
13:03:07.0892 0x12e0 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
13:03:07.0942 0x12e0 WerSvc - ok
13:03:08.0022 0x12e0 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:03:08.0072 0x12e0 WfpLwf - ok
13:03:08.0102 0x12e0 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:03:08.0112 0x12e0 WIMMount - ok
13:03:08.0212 0x12e0 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:03:08.0322 0x12e0 WinDefend - ok
13:03:08.0352 0x12e0 WinHttpAutoProxySvc - ok
13:03:08.0402 0x12e0 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:03:08.0442 0x12e0 Winmgmt - ok
13:03:08.0512 0x12e0 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
13:03:08.0622 0x12e0 WinRM - ok
13:03:08.0792 0x12e0 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:03:08.0812 0x12e0 WinUsb - ok
13:03:08.0872 0x12e0 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:03:08.0942 0x12e0 Wlansvc - ok
13:03:08.0992 0x12e0 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:03:09.0022 0x12e0 WmiAcpi - ok
13:03:09.0072 0x12e0 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:03:09.0102 0x12e0 wmiApSrv - ok
13:03:09.0222 0x12e0 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:03:09.0322 0x12e0 WMPNetworkSvc - ok
13:03:09.0372 0x12e0 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:03:09.0392 0x12e0 WPCSvc - ok
13:03:09.0432 0x12e0 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:03:09.0462 0x12e0 WPDBusEnum - ok
13:03:09.0492 0x12e0 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:03:09.0542 0x12e0 ws2ifsl - ok
13:03:09.0562 0x12e0 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
13:03:09.0602 0x12e0 wscsvc - ok
13:03:09.0612 0x12e0 WSearch - ok
13:03:09.0722 0x12e0 [ D819C0E3B26E71B2343174DDCC7A1786, BDD6DFB7256D3B4C2919EAD07CF554231C5851D8949366667BB228D7E6BECAE2 ] wuauserv C:\Windows\system32\wuaueng.dll
13:03:09.0842 0x12e0 wuauserv - ok
13:03:09.0882 0x12e0 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:03:09.0942 0x12e0 WudfPf - ok
13:03:09.0982 0x12e0 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:03:10.0002 0x12e0 WUDFRd - ok
13:03:10.0042 0x12e0 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:03:10.0092 0x12e0 wudfsvc - ok
13:03:10.0132 0x12e0 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
13:03:10.0192 0x12e0 WwanSvc - ok
13:03:10.0232 0x12e0 ================ Scan global ===============================
13:03:10.0272 0x12e0 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
13:03:10.0312 0x12e0 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
13:03:10.0342 0x12e0 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
13:03:10.0382 0x12e0 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
13:03:10.0412 0x12e0 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
13:03:10.0432 0x12e0 [ Global ] - ok
13:03:10.0432 0x12e0 ================ Scan MBR ==================================
13:03:10.0452 0x12e0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:03:11.0022 0x12e0 \Device\Harddisk0\DR0 - ok
13:03:11.0022 0x12e0 ================ Scan VBR ==================================
13:03:11.0022 0x12e0 [ 7E9B8A362339BEA550ABAF9D8ADDC0C1 ] \Device\Harddisk0\DR0\Partition1
13:03:11.0032 0x12e0 \Device\Harddisk0\DR0\Partition1 - ok
13:03:11.0032 0x12e0 [ 0427A8A480469BC519C7E889FD08402E ] \Device\Harddisk0\DR0\Partition2
13:03:11.0032 0x12e0 \Device\Harddisk0\DR0\Partition2 - ok
13:03:11.0032 0x12e0 ================ Scan generic autorun ======================
13:03:11.0072 0x12e0 [ 2C1B1E9174D94E9F6EE3CF373ABAB7DD, 729D283DF70F727824EBCA223D5E5B27D16E3E2B5312B1B34CAE1E763192D7B5 ] C:\Windows\system32\igfxtray.exe
13:03:11.0092 0x12e0 IgfxTray - ok
13:03:11.0102 0x12e0 [ 87D78CF6365BDDACBE9D34B60FE0E23B, 4561DE7171FD9035FEDF7EEA059859732996A5E72364D0D9F230563A1A6AE3D4 ] C:\Windows\system32\hkcmd.exe
13:03:11.0132 0x12e0 HotKeysCmds - ok
13:03:11.0174 0x12e0 [ 89D3DE5E2C77DCD99C56F0E46310AEA0, 02E1B2353E5D5F65D7968698AFE079A4DF11C230F6213C07D128F47147BACA29 ] C:\Windows\system32\igfxpers.exe
13:03:11.0184 0x12e0 Persistence - ok
13:03:11.0284 0x12e0 [ 66A3CF1B8A895FCB2A62599D2EAE3066, CC403A231E6AB5822C1F3246C16735F8F2ED0C0433E4F7FCFA3EDC23436EFA17 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
13:03:11.0344 0x12e0 SynTPEnh - ok
13:03:11.0394 0x12e0 [ D2DAD71C96C113ED07F7BB79AD831C28, 8EACE797C16663D58B8BA67C9BF135780D1676E16797A1E81706263238C7BC0B ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:03:11.0404 0x12e0 APSDaemon - ok
13:03:11.0474 0x12e0 [ 8DDA2B606279753601F9415DA503CA63, 2C9AD8218E150B6D50817991377ED3230A1672EFBD7AE29D0CD9E55E2418C800 ] C:\Program Files\QuickTime\QTTask.exe
13:03:11.0534 0x12e0 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
13:03:14.0808 0x12e0 Detect skipped due to KSN trusted
13:03:14.0808 0x12e0 QuickTime Task - ok
13:03:14.0918 0x12e0 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:03:14.0966 0x12e0 Adobe ARM - ok
13:03:15.0050 0x12e0 [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
13:03:15.0060 0x12e0 SunJavaUpdateSched - ok
13:03:15.0170 0x12e0 [ 8A312B9243D9792A0E85782E50A11790, 386ABDDE3850DBFED951D4AFEADF6C0E8745156085E4813FB8D7E780DF523FE4 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
13:03:15.0200 0x12e0 avgnt - ok
13:03:15.0300 0x12e0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:03:15.0380 0x12e0 Sidebar - ok
13:03:15.0410 0x12e0 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:03:15.0442 0x12e0 mctadmin - ok
13:03:15.0492 0x12e0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:03:15.0532 0x12e0 Sidebar - ok
13:03:15.0542 0x12e0 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:03:15.0572 0x12e0 mctadmin - ok
13:03:15.0622 0x12e0 Hoolapp Android - ok
13:03:15.0862 0x12e0 [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\Horst\AppData\Local\Akamai\netsession_win.exe
13:03:16.0004 0x12e0 Akamai NetSession Interface - ok
13:03:16.0084 0x12e0 [ 2A3FB4C98F139038E23330D2439DB8A4, DE9253AD362B03FA5D3D4912662398E5C4AC76F7274B83E51C251A6921A5B838 ] C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe
13:03:16.0104 0x12e0 Facebook Update - ok
13:03:16.0114 0x12e0 Wolf Team - Downloader - ok
13:03:16.0114 0x12e0 Waiting for KSN requests completion. In queue: 299
13:03:17.0114 0x12e0 Waiting for KSN requests completion. In queue: 299
13:03:18.0122 0x12e0 Waiting for KSN requests completion. In queue: 9
13:03:19.0122 0x12e0 Waiting for KSN requests completion. In queue: 9
13:03:20.0182 0x12e0 AV detected via SS2: Avira Antivirus, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.9.460 ), 0x41000 ( enabled : updated )
13:03:20.0212 0x12e0 Win FW state via NFP2: enabled
13:03:23.0144 0x12e0 ============================================================
13:03:23.0144 0x12e0 Scan finished
13:03:23.0144 0x12e0 ============================================================
13:03:23.0154 0x1334 Detected object count: 0
13:03:23.0154 0x1334 Actual detected object count: 0
|
|
26.03.2015, 08:50
| #4 |
| /// the machine /// TB-Ausbilder | Geräusche und Werbung laufen im Hintergrund. hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.03.2015, 10:05
| #5 |
| | Geräusche und Werbung laufen im Hintergrund. Hi, anbei das Combofix Log. Code:
ATTFilter ComboFix 15-03-25.01 - Horst 26.03.2015 9:34.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.1140 [GMT 1:00]
ausgeführt von:: c:\users\Horst\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Horst\quazip.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-26 bis 2015-03-26 ))))))))))))))))))))))))))))))
.
.
2015-03-26 08:42 . 2015-03-26 08:43 -------- d-----w- c:\users\Horst\AppData\Local\temp
2015-03-26 08:42 . 2015-03-26 08:42 -------- d-----w- c:\users\Gast\AppData\Local\temp
2015-03-26 08:42 . 2015-03-26 08:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-25 13:19 . 2015-03-11 03:30 534528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-25 13:19 . 2015-03-11 03:30 623616 ----a-w- c:\windows\system32\invagent.dll
2015-03-25 13:19 . 2015-03-11 03:29 327168 ----a-w- c:\windows\system32\devinv.dll
2015-03-25 13:19 . 2015-03-11 03:29 818176 ----a-w- c:\windows\system32\appraiser.dll
2015-03-25 13:19 . 2015-03-11 03:29 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-25 13:19 . 2015-03-11 03:26 892928 ----a-w- c:\windows\system32\aeinv.dll
2015-03-25 13:19 . 2015-03-11 03:29 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-25 13:19 . 2015-03-11 03:29 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-25 11:34 . 2015-03-25 11:34 -------- d-----w- c:\programdata\Malwarebytes
2015-03-25 11:33 . 2015-03-25 11:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-25 11:33 . 2015-03-25 11:33 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-25 11:30 . 2015-03-25 11:30 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-25 11:29 . 2015-03-25 11:29 -------- d-----w- c:\program files\7-Zip
2015-03-25 11:16 . 2015-03-25 11:16 -------- d-----w- c:\program files\VS Revo Group
2015-03-25 10:28 . 2015-03-25 10:28 104960 ----a-w- C:\kxldqpow.sys
2015-03-25 10:19 . 2015-03-25 10:21 -------- d-----w- C:\FRST
2015-03-24 15:40 . 2015-03-24 15:40 -------- d-----w- C:\OETemp
2015-03-24 15:31 . 2015-03-24 15:31 -------- d-----w- c:\users\Horst\AppData\Roaming\uwmtrncm
2015-03-22 18:13 . 2015-03-22 18:13 -------- d-----w- c:\users\Horst\AppData\Roaming\ljrtmhgs
2015-03-21 19:07 . 2015-03-21 19:07 -------- d-----w- c:\users\Horst\AppData\Roaming\jlwgqiga
2015-03-20 15:51 . 2015-03-20 15:51 -------- d-----w- c:\users\Horst\AppData\Roaming\dkznjdkn
2015-03-19 19:26 . 2015-03-19 19:26 -------- d-----w- c:\users\Horst\AppData\Roaming\xxxcowcb
2015-03-17 16:08 . 2015-03-17 16:08 -------- d-----w- c:\users\Horst\AppData\Roaming\anapqudk
2015-03-17 12:47 . 2015-03-17 12:47 -------- d-----w- c:\users\Horst\AppData\Roaming\olpkvwvv
2015-03-16 16:06 . 2015-03-16 16:06 -------- d-----w- c:\users\Horst\AppData\Roaming\jsvsfryq
2015-03-16 15:43 . 2015-03-16 15:43 -------- d-----w- c:\users\Horst\AppData\Roaming\qawldwoc
2015-03-15 18:45 . 2015-03-15 18:45 -------- d-----w- c:\users\Horst\AppData\Roaming\fitkpcsr
2015-03-13 19:28 . 2015-03-13 19:28 -------- d-----w- c:\users\Horst\AppData\Roaming\envwamoi
2015-03-11 07:41 . 2015-03-06 05:15 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-11 07:40 . 2015-02-03 03:12 988160 ----a-w- c:\windows\system32\drmv2clt.dll
2015-03-10 21:52 . 2015-03-10 21:52 -------- d-----w- c:\users\Horst\AppData\Roaming\dpzojlri
2015-03-10 06:46 . 2015-03-10 06:46 -------- d-----w- c:\users\Horst\AppData\Roaming\bofgqbau
2015-03-07 14:29 . 2015-03-07 14:29 -------- d-----w- c:\users\Horst\AppData\Roaming\dlqjfxpy
2015-03-01 09:09 . 2015-03-01 09:09 -------- d-----w- c:\users\Horst\AppData\Roaming\cveopnbf
2015-02-28 21:20 . 2015-02-28 21:20 -------- d-----w- c:\users\Horst\AppData\Roaming\fyggtkvz
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-16 15:20 . 2014-03-05 09:11 26176 ---ha-w- c:\windows\system32\hamachi.sys
2015-02-09 18:04 . 2012-07-16 23:36 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-09 18:04 . 2011-12-11 15:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 16:51 . 2015-02-15 17:32 37896 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-02-04 16:51 . 2015-02-15 17:32 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-02-04 16:51 . 2015-02-15 17:32 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-02-04 16:51 . 2015-02-15 17:32 105864 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-01-27 23:36 . 2015-02-12 12:47 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-24 13:55 . 2015-01-24 13:55 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-01-24 13:55 . 2015-01-24 13:55 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-01-24 13:55 . 2015-01-24 13:55 49664 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-01-24 13:55 . 2015-01-24 13:55 47104 ----a-w- c:\windows\system32\wuauclt.exe
2015-01-24 13:55 . 2015-01-24 13:55 35328 ----a-w- c:\windows\system32\wups2.dll
2015-01-24 13:55 . 2015-01-24 13:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-01-24 13:55 . 2015-01-24 13:55 29696 ----a-w- c:\windows\system32\wups.dll
2015-01-24 13:55 . 2015-01-24 13:55 2706944 ----a-w- c:\windows\system32\wucltux.dll
2015-01-24 13:55 . 2015-01-24 13:55 2045440 ----a-w- c:\windows\system32\wuaueng.dll
2015-01-24 13:55 . 2015-01-24 13:55 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-01-24 13:55 . 2015-01-24 13:55 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-01-09 02:48 . 2015-02-17 17:34 76800 ----a-w- c:\windows\system32\wdi.dll
2015-01-09 02:48 . 2015-02-17 17:34 635904 ----a-w- c:\windows\system32\perftrack.dll
2015-01-09 02:48 . 2015-02-17 17:34 27136 ----a-w- c:\windows\system32\powertracker.dll
2015-01-08 08:55 . 2011-08-25 11:54 249488 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Horst\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-03-23 726320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-03 19:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2015-03-23 815920]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2015-03-23 1004280]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-24 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-02-04 37352]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2015-03-23 434424]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-02-04 37896]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-21 14:50 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 18:04]
.
2015-03-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001Core.job
- c:\users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-04 16:59]
.
2015-03-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001UA.job
- c:\users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-04 16:59]
.
2015-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-15 08:49]
.
2015-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-15 08:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/?gws_rd=ssl
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Mit Mipony herunterladen - file://c:\program files\MiPony\Browser\IEContext.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - mystartsearch
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Hoolapp Android - c:\users\Horst\AppData\Roaming\HOOLAP~1\Hoolapp.exe
HKCU-Run-Wolf Team - Downloader - c:\users\Horst\Downloads\wolf team.exe
MSConfigStartUp-Google Update - c:\users\Horst\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
AddRemove-Steam App 230410 - c:\users\Horst\Steam\steam.exe
AddRemove-Steam App 440 - c:\users\Horst\Steam\steam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-26 09:44:42
ComboFix-quarantined-files.txt 2015-03-26 08:44
.
Vor Suchlauf: 14 Verzeichnis(se), 124.650.745.856 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 124.218.204.160 Bytes frei
.
- - End Of File - - DE572B8047604016ABF8EB696E1F58B6
A36C5E4F47E84449FF07ED3517B43A31
|
|
26.03.2015, 17:31
| #6 |
| /// the machine /// TB-Ausbilder | Geräusche und Werbung laufen im Hintergrund. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Geräusche und Werbung laufen im Hintergrund. |
|
30.03.2015, 20:36
| #7 |
| | Geräusche und Werbung laufen im Hintergrund. Hallo Schrauber, ich kann die Logs nicht direkt in den Code Tags sposten. Es wird immer angezeigt als zu langer Text. Was soll ich machen? Grüße hbi17 |
|
31.03.2015, 05:23
| #8 |
| /// the machine /// TB-Ausbilder | Geräusche und Werbung laufen im Hintergrund. Logs aufteilen und meherere Posts benutzen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.03.2015, 21:30
| #9 |
| | Geräusche und Werbung laufen im Hintergrund. Hallo Schrauber, sorry, wo waren meine Gedanken  mbam.txt Teil 1 Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.03.2015 Suchlauf-Zeit: 09:17:26 Logdatei: MBAM.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.27.04 Rootkit Datenbank: v2015.03.26.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Horst Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 371613 Verstrichene Zeit: 30 Min, 35 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 21 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [f18f5eec18720d29dbbf313258ab8080], PUP.Optional.Babylon.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [661af456e6a4b38367c9eb3f10f33cc4], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SweetIM, , [89f78ebced9dc57141c72c9b19ea0ef2], PUP.Optional.M2KDownloader.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\lbbbdmbjkgojacipgefbifkiebpcdjhn, , [f48c1e2c6426ca6c4dc8d7f21be88e72], PUP.Optional.Conduit.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ngnjhfpfhadncgafgbneeljaginimmmk, , [e99760ea82085ed85680bb08ae55837d], PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT, , [1769a2a8d9b1043214f710159a6b1ce4], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\1ClickDownload, , [067a9ab04f3b979fda89948be32209f7], PUP.Optional.DataMngr.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\DataMngr_Toolbar, , [f28edf6b67232115cf22b7665ca9a957], PUP.Optional.Delta.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\delta LTD, , [641c6fdbfd8d72c4afeeb46b1fe67b85], PUP.Optional.DigitalSites.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\DSiteProducts, , [443c95b5a3e773c3b2c30c3a26df26da], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\mysearchdial, , [dba5b199008a34029180ba65de27db25], PUP.Optional.SweetIM.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\SweetIM, , [5c24202a4248142273944a7d1ce7f50b], PUP.Optional.Conduit.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [0f7143074d3d7bbb6e43705b24df9868], PUP.Optional.AdLyrics.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\APPDATALOW\SOFTWARE\XingHaoLyrics, , [4a3673d7e3a7e5510dd3b88a63a2a759], PUP.Optional.Conduit.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ngnjhfpfhadncgafgbneeljaginimmmk, , [255bf357f2980630ba1d14af45bea45c], PUP.Optional.InstallCore.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [c7b9af9b197174c22319798f857fe21e], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\INSTALLCORE\mysearchdial, , [93ed9bafd0ba4fe78536150d19ec6898], PUP.Optional.InstallCore.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\INSTALLCORE, , [720e2c1efa9079bd8392ba64dc294fb1], PUP.Optional.Qone8, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [eb95a6a4bad078be08950128ee17d030], PUP.Optional.FastStart.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\MOZILLA\EXTENDS, , [522ec6840684f93daa4ddff7c53e1ee2], PUP.Optional.Conduit.A, HKU\S-1-5-21-143702537-521537602-2995010692-501\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [136dda706228c96d664b15b612f10000], Registrierungswerte: 8 PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\extensions\faststartff@gmail.com, , [bec266e48505dd5922d157e5e4213ec2] PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT|URL, SIM, , [1769a2a8d9b1043214f710159a6b1ce4] PUP.Optional.InstallCore.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, , [720e2c1efa9079bd8392ba64dc294fb1] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|TopResultURLFallback, hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ironmsd04&cd=2XzuyEtN2Y1L1QzutDtDtByCtCzztAtCyD0EtA0D0DyC0DzztN0D0Tzu0SyEzyyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=640852196&ir=, , [a7d98ac0b4d6c27464b6133a3cc90ef2] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURLFallback, hxxp://start.mysearchdial.com/favicon.ico, , [1f61db6fe0aafd39e2389ab3689de719] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Mysearchdial, , [2a5617336822013522f8fa5364a1b64a] PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1419775398&from=amt&uid=WDCXWD2500BEVS-08VAT2_WD-WX70A59U5187U5187&q={searchTerms}, , [512fe5659af0f640da44400dd5309868] PUP.Optional.FastStart.A, HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, , [522ec6840684f93daa4ddff7c53e1ee2] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 124 PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Roaming\DealPly, , [a8d8ac9ee7a39b9bfbabfa7d946fb848], PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Roaming\DealPly\UpdateProc, , [a8d8ac9ee7a39b9bfbabfa7d946fb848], PUP.Optional.OpenCandy, C:\Users\Horst\AppData\Roaming\OpenCandy, , [f58b98b28109d1659b3cc6b1fa09d32d], PUP.Optional.OpenCandy, C:\Users\Horst\AppData\Roaming\OpenCandy\48B3767C004545B1A69AA43D33357518, , [f58b98b28109d1659b3cc6b1fa09d32d], PUP.Optional.OpenCandy, C:\Users\Horst\AppData\Roaming\OpenCandy\C2465234345A42FD948EF681CBDAE7B5, , [f58b98b28109d1659b3cc6b1fa09d32d], PUP.Optional.M2KDownloader.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\jetpack\m2k@m2kdownloader.com, , [dda3b79351391125b1d41492c73c3ec2], PUP.Optional.M2KDownloader.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\jetpack\m2k@m2kdownloader.com\simple-storage, , [dda3b79351391125b1d41492c73c3ec2], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\APISupport, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\lib, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\options, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\tabs, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\tabs\back, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\toolbarAPI, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\mam, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\mam\scripts, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\mam\scripts\contentScripts, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\nativeMessaging, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\plugins, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\html, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\html, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox\images, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\res, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\api, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\msd, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\js\resources, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spbd, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spbd\images, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spsd, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spsd\images, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\images, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gadgetFrame, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\img, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\img, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\APPLICATION_BUTTON, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\APPLICATION_BUTTON\Js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\APPLICATION_BUTTON\resources, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\img, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\js\resources, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\dark, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\light, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\Optimizer, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\Optimizer\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\agreement, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\css\custom-theme, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\images, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\css\custom-theme, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\resources, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\buildSettings, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\Css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\resources, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\view, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\view\script, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\view\style, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\view\style\rsx, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\img, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\css, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\js, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\core, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.alerts, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.alerts\images, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.jscrollpane, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\sl, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\_locales, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\_locales\en, , [f78950fa147675c1e8b17239ce35a35d], PUP.Optional.SweetIM.A, C:\Program Files\SweetIM, , [c9b742088bff7db92081347707fc916f], PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Installers, , [c9b742088bff7db92081347707fc916f], Code:
ATTFilter Dateien: 622
PUP.Optional.OpenCandy.A, C:\Users\Horst\AppData\Roaming\OpenCandy\48B3767C004545B1A69AA43D33357518\LatestDLMgr.exe, , [532da1a9b8d2ee4810f9a3a9de236997],
PUP.Optional.OpenCandy.A, C:\Users\Horst\AppData\Roaming\OpenCandy\48B3767C004545B1A69AA43D33357518\Setupsft_chr_p1v7.exe, , [18687ecc2f5b9a9c005d407748bd7f81],
PUP.Optional.OpenCandy.A, C:\Users\Horst\AppData\Roaming\OpenCandy\C2465234345A42FD948EF681CBDAE7B5\LatestDLMgr.exe, , [3f414505860469cd1ced103c649de020],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx, , [77092b1fd7b32d09bf16aa1904ffc63a],
PUP.Optional.Delta.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage, , [344cbe8c4b3f68cefd114394ae5523dd],
PUP.Optional.Delta.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage-journal, , [a6da57f3d0ba05311cf2b72029da60a0],
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPly, , [a1df2d1db2d8d660aa72fde915ee12ee],
PUP.Optional.Babylon.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage, , [d8a8c486008a3006a057ffed689bc63a],
PUP.Optional.Babylon.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal, , [7010f7537812d75f12e5925a60a3dc24],
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage, , [ea964bff1b6f86b047598766a360f907],
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage-journal, , [7f0157f347437eb8a6faf3faa55efc04],
PUP.Optional.MindSpark.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_internetspeedtracker.dl.tb.ask.com_0.localstorage, , [b4ccaaa04a4049ed2917ce2508fbd42c],
PUP.Optional.MindSpark.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_internetspeedtracker.dl.tb.ask.com_0.localstorage-journal, , [96ea97b3f7935bdb51ef3cb732d1847c],
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\searchplugins\softonic.xml, , [443c33174941f73f7a2f7981ac577888],
PUP.Optional.MySearchDial.A, C:\Users\Public\Desktop\MySearchDial.url, , [423e60ea91f90e2814d04dd956af53ad],
PUP.Optional.MySpeedDial.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage, , [c0c0e268602ad75fdc2db189b94c1fe1],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Roaming\DealPly\UpdateProc\config.dat, , [a8d8ac9ee7a39b9bfbabfa7d946fb848],
PUP.Optional.OpenCandy, C:\Users\Horst\AppData\Roaming\OpenCandy\48B3767C004545B1A69AA43D33357518\6508.ico, , [f58b98b28109d1659b3cc6b1fa09d32d],
PUP.Optional.OpenCandy, C:\Users\Horst\AppData\Roaming\OpenCandy\C2465234345A42FD948EF681CBDAE7B5\47A647BD-4905-48C7-9539-A95F199019A4, , [f58b98b28109d1659b3cc6b1fa09d32d],
PUP.Optional.OpenCandy, C:\Users\Horst\AppData\Roaming\OpenCandy\C2465234345A42FD948EF681CBDAE7B5\B8DCC36F-4F05-445F-B1EE-FD8FC38CBBDA, , [f58b98b28109d1659b3cc6b1fa09d32d],
PUP.Optional.M2KDownloader.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\jetpack\m2k@m2kdownloader.com\simple-storage\store.json, , [dda3b79351391125b1d41492c73c3ec2],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\635031056225987473.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\AbstractionLayerBack.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\AbstractionLayerFront.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\blank.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\CT2319825.txt, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\CT2319825_public.txt, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\icon.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\initdata.json, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\manifest.json, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\shouldShowTB.txt, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\APISupport\APISupport.dll, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\framework.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\bcview.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\chromeBackstage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\chromeBackstage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\chromeBackstageLoader.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\communicator.back.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\compatibility.end.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\compatibility.service.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\compatibility.start.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\contentScript.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\iframeHost.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\iframeHost.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\JSONStringify.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\logger.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\match.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\nativeMsgCom.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\navigationHandler.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\pluginLoader.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\pricegongMigration.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\toolbarEnv.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\updatesManager.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\verlyEarly.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\lib\jquery-1.5.min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\options\Options.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\tabs\back\postNavigation.htm, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\js\toolbarAPI\toolbarAPI.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\mam\background.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\mam\settings.json, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\mam\scripts\background.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\mam\scripts\iframeHost.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\mam\scripts\iframeHost.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\mam\scripts\popup.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\mam\scripts\contentScripts\contentScript.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\nativeMessaging\nmHostConfig.json, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\nativeMessaging\nmHostManifest.json, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\nativeMessaging\TBMessagingHost.exe, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\plugins\ChromeApiPlugin.dll, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\initData.json, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\html\SearchBackground.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\html\searchInNewTabAPI.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\MostVisited.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\Applications.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\Bookmarks.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\CntRedirect.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\DeveloperMode.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\EmbeddedConfig.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\enable_disable.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\EventHandler.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\Global.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\LocationService.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\LogMsg.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\NewTabAPI.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\RecentlyClosed.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\SearchBox.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\SearchBoxIframe.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\ServiceMap.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\Settings.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\startupSequence.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\Thumbnails.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\Toolbar.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\Translation.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\API\Usage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\about_memory.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\alert_overlay.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\apps_page.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\bubble.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\chrome_shared.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\chrome_shared2.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\chrome_shared2_touch.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\dialogs.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\expandable_bubble.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\footer_menu.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\list.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\menu.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\most_visited_page.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\nav_dot.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\new_tab.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\new_tab_theme.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\overlay.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\spinner.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\suggestions_page.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\table.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\tabs.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\throbber.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\tile_page.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\trash.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\tree.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\ui_account_tweaks.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\css\widgets.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\html\alert_overlay.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\html\appLauncher.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\html\loadfile.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\html\NewTabBackground.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\html\new_tab.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\html\Options.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\html\redirect.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\html\trash.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\close_bar_mask.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\exclamationIcon.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\history_section.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\app_promo_button.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\check.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\checkbox_black.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\checkbox_white.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\closed_window.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\close_bar.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\close_bar_2x.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\close_bar_h.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\close_bar_h_2x.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\close_bar_mask_2x.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\close_bar_p.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\close_bar_p_2x.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\detected_sd.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\detected_usb.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\disabled_select.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\disclosure_triangle_mask.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\downloads_section.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\favicon.ico, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\favicon.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\folder_closed.png, , [f78950fa147675c1e8b17239ce35a35d],
|
|
31.03.2015, 21:36
| #10 |
| | Geräusche und Werbung laufen im Hintergrund. MBAM.txt Teil 3 Code:
ATTFilter ljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\folder_closed_rtl.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\folder_open.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\folder_open_rtl.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\gear.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\google-transparent.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\guest_icon_standalone.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\help.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\icon128.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\icon16.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\icon48.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\icon_checkmark.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\icon_file.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\icon_folder.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\icon_warning.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\icon_warning2.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\IDR_PRODUCT_LOGO.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\ImagesRepository.json, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\insert.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\minus.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\nub.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\nub_mask.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\otr_icon_standalone.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\phishing_icon.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\plus.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\select.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\small_bubble.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\spinner.svg, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\star_small.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\success.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\throbber.svg, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\thumbnailPlaceHolder.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\trash.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\trashBinN.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\WebStore128.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\x-hover.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\x.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\img\__IDR_PRODUCT_LOGO.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\context_menu_handler.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\i18n_template.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\alert_overlay.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\appLauncher.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\apps_page.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\autocomplete_list.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\Base64.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\bubble.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\card_slider.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\color-thief.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\command.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\command_line.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\context_menu_button.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\cr.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\database.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\dialogs.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\dot_list.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\drag_wrapper.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\event_target.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\event_tracker.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\expandable_bubble.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\focus_outline_manager.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\i18n_process.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\i18n_template2.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\jquery.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\link_controller.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\loadFile.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\load_time_data.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\local_strings.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\logerror.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\logging.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\md5.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\media_common.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\menu.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\menu_button.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\menu_item.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\most_visited_page.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\nav_dot.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\NewTabBackground.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\newTabBeforeStart.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\newTabLoadTimeData.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\new_tab.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\options.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\other_sessions.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\overlay.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\page_list_view.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\page_switcher.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\parse_html_subset.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\position_util.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\promise.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\quantize.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\recently_closed.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\repeating_button.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\SearchBoxPage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\search_history.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\splitter.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\suggestions_page.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\tile_page.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\touch_handler.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\trash.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\tree.css.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\tree.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\ui.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\ui_account_tweaks.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\util.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\Search\NewTabPages\js\ZipFile.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\backstage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\version.txt, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\al.view.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox\aboutBox.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox\images\logo.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox\images\OK-Button-Default.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox\images\OK-Button-MouseOver.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox\images\OK-Button-OnClick.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox\images\truste.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox\images\x.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\aboutBox\js\aboutBox.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\appManager.controller.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\appManager.model.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\appManager.view.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\css\toolbar.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\minibrowser24.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\ajax-loader.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\buttonSprites.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\chevron_sprites.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\fallback24.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\ie8_mouseover_button.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\ie8_onclick_button.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\loader-icon.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\menu_arrow.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\minibrowser.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\mp_sprites.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\new_chevron_sprites.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\rounded_corners_left_transparent.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\rounded_corners_left_white.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\rounded_corners_left_white_34.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\rounded_corners_right_transparent.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\rounded_corners_right_white.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\rounded_corners_right_white_34.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\separator.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\separator_hover.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\img\uus.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ac\res\yoxscroll.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\api\toolbarapi.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\api\webAppApi.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\api\webAppApiFront.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\msd\excanvas.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\msd\trusted.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\msd\trusted.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\msd\untrusted.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\msd\untrusted.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\msd\untrusted.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\options.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\css\jquery.jscrollpane.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\css\options.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\css\reset.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\bg-hide-click.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\bg-hide.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\checkbox-check-off.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\checkbox-check-on.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\ic_Closer.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\ic_Closer_hover.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\logo.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\minibrowser.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\scroller.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\sprite-ok-button.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\truste.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\images\x.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\js\html5SupportIe.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\js\options.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\js\resources\html5shiv.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\js\resources\jquery.jscrollpane.min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\options\js\resources\jquery.mousewheel.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\js\searchProtectorManager.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spbd\bubble.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spbd\bubble.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spbd\main.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spbd\images\information.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spbd\images\x-default-LTR.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spbd\images\x-default-RTL.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spbd\images\x-mouseover-LTR.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spbd\images\x-mouseover-RTL.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spsd\main.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spsd\SearchProtector.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spsd\settings.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spsd\images\ok-button.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spsd\images\separation-line.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\sp\spsd\images\warning.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menus.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\popups.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\DialogsAPI.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\excanvas.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\generalDialogStyle.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\PIE.htc, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\settings.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\main.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\ToolbarFirstTimeDialog.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\ToolbarFirstTimeDialog.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\app-store-icon.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\arrow.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\dialog_tip_left.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\dialog_tip_right.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\divider.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\emailNotifier.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\facebook.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\radio.GIF, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\Thumbs.db, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\truste_welcome.GIF, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\ftd\images\weather.GIF, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\main.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\restartDialog.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\restartDialog.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\images\2.0--spec--kicker.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\images\content-pattern.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\images\content-sep.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\images\OK-Button-Default.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\images\OK-Button-MouseOver.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\images\OK-Button-OnClick.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\dlg\restart\images\x.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gadgetFrame\gf.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gadgetFrame\lgf.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\gf.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\lgf.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\css\gf.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\css\gf_ie.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\img\ie_back.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\img\loader.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\img\resize.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\img\sprites.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\js\gf.view.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\gf\js\lgf.view.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\popup.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\css\menu.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\img\arrow-down-strong.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\img\arrow-down.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\img\arrow-left-strong.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\img\arrow-left.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\img\arrow-right-strong.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\img\arrow-right.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\img\arrows.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\js\jquery.ellipsis.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\js\jquery.scrollTo-1.4.2-min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\js\menu.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\js\renderHandler.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\js\scrollers.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\ui\menu\js\showHandler.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\browserAppApi.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\APPLICATION_BUTTON\bgpage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\APPLICATION_BUTTON\Js\bgpage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\APPLICATION_BUTTON\resources\defaultEngineImage.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\bgPage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\popup.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\css\en.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\css\en_rtl.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\css\jquery.jscrollpane.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\AccountManager.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\bgPage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\EN.model.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\IMAPExecuter.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\Inboxer.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\Invoker.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\MailDecoder.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\MailMerger.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\POP3Executer.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\Popup.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\providerHelper.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\Providers.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\SettingsManager.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\Timer.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\Translation.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\EMAIL_NOTIFIER\js\Utils.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\bgpage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\embedded.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\popup.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\css\embedded.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\css\popup.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\css\reset.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\js\bgpage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\js\embedded.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\js\higlighter_script.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\HIGHLIGHTER\js\popup.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\bgpage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\popup.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\css\popup.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\img\arrows.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\img\badges.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\img\icons.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\js\bgpage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\js\popup.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\MULTI_RSS\js\resources\webAppUtils.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\bgpage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\embedded.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\NotificationPopup.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\Settings.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\css\gadget.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\css\general.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\css\Main.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\css\newMain.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\css\settings.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\css\ui.stepper.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\closeIcon.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\downArrow.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\settingsIcon.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\upArrow.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\dark\close.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\dark\Next.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\dark\Next_hover.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\dark\powered-by.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\dark\Prev.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\dark\Prev_hover.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\dark\settings.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\light\close.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\light\Next.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\light\Next_hover.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\light\powered-by.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\light\Prev.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\light\Prev_hover.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\images\light\settings.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\AppName.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\bgpage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\bgpageEarly.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\commons.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\jquery.ezmark.min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\notification.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\NotificationSettings.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\notificationUIManger.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\Settings.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\stepper.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\NOTIFICATION\js\ToolbarAndAppsSettings.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\Optimizer\bgpage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\Optimizer\js\bgpage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\bgpage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\bgpage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\pg_offers.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\pg_offers.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\agreement\agree.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\agreement\agree.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\agreement\Close.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\agreement\Image.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\agreement\Logo.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\agreement\OK_Btn.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\agreement\Topbg.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\css\gadget.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\css\ie7styles.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\css\iestyle.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\css\custom-theme\jquery-ui-1.8.10.custom.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\PRICE_GONG\images\icon.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\bgpage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\embedded.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\popup2.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\css\gadget.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\css\jquery.jscrollpane.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\css\reset.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\css\stations.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\css\custom-theme\jquery-ui-1.8.10.custom.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\bgpage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\bgpageEarly.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\embedded.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\embeddedEarly.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\localization.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\player.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\popup.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\resources\BrowserDetect.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\resources\jquery-ui-1.8.10.custom.min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\resources\jquery.jscrollpane.min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\resources\jquery.scrollTo-1.4.2-min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\resources\radioCommon.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\resources\system.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\RADIO_PLAYER\js\resources\utils.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\bgpage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\embedded.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\information.popup.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\buildSettings\SearchApp_Ant.xml, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\Css\information.popup.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\js\bgpage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\js\common.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\js\contentManager.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\js\historyProvider.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\js\information.popup.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\js\layoutManager.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\js\searchListener.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\js\selectionListener.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\js\suggestProvider.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\resources\history--x-default.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\resources\history--x-mouseover.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\resources\menu.icon.apps.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\view\script\view.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\view\style\default.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\view\style\rsx\dd-arrow.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\SEARCH\view\style\rsx\ie8.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\bgpage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\popup.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\popup.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\img\icons.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\img\inbox.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\img\scroll_down.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\img\scroll_up.png, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\js\bgpage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\js\localization.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\TWITTER\js\popup.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\bgpage.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\popup.html, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\css\gadget.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\css\ie7styles.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\css\iestyle.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\js\bgpage.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\js\common.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\js\date-functions.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\js\gadget.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\js\jquery.autocomplete.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\js\jquery.textshadow.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\js\logic.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\js\main.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\al\wa\WEATHER\js\xPath.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\core\corelibs.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\core\framework.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\core\utils.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\al.view.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\al.viewPerformanceLog.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\background.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\ie_fix.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.mousewheel.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.text-overflow.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.tmpl.min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.xml2json.custom.min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.xml2json.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\json2.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\json2.min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\script2injectEmbedded.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\script2injectPopup.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\sdk.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.alerts\jquery.alerts.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.alerts\jquery.alerts.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.alerts\images\help.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.alerts\images\important.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.alerts\images\info.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.alerts\images\title.gif, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.jscrollpane\jquery.jscrollpane.css, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\lib\jquery.jscrollpane\jquery.jscrollpane.min.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\tb\sl\serviceLayer.js, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.31.4.510_1\_locales\en\messages.json, , [f78950fa147675c1e8b17239ce35a35d],
PUP.Optional.MyStartSearch.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.mystartsearch.com/?type=hp&ts=1419775398&from=amt&uid=WDCXWD2500BEVS-08VAT2_WD-WX70A59U5187U5187",), ,[afd1dc6eb1d99c9aae5ee84b3bcb22de]
PUP.Optional.QuickStart.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), ,[ff8183c702889c9a947121148284ed13]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.admin", false);), ,[354b6edc4842f04690b1b97d4eb8639d]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (ferences
Code:
ATTFilter /* Do not edit this file.
*
), ,[047c1832751574c2053ce353769016ea]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (references
/* Do not edit this file.
*
* If you make changes to this file ), ,[8cf4d674e8a2a88e96ab9f976b9b18e8]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (e.
*
* If you make changes to this file while t), ,[463a78d27a10e74f162b89adc046847c]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (ces
/* Do not edit this file.
*
* If you), ,[b8c8cb7f7515b581b38eae88f41220e0]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (erences
/* Do not edit this file.
*
* If ), ,[1967e565bcce83b31b26f93d8680bd43]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
*
* If), ,[98e86fdbe7a33204b889f54192749e62]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (ferences
/* Do not edit this file.
*
* If), ,[c6bad9711e6c171f2819c96d2fd713ed]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
*
* If you m), ,[daa6f258deacdb5b00410a2cd333ae52]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (es
/* Do not edit this file.
*
* If y), ,[f38d202a95f5db5b18296accb74f7a86]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (references
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be ove), ,[e19f6bdf09813bfb7cc549edb2547e82]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (tion is running,
* the changes will be overwritten when the applicatio), ,[e799c08a88027bbbb8896acc0204619f]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: ( this file.
*
* If you make changes to this fil), ,[dca4e9610d7d79bde35e51e5a36342be]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (ces
/* Do not edit this file.
*
* If you make c), ,[98e8b1995d2d50e6fe435cda0ff71be5]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
*
* If you m), ,[0c747ccea2e8ab8b162bd066f51146ba]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (ferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwrit), ,[f58b74d63b4fee4874cdb6808e7814ec]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (n is running,
* the changes will be overwritten w), ,[552b1b2f05853df960e1320412f4e51b]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (ces
/* Do not edit this file.
*
* If you make ), ,[8df376d43a505dd98db481b5af57bf41]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (s
/* Do not edit this file.
*
* If you m), ,[2c5491b98802999df44d67cfa2641ae6]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (erences
/* Do not edit this file.
*
* If y), ,[dda32b1fd5b550e658e9270f55b17b85]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (ences
/* Do not edit this file.
*
* If you make changes to this f), ,[6e12193186041c1a172aaa8c33d3c33d]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: ( this file.
*
* If you make changes to this file whil), ,[ea965ded404ae3532a17e056af5724dc]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the a), ,[5f211733cdbd2313291840f6778f4ab6]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (s running,
* the changes will be overwritten when), ,[3050d6747d0da6904bf641f5de2853ad]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (ces
/* Do not edit this file.
*
* If you make changes ), ,[94ec50fa5832dd59a1a0fc3a8e78619f]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (Do not edit this file.
*
* If you make changes t), ,[5a26cd7d9af02d09b68b082eaf5728d8]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=f4ced6d800000000000000242cbc6b4c");), ,[047c2228f9911f17e861fa3ce81e16ea]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (AccessId", "2223d96f3879f5645d07a88ad94db621");
user_pref("PreisHeld.Activated", true);
user_pref("PreisHeld.lastUpdateDomains", 1420401329);
), ,[c1bf7dcd008aff37f4556ec81ee8c937]
PUP.Optional.Softonic.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\prefs.js, Gut: (), Schlecht: (lastUpdateDomains", 1420401329);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1427301959);
user_pref("app.update.lastUpdat), ,[4a368cbe048641f587c23006ba4c7987]
Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 27/03/2015 um 16:15:41
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-26.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Horst - CONTROL
# Gestarted von : C:\Users\Horst\Desktop\AdwCleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\iMesh Applications
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Horst\Qtrax
Ordner Gelöscht : C:\Users\Horst\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Horst\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Horst\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Horst\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Horst\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Horst\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Horst\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Horst\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Horst\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Horst\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Horst\AppData\Roaming\HoolappforAndroid
Ordner Gelöscht : C:\Users\Horst\AppData\Roaming\YourFileDownloader
Ordner Gelöscht : C:\Users\Horst\AppData\Roaming\Mipony
Ordner Gelöscht : C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh
Ordner Gelöscht : C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni
Datei Gelöscht : C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\invalidprefs.js
Datei Gelöscht : C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\searchplugins\bingp.xml
***** [ Geplante Tasks ] *****
Task Gelöscht : Dealply
Task Gelöscht : DSite
Task Gelöscht : Hoolapp For Android
Task Gelöscht : Hoolapp Init
Task Gelöscht : QtraxPlayer
Task Gelöscht : Your File Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sparpilot@sparpilot.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\d28d8ce03ab849
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3017DF27-5E32-4317-8740-14DD077E9CAD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CDC7C307-DCF2-456D-95AD-92C50F479D61}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\qtrax
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\estdemin
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v36.0.4 (x86 en-US)
-\\ Google Chrome v41.0.2272.101
*************************
AdwCleaner[R0].txt - [5044 Bytes] - [27/03/2015 16:12:47]
AdwCleaner[S0].txt - [4966 Bytes] - [27/03/2015 16:15:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5025 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Premium x86
Ran by Horst on 27.03.2015 at 16:21:11,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Users\Horst\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Horst\music\qtrax media library"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Horst\AppData\Roaming\mozilla\firefox\profiles\qlhpixjd.default\minidumps [85 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.03.2015 at 16:25:58,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
31.03.2015, 21:39
| #11 |
| | Geräusche und Werbung laufen im Hintergrund. frst.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Horst (administrator) on CONTROL on 27-03-2015 16:29:12 Running from C:\Users\Horst\Desktop Loaded Profiles: Horst (Available profiles: Horst & Gast) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe () C:\Windows\System32\PnkBstrB.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Akamai Technologies, Inc.) C:\Users\Horst\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Horst\AppData\Local\Akamai\netsession_win.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-23] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Horst\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-143702537-521537602-2995010692-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-143702537-521537602-2995010692-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {BBAC3AB6-0FC6-4DDE-9CDC-8DC5C74EBB06} URL = https://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] () FF Plugin: @esn/npbattlelog,version=2.4.0 -> C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-143702537-521537602-2995010692-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Horst\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Extension: Avira Browser Safety - C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\Extensions\abs@avira.com [2015-03-10] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1419775398&from=amt&uid=WDCXWD2500BEVS-08VAT2_WD-WX70A59U5187U5187" CHR DefaultSearchKeyword: Default -> google.com_ CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Battlefield Heroes) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-07-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (The Walking Dead) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mldegbgicinanjcfknlopehddepkpial [2014-07-20] CHR Extension: (Google Wallet) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Steel Clash) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\odlndclfdjfdbdgkjghpmkahffaghldh [2014-07-20] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-23] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [282104 2014-07-11] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-02-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-02-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-02-04] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-02-04] (Avira Operations GmbH & Co. KG) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-02-04] (Avira GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Horst\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-27 16:29 - 2015-03-27 16:29 - 00011069 _____ () C:\Users\Horst\Desktop\FRST.txt 2015-03-27 16:25 - 2015-03-27 16:25 - 00000999 _____ () C:\Users\Horst\Desktop\JRT.txt 2015-03-27 16:18 - 2015-03-27 16:18 - 00005105 _____ () C:\Users\Horst\Desktop\AdwCleaner[S0].txt 2015-03-27 16:12 - 2015-03-27 16:16 - 00000000 ____D () C:\AdwCleaner 2015-03-27 09:56 - 2015-03-27 09:56 - 00166643 _____ () C:\MBAM.txt 2015-03-27 09:16 - 2015-03-27 09:16 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-27 09:16 - 2015-03-27 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-27 09:15 - 2015-03-27 09:15 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-03-27 09:15 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-27 09:15 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-27 09:09 - 2015-03-27 09:09 - 01388782 _____ (Thisisu) C:\Users\Horst\Desktop\JRT.exe 2015-03-27 09:08 - 2015-03-27 09:08 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Horst\Desktop\mbam-setup-2.1.4.1018.exe 2015-03-27 09:08 - 2015-03-27 09:08 - 02168320 _____ () C:\Users\Horst\Desktop\AdwCleaner_4.113.exe 2015-03-26 09:44 - 2015-03-26 09:44 - 00012474 _____ () C:\ComboFix.txt 2015-03-26 09:30 - 2015-03-26 09:44 - 00000000 ____D () C:\Qoobox 2015-03-26 09:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-26 09:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-26 09:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-26 09:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-26 09:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-26 09:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-26 09:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-26 09:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-26 09:29 - 2015-03-26 09:43 - 00000000 ____D () C:\Windows\erdnt 2015-03-26 09:27 - 2015-03-26 09:27 - 05615749 ____R (Swearware) C:\Users\Horst\Desktop\ComboFix.exe 2015-03-25 14:19 - 2015-03-11 04:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 14:19 - 2015-03-11 04:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 14:19 - 2015-03-11 04:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 14:19 - 2015-03-11 04:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 14:19 - 2015-03-11 04:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 14:19 - 2015-03-11 04:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-03-25 14:19 - 2015-03-11 04:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 14:19 - 2015-03-11 04:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-25 12:34 - 2015-03-27 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-25 12:33 - 2015-03-27 16:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-25 12:33 - 2015-03-27 10:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-25 12:30 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-25 12:29 - 2015-03-25 12:29 - 01182149 _____ () C:\Users\Horst\Downloads\7z936.exe 2015-03-25 12:29 - 2015-03-25 12:29 - 00000000 ____D () C:\Users\Horst\Desktop\mbar-1.09.1.1004 2015-03-25 12:29 - 2015-03-25 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-03-25 12:29 - 2015-03-25 12:29 - 00000000 ____D () C:\Program Files\7-Zip 2015-03-25 12:22 - 2015-03-25 12:22 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Horst\Desktop\tdsskiller.exe 2015-03-25 12:20 - 2015-03-25 12:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Horst\Desktop\mbar-1.09.1.1004.exe 2015-03-25 12:16 - 2015-03-25 12:16 - 00001222 _____ () C:\Users\Horst\Desktop\Revo Uninstaller.lnk 2015-03-25 12:16 - 2015-03-25 12:16 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-25 12:15 - 2015-03-25 12:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Horst\Downloads\revosetup95.exe 2015-03-25 11:44 - 2015-03-25 11:44 - 00001722 _____ () C:\Users\Horst\Downloads\GMER.txt 2015-03-25 11:28 - 2015-03-25 11:28 - 00104960 _____ (GMER) C:\kxldqpow.sys 2015-03-25 11:20 - 2015-03-25 11:21 - 00032470 _____ () C:\Users\Horst\Downloads\Addition.txt 2015-03-25 11:19 - 2015-03-27 16:29 - 00000000 ____D () C:\FRST 2015-03-25 11:19 - 2015-03-25 11:21 - 00035870 _____ () C:\Users\Horst\Downloads\FRST.txt 2015-03-25 11:16 - 2015-03-25 11:16 - 00380416 _____ () C:\Users\Horst\Downloads\Gmer-19357.exe 2015-03-24 21:47 - 2015-03-24 21:47 - 00050994 _____ () C:\Users\Horst\AVSCAN-20150324-173027-9281AE55.LOG 2015-03-24 17:28 - 2015-03-24 17:28 - 01135104 _____ (Farbar) C:\Users\Horst\Desktop\FRST.exe 2015-03-24 17:27 - 2015-03-24 17:27 - 00000472 _____ () C:\Users\Horst\Downloads\defogger_disable.log 2015-03-24 17:27 - 2015-03-24 17:27 - 00000000 _____ () C:\Users\Horst\defogger_reenable 2015-03-24 17:25 - 2015-03-24 17:25 - 00050477 _____ () C:\Users\Horst\Downloads\Defogger.exe 2015-03-24 17:09 - 2015-03-27 16:17 - 00481768 _____ () C:\Windows\PFRO.log 2015-03-24 17:06 - 2015-03-24 17:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-24 16:40 - 2015-03-24 16:40 - 00000000 ____D () C:\OETemp 2015-03-24 16:31 - 2015-03-24 16:31 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\uwmtrncm 2015-03-22 19:13 - 2015-03-22 19:13 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\ljrtmhgs 2015-03-21 20:07 - 2015-03-21 20:07 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\jlwgqiga 2015-03-20 16:51 - 2015-03-20 16:51 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dkznjdkn 2015-03-19 20:26 - 2015-03-19 20:26 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\xxxcowcb 2015-03-17 17:08 - 2015-03-17 17:08 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\anapqudk 2015-03-17 13:47 - 2015-03-17 13:47 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\olpkvwvv 2015-03-16 17:06 - 2015-03-16 17:06 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\jsvsfryq 2015-03-16 16:43 - 2015-03-16 16:43 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\qawldwoc 2015-03-15 20:26 - 2015-03-27 16:17 - 00001736 _____ () C:\Windows\setupact.log 2015-03-15 20:26 - 2015-03-15 20:26 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-15 19:45 - 2015-03-15 19:45 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\fitkpcsr 2015-03-13 20:28 - 2015-03-13 20:28 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\envwamoi 2015-03-11 08:43 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 08:43 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 08:43 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 08:43 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 08:43 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 08:43 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 08:43 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 08:43 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 08:43 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 08:43 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 08:43 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 08:43 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 08:43 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 08:43 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 08:43 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 08:43 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 08:43 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 08:43 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 08:43 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 08:43 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 08:43 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 08:43 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 08:43 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 08:43 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 08:43 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 08:43 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 08:43 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 08:43 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 08:43 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 08:43 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 08:43 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 08:43 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 08:43 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 08:43 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 08:41 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 08:41 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 08:41 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 08:41 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 08:41 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 08:41 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 08:41 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 08:41 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 08:41 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 08:41 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 08:41 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 08:41 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 08:41 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 08:41 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 08:41 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 08:41 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 08:41 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 08:41 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 08:41 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 08:41 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 08:41 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 08:41 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 08:41 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 08:41 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 08:41 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 08:40 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-11 08:40 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 08:40 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 08:40 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 08:40 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 08:40 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 08:40 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 08:40 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 08:40 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 08:40 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 08:40 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 08:40 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 08:40 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 08:40 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 08:40 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 08:40 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 08:40 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 08:40 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 08:40 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 08:40 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 08:40 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 08:40 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 08:40 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 08:40 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 08:40 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-10 22:52 - 2015-03-10 22:52 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dpzojlri 2015-03-10 07:46 - 2015-03-10 07:46 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\bofgqbau 2015-03-07 15:29 - 2015-03-07 15:29 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dlqjfxpy 2015-03-01 10:09 - 2015-03-01 10:09 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\cveopnbf 2015-03-01 10:03 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-28 22:20 - 2015-02-28 22:20 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\fyggtkvz ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-27 16:27 - 2009-07-14 05:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-27 16:27 - 2009-07-14 05:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-27 16:24 - 2011-08-25 12:43 - 01561837 _____ () C:\Windows\WindowsUpdate.log 2015-03-27 16:17 - 2013-05-15 09:49 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-27 16:17 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-27 16:15 - 2011-08-25 12:47 - 00000000 ____D () C:\Users\Horst 2015-03-27 16:04 - 2012-07-17 00:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-27 15:40 - 2013-05-15 09:49 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-27 15:04 - 2013-12-04 17:59 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001UA.job 2015-03-27 10:04 - 2009-07-14 09:47 - 00000000 ____D () C:\Windows\de-DE 2015-03-27 10:01 - 2012-12-10 02:15 - 00000000 ____D () C:\Users\Horst\AppData\Local\CRE 2015-03-26 18:04 - 2013-12-04 17:59 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001Core.job 2015-03-26 09:44 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2015-03-26 09:44 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-03-26 09:43 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-03-26 09:23 - 2014-12-12 16:01 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-26 09:23 - 2014-05-07 15:09 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-25 10:02 - 2013-05-09 10:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-24 20:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-03-24 16:55 - 2015-01-20 19:10 - 00000000 ____D () C:\$Windows.~BT 2015-03-24 16:46 - 2014-10-26 20:09 - 00000000 ____D () C:\Program Files\WarThunder 2015-03-24 16:45 - 2014-07-14 13:57 - 00000000 ____D () C:\Users\Horst\Steam 2015-03-24 16:45 - 2014-03-15 13:58 - 00000000 ____D () C:\Users\Horst\AppData\Local\Unity 2015-03-24 16:40 - 2015-02-14 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-24 16:40 - 2015-02-14 20:00 - 00000000 ____D () C:\ProgramData\Avira 2015-03-24 16:40 - 2015-02-14 20:00 - 00000000 ____D () C:\Program Files\Avira 2015-03-24 16:40 - 2014-08-06 10:51 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-24 16:39 - 2014-06-10 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-03-24 16:39 - 2014-05-30 07:38 - 00000000 ____D () C:\Program Files\Origin 2015-03-24 16:38 - 2014-05-30 07:38 - 00000000 ____D () C:\ProgramData\Origin 2015-03-24 16:37 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-24 16:34 - 2011-08-25 13:39 - 00000000 ____D () C:\Windows\Panther 2015-03-23 15:46 - 2015-02-15 18:40 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\Avira 2015-03-21 19:36 - 2013-05-15 09:50 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-13 14:41 - 2014-01-17 18:17 - 02346993 _____ () C:\Users\Horst\Downloads\TechnicLauncher (1).exe 2015-03-13 14:40 - 2014-01-14 13:59 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\.technic 2015-03-12 08:24 - 2009-07-14 05:33 - 00280264 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 08:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-03-12 08:15 - 2013-08-15 13:28 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 08:05 - 2011-08-25 13:08 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-10 16:09 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2014-06-10 18:45 - 2014-07-11 11:22 - 0138056 _____ () C:\Users\Horst\AppData\Roaming\PnkBstrK.sys 2013-07-29 17:59 - 2014-10-23 12:24 - 0000089 _____ () C:\Users\Horst\AppData\Roaming\WB.CFG 2013-07-31 13:19 - 2014-01-03 05:40 - 0000005 _____ () C:\Users\Horst\AppData\Roaming\WBPU-Q5-TTL.DAT 2013-07-29 17:59 - 2014-01-31 02:41 - 0000005 _____ () C:\Users\Horst\AppData\Roaming\WBPU-TTL.DAT Files to move or delete: ==================== C:\Users\Horst\jagex_cl_runescape_LIVE.dat C:\Users\Horst\libeay32.dll C:\Users\Horst\msvcp110.dll C:\Users\Horst\msvcr110.dll C:\Users\Horst\Qt5Core.dll C:\Users\Horst\Qt5Gui.dll C:\Users\Horst\Qt5Network.dll C:\Users\Horst\Qt5Sql.dll C:\Users\Horst\Qt5Widgets.dll C:\Users\Horst\ssleay32.dll Some content of TEMP: ==================== C:\Users\Horst\AppData\Local\temp\avgnt.exe C:\Users\Horst\AppData\Local\temp\Quarantine.exe C:\Users\Horst\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 10:24 ==================== End Of Log ============================ --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Horst at 2015-03-27 16:30:02
Running from C:\Users\Horst\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.36 beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.502 - Avira Operations GmbH & Co. KG)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 5.7.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SketchUp 2013 (HKLM\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 2014 (HKLM\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.10194 - TeamViewer GmbH)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Horst\AppData\Roaming\uwmtrncm\colers.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Horst\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Horst\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Horst\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Horst\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Horst\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-143702537-521537602-2995010692-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Horst\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
24-03-2015 16:31:32 Windows Update
25-03-2015 12:17:04 Revo Uninstaller's restore point - Update for Image Editor
25-03-2015 12:19:13 Revo Uninstaller's restore point - Update for Zip Opener
25-03-2015 17:47:26 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2015-03-26 09:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1AF57493-ECC1-4C3F-8EB2-3F7529998F96} - System32\Tasks\{B01BF3FE-4D0F-4012-983E-3E80F9C32263} => pcalua.exe -a C:\Users\Horst\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
Task: {1B389032-6FC5-42BD-9D73-DA10B563CDE0} - System32\Tasks\{6369C025-2599-425D-B9D6-25CC92766567} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.2.0.106/pl/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {630A5B52-A9BD-4F3D-961A-120248423B1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)
Task: {9579F568-C4BB-41A6-B8E7-F7F9D2ED0599} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)
Task: {AFABA366-ADEB-4832-AA39-DAC4A9870B4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {B76CD957-9487-4D14-97CC-F05CD1DE7B2D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001UA => C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-04] (Facebook Inc.)
Task: {D2089729-833A-44ED-B915-1F0A2856741D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001Core => C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-04] (Facebook Inc.)
Task: {DE87EC71-49C8-4744-92ED-A1913D41B0C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001Core.job => C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001UA.job => C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-06-10 18:45 - 2014-07-11 18:16 - 00282104 _____ () C:\Windows\system32\PnkBstrB.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-143702537-521537602-2995010692-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
==================== Accounts: =============================
Administrator (S-1-5-21-143702537-521537602-2995010692-500 - Administrator - Disabled)
Gast (S-1-5-21-143702537-521537602-2995010692-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-143702537-521537602-2995010692-1002 - Limited - Enabled)
Horst (S-1-5-21-143702537-521537602-2995010692-1001 - Administrator - Enabled) => C:\Users\Horst
==================== Faulty Device Manager Devices =============
Name: Ericsson F3507g Mobile Broadband Minicard Composite Device
Description: Ericsson F3507g Mobile Broadband Minicard Composite Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
Percentage of memory in use: 29%
Total physical RAM: 3037.3 MB
Available physical RAM: 2142.54 MB
Total Pagefile: 6072.89 MB
Available Pagefile: 4763.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:112.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 119DBBCC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
01.04.2015, 08:49
| #12 |
| /// the machine /// TB-Ausbilder | Geräusche und Werbung laufen im Hintergrund.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.04.2015, 22:02
| #13 |
| | Geräusche und Werbung laufen im Hintergrund. Eset Log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=efdf59d7e060af418314517e65384df3
# engine=23193
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-01 08:44:19
# local_time=2015-04-01 10:44:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3986488 179552250 0 0
# scanned=207031
# found=30
# cleaned=0
# scan_time=9039
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gast\AppData\LocalLow\Winload\ldrtbWinl.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gast\AppData\LocalLow\Winload\tbWinl.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\anapqudk\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\bmmbuabo\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\bofgqbau\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\cveopnbf\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\dkznjdkn\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\dlqjfxpy\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\dpzojlri\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\envwamoi\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\fyggtkvz\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\jlwgqiga\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\jnwqrctf\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\jsvsfryq\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\lhwjgmds\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\ljrtmhgs\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\nlvsjqyi\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\nsfrsank\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\olpkvwvv\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\qawldwoc\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\ttzakiju\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\uwmtrncm\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\wsvgnmpi\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\wwqhiwsw\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\xxxcowcb\colers.dll"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Horst\AppData\Roaming\yntknacf\colers.dll"
sh=E76B7B1E21BA8246705AA65F60631D46116A7FCE ft=1 fh=b6434b447d05deba vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Horst\Downloads\Misa's-Realistic-HD-Texture-Pack-lnstall.exe"
sh=B2E1B908C34CBAE62FCA88AAEE4DCC828B286AD7 ft=1 fh=18cb87d6996291ef vn="Variante von Win32/AdWare.iBryte.AR Anwendung" ac=I fn="C:\Users\Horst\Downloads\Setup.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="${Memory}"
Code:
ATTFilter Results of screen317's Security Check version 0.99.99 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 71 Java version 32-bit out of Date! Adobe Flash Player 16.0.0.305 Flash Player out of Date! Adobe Reader 10.1.11 Adobe Reader out of Date! Mozilla Firefox (36.0.4) Google Chrome (41.0.2272.101) Google Chrome (41.0.2272.89) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Horst (administrator) on CONTROL on 01-04-2015 22:57:10 Running from C:\Users\Horst\Desktop Loaded Profiles: Horst (Available profiles: Horst & Gast) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Akamai Technologies, Inc.) C:\Users\Horst\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Horst\AppData\Local\Akamai\netsession_win.exe () C:\Windows\System32\PnkBstrB.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-23] (Synaptics Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Horst\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-143702537-521537602-2995010692-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe [960688 2015-02-09] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-143702537-521537602-2995010692-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-143702537-521537602-2995010692-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-143702537-521537602-2995010692-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> DefaultScope {BBAC3AB6-0FC6-4DDE-9CDC-8DC5C74EBB06} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-143702537-521537602-2995010692-1001 -> {BBAC3AB6-0FC6-4DDE-9CDC-8DC5C74EBB06} URL = https://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] () FF Plugin: @esn/npbattlelog,version=2.4.0 -> C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-143702537-521537602-2995010692-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Horst\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Extension: Avira Browser Safety - C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\qlhpixjd.default\Extensions\abs@avira.com [2015-03-31] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1419775398&from=amt&uid=WDCXWD2500BEVS-08VAT2_WD-WX70A59U5187U5187" CHR DefaultSearchKeyword: Default -> google.com_ CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Battlefield Heroes) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-07-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (The Walking Dead) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mldegbgicinanjcfknlopehddepkpial [2014-07-20] CHR Extension: (Google Wallet) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Steel Clash) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\odlndclfdjfdbdgkjghpmkahffaghldh [2014-07-20] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [282104 2014-07-11] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-02-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-02-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-02-04] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-02-04] (Avira Operations GmbH & Co. KG) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-02-04] (Avira GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Horst\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-01 22:55 - 2015-04-01 22:55 - 00001134 _____ () C:\Users\Horst\Desktop\checkup.txt 2015-04-01 22:51 - 2015-04-01 22:51 - 00852607 _____ () C:\Users\Horst\Desktop\SecurityCheck.exe 2015-04-01 20:05 - 2015-04-01 20:05 - 02347384 _____ (ESET) C:\Users\Horst\Desktop\esetsmartinstaller_deu.exe 2015-03-31 22:13 - 2015-03-31 22:13 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\ttzakiju 2015-03-27 17:46 - 2015-03-27 17:46 - 01877056 _____ () C:\Users\Horst\Downloads\wrar521d.exe 2015-03-27 17:46 - 2015-03-27 17:46 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\WinRAR 2015-03-27 17:46 - 2015-03-27 17:46 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-03-27 17:46 - 2015-03-27 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-03-27 17:46 - 2015-03-27 17:46 - 00000000 ____D () C:\Program Files\WinRAR 2015-03-27 17:41 - 2015-03-27 17:42 - 06899878 _____ () C:\Users\Horst\Downloads\VORSCHAU.rar 2015-03-27 17:30 - 2015-03-27 17:30 - 00015766 _____ () C:\Users\Horst\Desktop\Addition.txt 2015-03-27 17:29 - 2015-04-01 22:57 - 00011678 _____ () C:\Users\Horst\Desktop\FRST.txt 2015-03-27 17:25 - 2015-03-27 17:25 - 00000999 _____ () C:\Users\Horst\Desktop\JRT.txt 2015-03-27 17:18 - 2015-03-27 17:18 - 00005105 _____ () C:\Users\Horst\Desktop\AdwCleaner[S0].txt 2015-03-27 17:12 - 2015-03-27 17:16 - 00000000 ____D () C:\AdwCleaner 2015-03-27 10:56 - 2015-03-27 10:56 - 00166643 _____ () C:\MBAM.txt 2015-03-27 10:20 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-03-27 10:20 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-03-27 10:20 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-03-27 10:20 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-03-27 10:20 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-03-27 10:20 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-03-27 10:20 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-03-27 10:20 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-03-27 10:20 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-03-27 10:20 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-03-27 10:20 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-03-27 10:16 - 2015-03-27 10:16 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-27 10:16 - 2015-03-27 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-27 10:15 - 2015-03-27 10:15 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-03-27 10:15 - 2015-03-17 07:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-27 10:15 - 2015-03-17 07:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-27 10:09 - 2015-03-27 10:09 - 01388782 _____ (Thisisu) C:\Users\Horst\Desktop\JRT.exe 2015-03-27 10:08 - 2015-03-27 10:08 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Horst\Desktop\mbam-setup-2.1.4.1018.exe 2015-03-27 10:08 - 2015-03-27 10:08 - 02168320 _____ () C:\Users\Horst\Desktop\AdwCleaner_4.113.exe 2015-03-26 10:44 - 2015-03-26 10:44 - 00012474 _____ () C:\ComboFix.txt 2015-03-26 10:30 - 2015-03-26 10:44 - 00000000 ____D () C:\Qoobox 2015-03-26 10:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-26 10:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-26 10:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-26 10:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-26 10:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-26 10:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-26 10:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-26 10:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-26 10:29 - 2015-03-26 10:43 - 00000000 ____D () C:\Windows\erdnt 2015-03-26 10:27 - 2015-03-26 10:27 - 05615749 ____R (Swearware) C:\Users\Horst\Desktop\ComboFix.exe 2015-03-25 15:19 - 2015-03-11 05:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 15:19 - 2015-03-11 05:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 15:19 - 2015-03-11 05:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 15:19 - 2015-03-11 05:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 15:19 - 2015-03-11 05:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 15:19 - 2015-03-11 05:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-03-25 15:19 - 2015-03-11 05:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 15:19 - 2015-03-11 05:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-25 13:34 - 2015-03-27 10:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-25 13:33 - 2015-04-01 22:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-25 13:33 - 2015-03-27 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-25 13:30 - 2015-03-17 07:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-25 13:29 - 2015-03-25 13:29 - 01182149 _____ () C:\Users\Horst\Downloads\7z936.exe 2015-03-25 13:29 - 2015-03-25 13:29 - 00000000 ____D () C:\Users\Horst\Desktop\mbar-1.09.1.1004 2015-03-25 13:29 - 2015-03-25 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-03-25 13:29 - 2015-03-25 13:29 - 00000000 ____D () C:\Program Files\7-Zip 2015-03-25 13:22 - 2015-03-25 13:22 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Horst\Desktop\tdsskiller.exe 2015-03-25 13:20 - 2015-03-25 13:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Horst\Desktop\mbar-1.09.1.1004.exe 2015-03-25 13:16 - 2015-03-25 13:16 - 00001222 _____ () C:\Users\Horst\Desktop\Revo Uninstaller.lnk 2015-03-25 13:16 - 2015-03-25 13:16 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-25 13:15 - 2015-03-25 13:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Horst\Downloads\revosetup95.exe 2015-03-25 12:44 - 2015-03-25 12:44 - 00001722 _____ () C:\Users\Horst\Downloads\GMER.txt 2015-03-25 12:28 - 2015-03-25 12:28 - 00104960 _____ (GMER) C:\kxldqpow.sys 2015-03-25 12:20 - 2015-03-25 12:21 - 00032470 _____ () C:\Users\Horst\Downloads\Addition.txt 2015-03-25 12:19 - 2015-04-01 22:57 - 00000000 ____D () C:\FRST 2015-03-25 12:19 - 2015-03-25 12:21 - 00035870 _____ () C:\Users\Horst\Downloads\FRST.txt 2015-03-25 12:16 - 2015-03-25 12:16 - 00380416 _____ () C:\Users\Horst\Downloads\Gmer-19357.exe 2015-03-24 22:47 - 2015-03-24 22:47 - 00050994 _____ () C:\Users\Horst\AVSCAN-20150324-173027-9281AE55.LOG 2015-03-24 18:28 - 2015-03-24 18:28 - 01135104 _____ (Farbar) C:\Users\Horst\Desktop\FRST.exe 2015-03-24 18:27 - 2015-03-24 18:27 - 00000472 _____ () C:\Users\Horst\Downloads\defogger_disable.log 2015-03-24 18:27 - 2015-03-24 18:27 - 00000000 _____ () C:\Users\Horst\defogger_reenable 2015-03-24 18:25 - 2015-03-24 18:25 - 00050477 _____ () C:\Users\Horst\Downloads\Defogger.exe 2015-03-24 18:09 - 2015-03-27 17:17 - 00481768 _____ () C:\Windows\PFRO.log 2015-03-24 18:06 - 2015-03-24 18:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-24 17:40 - 2015-03-24 17:40 - 00000000 ____D () C:\OETemp 2015-03-24 17:31 - 2015-03-24 17:31 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\uwmtrncm 2015-03-22 20:13 - 2015-03-22 20:13 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\ljrtmhgs 2015-03-21 21:07 - 2015-03-21 21:07 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\jlwgqiga 2015-03-20 17:51 - 2015-03-20 17:51 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dkznjdkn 2015-03-19 21:26 - 2015-03-19 21:26 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\xxxcowcb 2015-03-17 18:08 - 2015-03-17 18:08 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\anapqudk 2015-03-17 14:47 - 2015-03-17 14:47 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\olpkvwvv 2015-03-16 18:06 - 2015-03-16 18:06 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\jsvsfryq 2015-03-16 17:43 - 2015-03-16 17:43 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\qawldwoc 2015-03-15 21:26 - 2015-04-01 20:04 - 00003819 _____ () C:\Windows\setupact.log 2015-03-15 21:26 - 2015-03-15 21:26 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-15 20:45 - 2015-03-15 20:45 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\fitkpcsr 2015-03-13 21:28 - 2015-03-13 21:28 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\envwamoi 2015-03-11 09:43 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 09:43 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 09:43 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 09:43 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 09:43 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 09:43 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 09:43 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 09:43 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 09:43 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 09:43 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 09:43 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 09:43 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 09:43 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 09:43 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 09:43 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 09:43 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 09:43 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 09:43 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 09:43 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 09:43 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 09:43 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 09:43 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 09:43 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 09:43 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 09:43 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 09:43 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 09:43 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 09:43 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 09:43 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 09:43 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 09:43 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 09:43 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 09:43 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 09:43 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 09:41 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 09:41 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 09:41 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 09:41 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 09:41 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 09:41 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 09:41 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 09:41 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 09:41 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 09:41 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 09:41 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 09:41 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 09:41 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 09:41 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 09:41 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 09:41 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 09:41 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 09:41 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 09:41 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 09:41 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 09:41 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 09:41 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 09:41 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 09:41 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 09:41 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 09:40 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-11 09:40 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 09:40 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 09:40 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 09:40 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 09:40 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 09:40 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 09:40 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 09:40 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 09:40 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 09:40 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 09:40 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 09:40 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 09:40 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 09:40 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 09:40 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 09:40 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 09:40 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 09:40 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 09:40 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 09:40 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 09:40 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 09:40 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 09:40 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 09:40 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-10 23:52 - 2015-03-10 23:52 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dpzojlri 2015-03-10 08:46 - 2015-03-10 08:46 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\bofgqbau 2015-03-07 16:29 - 2015-03-07 16:29 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dlqjfxpy ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-01 22:44 - 2011-08-25 13:43 - 01742770 _____ () C:\Windows\WindowsUpdate.log 2015-04-01 22:17 - 2013-05-15 10:49 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-01 22:04 - 2012-07-17 01:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-01 21:04 - 2013-12-04 18:59 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001UA.job 2015-04-01 20:08 - 2011-08-25 13:53 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-01 20:04 - 2013-05-15 10:49 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-01 19:59 - 2013-12-04 18:59 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-143702537-521537602-2995010692-1001Core.job 2015-04-01 10:50 - 2009-07-14 06:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-01 10:50 - 2009-07-14 06:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-01 10:40 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-29 18:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-03-29 18:12 - 2013-02-24 21:00 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\Skype 2015-03-27 21:54 - 2014-01-17 19:17 - 04629928 _____ () C:\Users\Horst\Downloads\TechnicLauncher (1).exe 2015-03-27 21:53 - 2014-01-14 14:59 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\.technic 2015-03-27 17:43 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-03-27 17:15 - 2011-08-25 13:47 - 00000000 ____D () C:\Users\Horst 2015-03-27 11:04 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\de-DE 2015-03-27 11:01 - 2012-12-10 03:15 - 00000000 ____D () C:\Users\Horst\AppData\Local\CRE 2015-03-26 10:44 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2015-03-26 10:44 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2015-03-26 10:43 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2015-03-26 10:23 - 2014-12-12 17:01 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-26 10:23 - 2014-05-07 16:09 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-25 11:02 - 2013-05-09 11:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-24 21:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2015-03-24 17:55 - 2015-01-20 20:10 - 00000000 ____D () C:\$Windows.~BT 2015-03-24 17:46 - 2014-10-26 21:09 - 00000000 ____D () C:\Program Files\WarThunder 2015-03-24 17:45 - 2014-07-14 14:57 - 00000000 ____D () C:\Users\Horst\Steam 2015-03-24 17:45 - 2014-03-15 14:58 - 00000000 ____D () C:\Users\Horst\AppData\Local\Unity 2015-03-24 17:40 - 2015-02-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-24 17:40 - 2015-02-14 21:00 - 00000000 ____D () C:\ProgramData\Avira 2015-03-24 17:40 - 2015-02-14 21:00 - 00000000 ____D () C:\Program Files\Avira 2015-03-24 17:40 - 2014-08-06 11:51 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-24 17:39 - 2014-06-10 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-03-24 17:39 - 2014-05-30 08:38 - 00000000 ____D () C:\Program Files\Origin 2015-03-24 17:38 - 2014-05-30 08:38 - 00000000 ____D () C:\ProgramData\Origin 2015-03-24 17:37 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-24 17:34 - 2011-08-25 14:39 - 00000000 ____D () C:\Windows\Panther 2015-03-23 16:46 - 2015-02-15 19:40 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\Avira 2015-03-21 20:36 - 2013-05-15 10:50 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-12 09:24 - 2009-07-14 06:33 - 00280264 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 09:15 - 2013-08-15 14:28 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 09:05 - 2011-08-25 14:08 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-10 17:09 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2014-06-10 19:45 - 2014-07-11 12:22 - 0138056 _____ () C:\Users\Horst\AppData\Roaming\PnkBstrK.sys 2013-07-29 18:59 - 2014-10-23 13:24 - 0000089 _____ () C:\Users\Horst\AppData\Roaming\WB.CFG 2013-07-31 14:19 - 2014-01-03 06:40 - 0000005 _____ () C:\Users\Horst\AppData\Roaming\WBPU-Q5-TTL.DAT 2013-07-29 18:59 - 2014-01-31 03:41 - 0000005 _____ () C:\Users\Horst\AppData\Roaming\WBPU-TTL.DAT Files to move or delete: ==================== C:\Users\Horst\jagex_cl_runescape_LIVE.dat C:\Users\Horst\libeay32.dll C:\Users\Horst\msvcp110.dll C:\Users\Horst\msvcr110.dll C:\Users\Horst\Qt5Core.dll C:\Users\Horst\Qt5Gui.dll C:\Users\Horst\Qt5Network.dll C:\Users\Horst\Qt5Sql.dll C:\Users\Horst\Qt5Widgets.dll C:\Users\Horst\ssleay32.dll Some content of TEMP: ==================== C:\Users\Horst\AppData\Local\temp\avgnt.exe C:\Users\Horst\AppData\Local\temp\Quarantine.exe C:\Users\Horst\AppData\Local\temp\SkypeSetup.exe C:\Users\Horst\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 11:24 ==================== End Of Log ============================ |
|
02.04.2015, 10:16
| #14 |
| /// the machine /// TB-Ausbilder | Geräusche und Werbung laufen im Hintergrund. Java, Flash und Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir
C:\Users\Gast\AppData\LocalLow\Winload
C:\Users\Horst\AppData\Roaming\anapqudk
C:\Users\Horst\AppData\Roaming\bmmbuabo
C:\Users\Horst\AppData\Roaming\bofgqbau
C:\Users\Horst\AppData\Roaming\cveopnbf
C:\Users\Horst\AppData\Roaming\dkznjdkn
C:\Users\Horst\AppData\Roaming\dlqjfxpy
C:\Users\Horst\AppData\Roaming\dpzojlri
C:\Users\Horst\AppData\Roaming\envwamoi
C:\Users\Horst\AppData\Roaming\fyggtkvz
C:\Users\Horst\AppData\Roaming\jlwgqiga
C:\Users\Horst\AppData\Roaming\jnwqrctf
C:\Users\Horst\AppData\Roaming\jsvsfryq
C:\Users\Horst\AppData\Roaming\lhwjgmds
C:\Users\Horst\AppData\Roaming\ljrtmhgs
C:\Users\Horst\AppData\Roaming\nlvsjqyi
C:\Users\Horst\AppData\Roaming\nsfrsank
C:\Users\Horst\AppData\Roaming\olpkvwvv
C:\Users\Horst\AppData\Roaming\qawldwoc
C:\Users\Horst\AppData\Roaming\ttzakiju
C:\Users\Horst\AppData\Roaming\uwmtrncm
C:\Users\Horst\AppData\Roaming\wsvgnmpi
C:\Users\Horst\AppData\Roaming\wwqhiwsw
C:\Users\Horst\AppData\Roaming\xxxcowcb
C:\Users\Horst\AppData\Roaming\yntknacf
C:\Users\Horst\Downloads\Misa's-Realistic-HD-Texture-Pack-lnstall.exe
C:\Users\Horst\Downloads\Setup.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.04.2015, 14:12
| #15 |
| | Geräusche und Werbung laufen im Hintergrund. Hallo Schrauber, sorry das es länger gedauert hat aber die Ostertage waren sehr beschäftigt. Hier das fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Horst at 2015-04-07 15:02:57 Run:1
Running from C:\Users\Horst\Desktop
Loaded Profiles: Horst (Available profiles: Horst & Gast)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir
C:\Users\Gast\AppData\LocalLow\Winload
C:\Users\Horst\AppData\Roaming\anapqudk
C:\Users\Horst\AppData\Roaming\bmmbuabo
C:\Users\Horst\AppData\Roaming\bofgqbau
C:\Users\Horst\AppData\Roaming\cveopnbf
C:\Users\Horst\AppData\Roaming\dkznjdkn
C:\Users\Horst\AppData\Roaming\dlqjfxpy
C:\Users\Horst\AppData\Roaming\dpzojlri
C:\Users\Horst\AppData\Roaming\envwamoi
C:\Users\Horst\AppData\Roaming\fyggtkvz
C:\Users\Horst\AppData\Roaming\jlwgqiga
C:\Users\Horst\AppData\Roaming\jnwqrctf
C:\Users\Horst\AppData\Roaming\jsvsfryq
C:\Users\Horst\AppData\Roaming\lhwjgmds
C:\Users\Horst\AppData\Roaming\ljrtmhgs
C:\Users\Horst\AppData\Roaming\nlvsjqyi
C:\Users\Horst\AppData\Roaming\nsfrsank
C:\Users\Horst\AppData\Roaming\olpkvwvv
C:\Users\Horst\AppData\Roaming\qawldwoc
C:\Users\Horst\AppData\Roaming\ttzakiju
C:\Users\Horst\AppData\Roaming\uwmtrncm
C:\Users\Horst\AppData\Roaming\wsvgnmpi
C:\Users\Horst\AppData\Roaming\wwqhiwsw
C:\Users\Horst\AppData\Roaming\xxxcowcb
C:\Users\Horst\AppData\Roaming\yntknacf
C:\Users\Horst\Downloads\Misa's-Realistic-HD-Texture-Pack-lnstall.exe
C:\Users\Horst\Downloads\Setup.exe
Emptytemp:
*****************
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir => Moved successfully.
C:\Users\Gast\AppData\LocalLow\Winload => Moved successfully.
C:\Users\Horst\AppData\Roaming\anapqudk => Moved successfully.
C:\Users\Horst\AppData\Roaming\bmmbuabo => Moved successfully.
C:\Users\Horst\AppData\Roaming\bofgqbau => Moved successfully.
C:\Users\Horst\AppData\Roaming\cveopnbf => Moved successfully.
C:\Users\Horst\AppData\Roaming\dkznjdkn => Moved successfully.
C:\Users\Horst\AppData\Roaming\dlqjfxpy => Moved successfully.
C:\Users\Horst\AppData\Roaming\dpzojlri => Moved successfully.
C:\Users\Horst\AppData\Roaming\envwamoi => Moved successfully.
C:\Users\Horst\AppData\Roaming\fyggtkvz => Moved successfully.
C:\Users\Horst\AppData\Roaming\jlwgqiga => Moved successfully.
C:\Users\Horst\AppData\Roaming\jnwqrctf => Moved successfully.
C:\Users\Horst\AppData\Roaming\jsvsfryq => Moved successfully.
C:\Users\Horst\AppData\Roaming\lhwjgmds => Moved successfully.
C:\Users\Horst\AppData\Roaming\ljrtmhgs => Moved successfully.
C:\Users\Horst\AppData\Roaming\nlvsjqyi => Moved successfully.
C:\Users\Horst\AppData\Roaming\nsfrsank => Moved successfully.
C:\Users\Horst\AppData\Roaming\olpkvwvv => Moved successfully.
C:\Users\Horst\AppData\Roaming\qawldwoc => Moved successfully.
C:\Users\Horst\AppData\Roaming\ttzakiju => Moved successfully.
C:\Users\Horst\AppData\Roaming\uwmtrncm => Moved successfully.
C:\Users\Horst\AppData\Roaming\wsvgnmpi => Moved successfully.
C:\Users\Horst\AppData\Roaming\wwqhiwsw => Moved successfully.
C:\Users\Horst\AppData\Roaming\xxxcowcb => Moved successfully.
C:\Users\Horst\AppData\Roaming\yntknacf => Moved successfully.
"C:\Users\Horst\Downloads\Misa's-Realistic-HD-Texture-Pack-lnstall.exe" => File/Directory not found.
C:\Users\Horst\Downloads\Setup.exe => Moved successfully.
EmptyTemp: => Removed 1.1 GB temporary data.
The system needed a reboot.
==== End of Fixlog 15:05:41 ====
|
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
