Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ständige Werbepopups - Vermutlich Trojaner eingefangen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.07.2014, 00:14   #1
Kagami-Kun
 
Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



Also wie soll ich anfangen..
Spielt sich eigentlich nur in Firefox ab. Sei ungefähr 3 Wochen öffnen sich bei jedem zweiten Klick Werbeseiten. Andere Seiten wie zb. Youtube sind voll mit Werbung. Der Pc laggt etwas, die Seiten laden langsamer als zuvor, ich hab mein Antivirussystem einige male checken lassen, der aber zeigt nichts an. Andere Scans hab ich bisher noch nicht gemacht. Ich kenn mich auch nicht sonderlich gut damit aus, also müsste man bei mir wirklich von 0 alles erklären. Wäre super wenn mir jemand helfen könnte. Vielen Dank jetzt schonmal.

Alt 08.07.2014, 05:57   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.07.2014, 17:48   #3
Kagami-Kun
 
Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



Also, als erstes, tut mir leid für die späte Antwort. Seit der Pc spinnt, schalt ich ihn kaum ein.
Ich bin mir nicht sicher ob ich es richtig gemacht habe, aber ich hoffe es. ;_;




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Tammy (administrator) on ADMIN on 10-07-2014 15:16:01
Running from C:\Users\Tammy\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MSN Toolbar] => C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe [240992 2009-11-16] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1567794981-3600654592-3206697278-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1567794981-3600654592-3206697278-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jq&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jq&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jt&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jq&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325386&octid=EB_ORIGINAL_CTID&ISID=ME054AAE0-7720-4DC6-A3CC-B65F1FDE58AE&SearchSource=58&CUI=&UM=5&UP=&q={searchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.16.112.21 217.16.112.22

FireFox:
========
FF ProfilePath: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default
FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
FF SearchEngineOrder.3: Bing 
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-9.6 - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\Extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com [2014-06-28]
FF Extension: Fast Start - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\Extensions\faststartff@gmail.com [2014-07-06]
FF Extension: No Name - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\Extensions\staged [2014-07-10]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-03]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2014-07-03]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-07-03]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com
FF Extension: Fast Start - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com [2014-07-06]

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (Kaspersky Protection) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-21]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]
CHR Extension: (Freemake Video Downloader) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-06-07]
CHR Extension: (Google-Suche) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-15]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-06-07]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-15]
CHR Extension: (Virtual Keyboard) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
CHR Extension: (Google Mail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
CHR Extension: (Extutil) - C:\Users\Tammy\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-06-06]
CHR Extension: (Managera) - C:\Users\Tammy\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-06-07]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2014-06-07]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://istart.webssearches.com/?type=sc&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-22] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-04] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-04] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-15] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-15] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-15] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 15:16 - 2014-07-10 15:16 - 00034338 _____ () C:\Users\Tammy\Downloads\FRST.txt
2014-07-08 17:06 - 2014-07-08 17:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer
2014-07-08 15:07 - 2014-07-08 15:07 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-08 15:05 - 2014-07-08 15:05 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0 (1).exe
2014-07-08 15:03 - 2014-07-08 15:03 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0.exe
2014-07-08 14:38 - 2014-07-08 14:38 - 00010027 _____ () C:\Users\Tammy\Desktop\bookmarks-2014-07-08.json
2014-07-08 14:31 - 2014-07-08 14:31 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\TeamViewer
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 14:30 - 2014-07-08 14:30 - 06263496 _____ (TeamViewer GmbH) C:\Users\Tammy\Downloads\TeamViewer_Setup_de-ckc(1).exe
2014-07-08 14:25 - 2014-07-10 15:16 - 00000000 ____D () C:\FRST
2014-07-08 14:23 - 2014-07-08 14:23 - 02084352 _____ (Farbar) C:\Users\Tammy\Downloads\FRST64.exe
2014-07-05 10:50 - 2014-07-05 10:50 - 00286324 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-07-04 16:27 - 2014-07-04 16:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\IrfanView
2014-07-04 16:14 - 2014-07-04 16:14 - 00289428 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-07-04 16:14 - 2014-07-04 16:14 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-04 15:28 - 2014-07-08 14:43 - 00000000 ____D () C:\Program Files (x86)\The weDownload Manager
2014-07-04 15:28 - 2014-07-04 15:30 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
2014-07-04 15:28 - 2014-07-04 15:30 - 00000000 ____D () C:\Users\Tammy\AppData\Local\PriceMeter
2014-07-04 15:28 - 2014-07-04 15:28 - 06252036 _____ () C:\Users\Tammy\Downloads\paint.net.4.0.install.zip
2014-07-04 15:28 - 2014-07-04 15:28 - 00003286 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-07-04 15:27 - 2014-07-04 15:27 - 00558912 _____ () C:\Users\Tammy\Downloads\paint net setup.exe
2014-07-04 15:24 - 2014-07-07 19:53 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\IrfanView
2014-07-04 15:24 - 2014-07-07 19:53 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-04 15:23 - 2014-07-04 15:23 - 02197648 _____ (Irfan Skiljan) C:\Users\Tammy\Downloads\iview438g_setup.exe
2014-07-03 18:10 - 2014-07-03 18:10 - 00000000 ____D () C:\ProgramData\WEBREG
2014-07-03 18:09 - 2014-07-03 18:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\HP
2014-07-03 18:06 - 2014-07-03 18:06 - 00001380 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Program Files (x86)\MSN Toolbar
2014-07-03 18:04 - 2014-07-03 18:04 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2014-07-03 18:04 - 2014-07-03 18:04 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-07-03 18:03 - 2014-07-03 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-03 18:02 - 2010-01-20 20:03 - 01412224 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpost_p04h.dll
2014-07-03 18:02 - 2010-01-20 20:03 - 01179776 _____ (Hewlett-Packard) C:\Windows\system32\hposwia_p04h.dll
2014-07-03 18:02 - 2010-01-20 20:03 - 00525440 _____ (Hewlett-Packard Co.) C:\Windows\system32\hposc_p04a.dll
2014-07-03 18:01 - 2010-01-20 20:03 - 00643200 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2014-07-03 18:01 - 2010-01-06 14:33 - 00138752 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l101.dll
2014-07-03 18:00 - 2014-07-03 18:06 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-03 17:59 - 2014-07-03 18:10 - 00192758 _____ () C:\Windows\hpoins51.dat
2014-07-03 17:59 - 2014-07-03 18:10 - 00000782 _____ () C:\ProgramData\hpzinstall.log
2014-07-03 17:58 - 2014-07-03 18:09 - 00000000 ____D () C:\ProgramData\HP
2014-07-03 16:52 - 2014-07-03 16:52 - 00094365 _____ () C:\Users\User\Documents\lkghöfg.xps
2014-07-03 16:50 - 2014-07-03 16:50 - 00672392 _____ () C:\Users\User\Documents\sfokjsd.xps
2014-07-03 16:47 - 2014-07-03 16:47 - 00094365 _____ () C:\Users\User\Documents\mario.xps
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-29 20:18 - 2014-06-29 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Games
2014-06-29 15:43 - 2014-06-30 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-06-29 15:43 - 2014-06-29 15:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2014
2014-06-28 15:12 - 2014-06-28 15:12 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\AVG2014
2014-06-28 15:11 - 2014-07-01 18:10 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-28 15:11 - 2014-07-01 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-28 15:11 - 2014-06-28 15:31 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ___HD () C:\$AVG
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-06-28 15:04 - 2014-07-10 15:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-28 15:04 - 2014-06-28 15:14 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Avg2014
2014-06-28 15:04 - 2014-06-28 15:04 - 00000000 ____D () C:\Users\Tammy\AppData\Local\MFAData
2014-06-28 15:01 - 2014-06-28 15:02 - 155080296 _____ (AVG Technologies) C:\Users\Tammy\Downloads\avg_free_x86_all_2014_4714a7694.exe
2014-06-28 15:00 - 2014-07-04 15:30 - 00002320 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-28 14:57 - 2014-07-04 15:32 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-06-28 14:57 - 2014-06-28 14:57 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\dlg
2014-06-28 14:56 - 2014-06-28 15:08 - 00000000 ____D () C:\Program Files (x86)\WinSecurity
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-06-20 20:22 - 2014-06-28 15:55 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Winamp
2014-06-20 15:41 - 2014-06-28 17:05 - 00000000 ____D () C:\Users\Tammy\Desktop\2c Spaken
2014-06-19 19:24 - 2014-07-08 14:43 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-19 19:24 - 2014-06-19 19:24 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-06-19 19:24 - 2014-06-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-06-19 19:23 - 2014-06-19 19:24 - 02143832 _____ () C:\Users\Tammy\Downloads\instsf449.exe
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Program Files\CPUID
2014-06-19 19:15 - 2014-06-19 19:15 - 01141408 _____ ( ) C:\Users\Tammy\Downloads\hwmonitor_1.25-setup.exe
2014-06-19 19:09 - 2014-06-13 20:51 - 00000030 _____ () C:\AVScanner.ini
2014-06-19 13:31 - 2014-07-08 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-06-15 22:30 - 2014-06-15 22:31 - 00000000 ____D () C:\Users\User\Desktop\mama
2014-06-13 20:54 - 2014-06-13 20:54 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-06-13 20:51 - 2014-06-19 19:09 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-06-13 20:51 - 2014-06-13 20:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-12 16:51 - 2014-06-12 16:51 - 01058200 _____ (Adobe) C:\Users\Tammy\Downloads\install_flashplayer14x32au_mssa_aaa_aih.exe
2014-06-11 18:53 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 18:53 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 18:53 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 18:53 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 18:53 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 18:53 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 18:53 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 18:53 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 18:53 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 18:53 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 18:53 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 18:53 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 18:53 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 18:53 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 18:53 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 18:53 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 18:53 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 18:53 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 18:53 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:53 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 18:53 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 18:53 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 18:53 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 18:53 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 18:53 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 18:53 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 18:53 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 18:53 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 18:53 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 18:53 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 18:53 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 18:53 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 18:53 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 18:53 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 18:53 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 18:53 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 18:53 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 18:53 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 18:53 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 18:53 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 18:53 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 18:53 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 18:53 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 18:53 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 18:53 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 18:53 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 18:53 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 18:53 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 18:53 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 18:53 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 18:53 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 18:53 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 18:53 - 2014-05-08 11:32 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 18:53 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 18:53 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 18:53 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 18:53 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 18:53 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 18:53 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 18:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 18:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 18:53 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 18:53 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 18:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 18:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 16:50 - 2014-06-10 16:50 - 02175409 _____ () C:\Users\Tammy\Downloads\Tschad PP.pptx

==================== One Month Modified Files and Folders =======

2014-07-10 15:16 - 2014-07-10 15:16 - 00034338 _____ () C:\Users\Tammy\Downloads\FRST.txt
2014-07-10 15:16 - 2014-07-08 14:25 - 00000000 ____D () C:\FRST
2014-07-10 15:16 - 2014-03-15 18:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-10 15:14 - 2014-03-15 16:29 - 01188744 _____ () C:\Windows\WindowsUpdate.log
2014-07-10 15:12 - 2014-03-15 19:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-10 15:06 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-10 15:06 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-10 15:06 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 15:02 - 2014-03-16 18:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Skype
2014-07-10 15:01 - 2014-06-28 15:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-10 15:00 - 2014-06-09 13:20 - 00002774 _____ () C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-3.job
2014-07-10 15:00 - 2014-06-09 13:20 - 00002194 _____ () C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-4.job
2014-07-10 15:00 - 2014-06-09 13:20 - 00001408 _____ () C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-5.job
2014-07-10 15:00 - 2014-06-09 13:20 - 00001404 _____ () C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-6.job
2014-07-10 15:00 - 2014-06-09 13:20 - 00001402 _____ () C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-1.job
2014-07-10 15:00 - 2014-06-09 13:20 - 00001336 _____ () C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-7.job
2014-07-10 15:00 - 2014-06-09 13:20 - 00001328 _____ () C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-2.job
2014-07-10 15:00 - 2014-06-09 13:20 - 00000928 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-10 15:00 - 2014-03-15 17:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 15:00 - 2014-03-15 16:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-10 15:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 15:00 - 2009-07-14 06:51 - 00088768 _____ () C:\Windows\setupact.log
2014-07-10 14:59 - 2014-03-15 17:42 - 00226360 _____ () C:\Windows\PFRO.log
2014-07-09 19:48 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 19:48 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 18:58 - 2014-03-15 17:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 17:12 - 2014-03-15 19:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 17:12 - 2014-03-15 19:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 17:12 - 2014-03-15 19:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 17:09 - 2014-03-15 22:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 16:59 - 2014-06-09 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-08 17:07 - 2014-03-15 19:15 - 00111832 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 17:06 - 2014-07-08 17:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer
2014-07-08 17:04 - 2009-07-14 06:45 - 00436408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 15:33 - 2014-06-09 13:20 - 00000932 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-08 15:07 - 2014-07-08 15:07 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-08 15:07 - 2014-06-19 13:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-08 15:05 - 2014-07-08 15:05 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0 (1).exe
2014-07-08 15:03 - 2014-07-08 15:03 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0.exe
2014-07-08 14:58 - 2014-03-15 17:11 - 00000000 ____D () C:\Users\Tammy\Desktop\Desktop Bider -.-
2014-07-08 14:43 - 2014-07-04 15:28 - 00000000 ____D () C:\Program Files (x86)\The weDownload Manager
2014-07-08 14:43 - 2014-06-19 19:24 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-07-08 14:41 - 2014-03-15 20:22 - 00111832 _____ () C:\Users\Tammy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 14:38 - 2014-07-08 14:38 - 00010027 _____ () C:\Users\Tammy\Desktop\bookmarks-2014-07-08.json
2014-07-08 14:31 - 2014-07-08 14:31 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\TeamViewer
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 14:30 - 2014-07-08 14:30 - 06263496 _____ (TeamViewer GmbH) C:\Users\Tammy\Downloads\TeamViewer_Setup_de-ckc(1).exe
2014-07-08 14:23 - 2014-07-08 14:23 - 02084352 _____ (Farbar) C:\Users\Tammy\Downloads\FRST64.exe
2014-07-07 21:47 - 2014-03-15 17:25 - 00000000 ___RD () C:\Users\Tammy\Desktop\tumblr
2014-07-07 21:43 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-07 21:04 - 2014-06-09 13:25 - 00090112 ____H () C:\Users\Tammy\Desktop\photothumb.db
2014-07-07 21:00 - 2014-03-15 17:15 - 00000000 ___RD () C:\Users\Tammy\Desktop\Tammy
2014-07-07 19:53 - 2014-07-04 15:24 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\IrfanView
2014-07-07 19:53 - 2014-07-04 15:24 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-05 10:50 - 2014-07-05 10:50 - 00286324 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-07-05 08:01 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-04 16:27 - 2014-07-04 16:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\IrfanView
2014-07-04 16:14 - 2014-07-04 16:14 - 00289428 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-07-04 16:14 - 2014-07-04 16:14 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-04 15:32 - 2014-06-28 14:57 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-07-04 15:30 - 2014-07-04 15:28 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
2014-07-04 15:30 - 2014-07-04 15:28 - 00000000 ____D () C:\Users\Tammy\AppData\Local\PriceMeter
2014-07-04 15:30 - 2014-06-28 15:00 - 00002320 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-04 15:30 - 2014-03-15 20:18 - 00001655 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-04 15:30 - 2014-03-15 17:14 - 00002393 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-04 15:28 - 2014-07-04 15:28 - 06252036 _____ () C:\Users\Tammy\Downloads\paint.net.4.0.install.zip
2014-07-04 15:28 - 2014-07-04 15:28 - 00003286 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-07-04 15:28 - 2014-06-09 13:20 - 00003930 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-04 15:28 - 2014-06-09 13:20 - 00003676 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-04 15:27 - 2014-07-04 15:27 - 00558912 _____ () C:\Users\Tammy\Downloads\paint net setup.exe
2014-07-04 15:25 - 2014-03-15 17:12 - 00000000 ____D () C:\Users\Tammy\Desktop\Songs~
2014-07-04 15:23 - 2014-07-04 15:23 - 02197648 _____ (Irfan Skiljan) C:\Users\Tammy\Downloads\iview438g_setup.exe
2014-07-03 18:11 - 2014-07-03 18:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\HP
2014-07-03 18:10 - 2014-07-03 18:10 - 00000000 ____D () C:\ProgramData\WEBREG
2014-07-03 18:10 - 2014-07-03 17:59 - 00192758 _____ () C:\Windows\hpoins51.dat
2014-07-03 18:10 - 2014-07-03 17:59 - 00000782 _____ () C:\ProgramData\hpzinstall.log
2014-07-03 18:09 - 2014-07-03 17:58 - 00000000 ____D () C:\ProgramData\HP
2014-07-03 18:09 - 2009-07-14 04:34 - 00000438 _____ () C:\Windows\win.ini
2014-07-03 18:06 - 2014-07-03 18:06 - 00001380 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Program Files (x86)\MSN Toolbar
2014-07-03 18:06 - 2014-07-03 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-03 18:06 - 2014-07-03 18:00 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-03 18:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-03 18:04 - 2014-07-03 18:04 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2014-07-03 18:04 - 2014-07-03 18:04 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-07-03 16:52 - 2014-07-03 16:52 - 00094365 _____ () C:\Users\User\Documents\lkghöfg.xps
2014-07-03 16:50 - 2014-07-03 16:50 - 00672392 _____ () C:\Users\User\Documents\sfokjsd.xps
2014-07-03 16:47 - 2014-07-03 16:47 - 00094365 _____ () C:\Users\User\Documents\mario.xps
2014-07-02 19:36 - 2014-03-15 16:27 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-07-01 18:10 - 2014-06-28 15:11 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-01 18:10 - 2014-06-28 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-30 20:22 - 2014-06-29 15:43 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-06-29 20:18 - 2014-06-29 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Games
2014-06-29 15:43 - 2014-06-29 15:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2014
2014-06-28 17:05 - 2014-06-20 15:41 - 00000000 ____D () C:\Users\Tammy\Desktop\2c Spaken
2014-06-28 15:55 - 2014-06-20 20:22 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Winamp
2014-06-28 15:34 - 2014-06-09 13:20 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-9.6
2014-06-28 15:31 - 2014-06-28 15:11 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-28 15:14 - 2014-06-28 15:04 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Avg2014
2014-06-28 15:12 - 2014-06-28 15:12 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\AVG2014
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ___HD () C:\$AVG
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-06-28 15:11 - 2014-06-07 00:26 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\TuneUp Software
2014-06-28 15:08 - 2014-06-28 14:56 - 00000000 ____D () C:\Program Files (x86)\WinSecurity
2014-06-28 15:04 - 2014-06-28 15:04 - 00000000 ____D () C:\Users\Tammy\AppData\Local\MFAData
2014-06-28 15:02 - 2014-06-28 15:01 - 155080296 _____ (AVG Technologies) C:\Users\Tammy\Downloads\avg_free_x86_all_2014_4714a7694.exe
2014-06-28 14:57 - 2014-06-28 14:57 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\dlg
2014-06-27 20:24 - 2014-03-15 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-06-23 21:36 - 2014-03-15 17:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-06-22 16:53 - 2014-03-15 17:13 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 16:53 - 2014-03-15 17:13 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 09:17 - 2014-06-01 20:08 - 00000000 ____D () C:\Users\User\Desktop\muzika
2014-06-19 19:24 - 2014-06-19 19:24 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-06-19 19:24 - 2014-06-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-06-19 19:24 - 2014-06-19 19:23 - 02143832 _____ () C:\Users\Tammy\Downloads\instsf449.exe
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Program Files\CPUID
2014-06-19 19:15 - 2014-06-19 19:15 - 01141408 _____ ( ) C:\Users\Tammy\Downloads\hwmonitor_1.25-setup.exe
2014-06-19 19:09 - 2014-06-13 20:51 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-06-15 22:31 - 2014-06-15 22:30 - 00000000 ____D () C:\Users\User\Desktop\mama
2014-06-13 20:54 - 2014-06-13 20:54 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-06-13 20:51 - 2014-06-19 19:09 - 00000030 _____ () C:\AVScanner.ini
2014-06-13 20:51 - 2014-06-13 20:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-12 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 16:52 - 2014-03-15 17:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-12 16:51 - 2014-06-12 16:51 - 01058200 _____ (Adobe) C:\Users\Tammy\Downloads\install_flashplayer14x32au_mssa_aaa_aih.exe
2014-06-11 23:17 - 2014-04-30 20:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 23:16 - 2009-10-14 07:12 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-10 16:50 - 2014-06-10 16:50 - 02175409 _____ () C:\Users\Tammy\Downloads\Tschad PP.pptx
2014-06-10 09:48 - 2014-03-15 17:12 - 00000000 ____D () C:\Users\User\AppData\Local\Google

Some content of TEMP:
====================
C:\Users\Tammy\AppData\Local\Temp\1401198438_pcspeedup.exe
C:\Users\Tammy\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Tammy\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Tammy\AppData\Local\Temp\FreemakeVideoDownloader_3.7.0.1.exe
C:\Users\Tammy\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Tammy\AppData\Local\Temp\iv_uninstall.exe
C:\Users\Tammy\AppData\Local\Temp\nsyA400.exe
C:\Users\Tammy\AppData\Local\Temp\safeguard.exe
C:\Users\Tammy\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Tammy\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Tammy\AppData\Local\Temp\setup.exe
C:\Users\Tammy\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Tammy\AppData\Local\Temp\sfextra.dll
C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\User\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\User\AppData\Local\Temp\_is924.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 11:32

==================== End Of Log ============================
         
--- --- ---




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Tammy at 2014-07-10 15:16:38
Running from C:\Users\Tammy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
B010 (x32 Version: 140.0.344.000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Destinations (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
Free YouTube to MP3 Converter version 3.12.38.530 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
FreeCall (HKLM-x32\...\FreeCall_is1) (Version: 4.14 build 745 - Finarea S.A. Switzerland)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\{FBD50733-2ABE-3D23-88B4-7B0C0A0ADDA0}) (Version: 65.181.32922 - Google, Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{81830FEF-866C-4DC0-9435-B6287B1EDD8A}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.54.0 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 2.0.269.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSN Toolbar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0357.1 - Microsoft Corporation)
MSN Toolbar Platform (x32 Version: 4.0.0357.1 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plus-HD-9.6 (HKLM-x32\...\Plus-HD-9.6) (Version: 1.34.5.29 - Plus HD) <==== ATTENTION
PS_AIO_07_B010_SW_Min (x32 Version: 140.0.224.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

29-06-2014 17:00:17 Windows-Sicherung
04-07-2014 14:12:49 Windows Update
05-07-2014 08:50:09 Windows Update
07-07-2014 16:58:30 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E0BC0C2-F581-4B90-A6EF-4C96E4C0B01B} - System32\Tasks\pricemeterdownloader => C:\Users\Tammy\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION
Task: {1117314C-777A-48FF-AB3D-19575A2F2C7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {1EF72AEE-67BD-4D9A-BE2F-BAEAA17DCCC9} - System32\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-6 => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-novainstaller.exe <==== ATTENTION
Task: {20CAEEFC-5C14-4CAB-83E2-88F3F1ED22B7} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-04] (globalUpdate) <==== ATTENTION
Task: {315FFD49-7F26-4B0C-B49E-12427D33F806} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {3303522E-88D7-4DF1-AD59-65AB2C0111C4} - System32\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-2 => C:\Program Files (x86)\Plus-HD-9.6\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-2.exe <==== ATTENTION
Task: {385D7CF1-1765-4DDC-B24B-811758265DE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {5DA8BCAF-E0FA-4A26-A548-25B360277D3F} - System32\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-5 => C:\Program Files (x86)\Plus-HD-9.6\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-5.exe <==== ATTENTION
Task: {63620761-48FA-442A-9D65-13F8A97FE698} - System32\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-3 => C:\Program Files (x86)\Plus-HD-9.6\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-3.exe <==== ATTENTION
Task: {723237F0-A9FF-4975-ACD0-479DD4277F49} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {73FD3778-8EE5-464F-A6E2-8DB7BE9C4753} - System32\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-4 => C:\Program Files (x86)\Plus-HD-9.6\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-4.exe <==== ATTENTION
Task: {C269E1CC-C9F5-4DE7-A7F3-2034AF2B8D63} - System32\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-7 => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-nova.exe <==== ATTENTION
Task: {D41FCCAB-91F9-4537-A5AC-9DC327E7F196} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {EAACD646-B8C0-474B-9ED1-4695EFA85334} - System32\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-1 => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-codedownloader.exe <==== ATTENTION
Task: {FB52788A-045A-4484-AA49-63635902294B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-04] (globalUpdate) <==== ATTENTION
Task: {FE331C57-62D7-4976-B624-50A4F2975F43} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-1.job => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-2.job => C:\Program Files (x86)\Plus-HD-9.6\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-3.job => C:\Program Files (x86)\Plus-HD-9.6\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-4.job => C:\Program Files (x86)\Plus-HD-9.6\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-5.job => C:\Program Files (x86)\Plus-HD-9.6\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-6.job => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-novainstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-7.job => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-nova.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-15 16:44 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-15 22:27 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-15 17:03 - 2013-10-31 20:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2014-06-19 12:44 - 2014-06-19 12:44 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-03-15 16:35 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-08 15:07 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 17:12 - 2014-07-09 17:12 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2014 05:40:26 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (07/08/2014 01:33:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x5e4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/07/2014 07:02:15 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)"

Error: (07/06/2014 01:12:05 PM) (Source: NVNetworkService) (EventID: 0) (User: )
Description: NVNetworkServiceService failed to run w/err Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen. (1063)

Error: (07/04/2014 04:04:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x10e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/04/2014 03:30:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1e04
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/04/2014 03:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x12d4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/01/2014 06:10:45 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_esa.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.

Error: (07/01/2014 06:10:44 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_zta.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.

Error: (07/01/2014 06:10:42 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_zha.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.


System errors:
=============
Error: (07/08/2014 02:02:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AVP erreicht.

Error: (07/06/2014 01:12:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "NVIDIA Network Service" wurde mit folgendem Fehler beendet: 
%%-2147467243

Error: (07/01/2014 11:03:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/01/2014 11:03:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft Office-Klick-und-Los-Dienst erreicht.

Error: (07/01/2014 07:00:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024846.

Error: (07/01/2014 07:00:20 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942450.

Error: (06/25/2014 09:33:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/25/2014 09:33:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1352

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/25/2014 09:33:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/25/2014 09:33:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1352

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (07/09/2014 05:40:26 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2

Error: (07/08/2014 01:33:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b5e401cf9a037eb23f96C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll264ba304-062f-11e4-9ec2-50e549e641d2

Error: (07/07/2014 07:02:15 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)

Error: (07/06/2014 01:12:05 PM) (Source: NVNetworkService) (EventID: 0) (User: )
Description: NVNetworkServiceService failed to run w/err Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen. (1063)

Error: (07/04/2014 04:04:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b10e801cf978d0e553037C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2d3cba63-0384-11e4-b74a-50e549e641d2

Error: (07/04/2014 03:30:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b1e0401cf978bf4e46e07C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6b8f97c7-037f-11e4-bf3f-50e549e641d2

Error: (07/04/2014 03:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b12d401cf978b7176bf07C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1c1bfed9-037f-11e4-bf3f-50e549e641d2

Error: (07/01/2014 06:10:45 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_esa.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/01/2014 06:10:44 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_zta.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/01/2014 06:10:42 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_zha.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-07-09 17:39:47.867
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:39:47.865
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:39:47.862
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:39:47.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:39:47.827
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:39:47.825
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-28 11:33:22.687
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-28 11:33:22.684
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-28 11:33:22.669
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-28 11:33:22.643
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 8109.11 MB
Available physical RAM: 4534.23 MB
Total Pagefile: 16216.4 MB
Available Pagefile: 12533.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:95.16 GB) NTFS
Drive d: () (Fixed) (Total:221.62 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5ACE348B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=222 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 11.07.2014, 11:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.07.2014, 20:08   #5
Kagami-Kun
 
Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



Das mit dem Revo Uninstaller: wurde nichts gefunden und ich machte laut deiner Anweisung den zweiten Schritt.

Combofix hat nichts gesagt wegen meinen Antivirus-Programmen.


Code:
ATTFilter
ComboFix 14-07-11.04 - Tammy 11.07.2014  19:13:34.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.43.1031.18.8109.6027 [GMT 2:00]
ausgeführt von:: c:\users\Tammy\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\users\Tammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{994C241D-6424-413C-8B68-F0A81C18C013}.xps
c:\users\Tammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DCE98034-D8E6-4A61-9D7C-81296BED4293}.xps
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
C:\WindowsGABRIOLA.tt2
C:\WindowsLEELAWAD.tt2
C:\WindowsLEELAWDB.tt2
C:\WindowsMSUIGHUR.tt2
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_globalUpdate
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-11 bis 2014-07-11  ))))))))))))))))))))))))))))))
.
.
2014-07-11 17:21 . 2014-07-11 17:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-11 17:21 . 2014-07-11 17:22	--------	d-----w-	c:\users\User\AppData\Local\temp
2014-07-11 16:53 . 2014-07-11 16:53	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-07-10 16:39 . 2014-07-10 16:40	--------	d-----w-	c:\users\Tammy\AppData\Roaming\HpUpdate
2014-07-10 13:14 . 2014-06-03 10:02	1719296	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2014-07-10 13:09 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-10 13:09 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-10 13:09 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-07-08 15:06 . 2014-07-08 15:06	--------	d-----w-	c:\users\User\AppData\Roaming\TeamViewer
2014-07-08 13:07 . 2014-07-08 13:07	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2014-07-08 12:31 . 2014-07-08 12:31	--------	d-----w-	c:\users\Tammy\AppData\Roaming\TeamViewer
2014-07-08 12:31 . 2014-07-08 12:31	--------	d-----w-	c:\program files (x86)\TeamViewer
2014-07-08 12:25 . 2014-07-10 13:17	--------	d-----w-	C:\FRST
2014-07-04 14:27 . 2014-07-04 14:27	--------	d-----w-	c:\users\User\AppData\Roaming\IrfanView
2014-07-04 14:14 . 2014-07-04 14:14	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2014-07-04 13:28 . 2014-07-08 12:43	--------	d-----w-	c:\program files (x86)\The weDownload Manager
2014-07-04 13:28 . 2014-07-04 13:30	--------	d-----w-	c:\users\Tammy\AppData\Local\PriceMeter
2014-07-04 13:24 . 2014-07-07 17:53	--------	d-----w-	c:\users\Tammy\AppData\Roaming\IrfanView
2014-07-04 13:24 . 2014-07-07 17:53	--------	d-----w-	c:\program files (x86)\IrfanView
2014-07-03 16:10 . 2014-07-03 16:10	--------	d-----w-	c:\programdata\WEBREG
2014-07-03 16:09 . 2014-07-03 16:11	--------	d-----w-	c:\users\User\AppData\Roaming\HP
2014-07-03 16:08 . 2010-01-06 12:33	253440	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpfpp101.dll
2014-07-03 16:06 . 2014-07-03 16:06	--------	d-----w-	c:\program files (x86)\Microsoft
2014-07-03 15:58 . 2014-07-03 16:09	--------	d-----w-	c:\programdata\HP
2014-07-01 16:10 . 2014-07-01 16:10	--------	d-----w-	c:\users\Default\AppData\Roaming\TuneUp Software
2014-06-29 18:18 . 2014-06-29 18:18	--------	d-----w-	c:\users\User\AppData\Local\Microsoft Games
2014-06-29 13:43 . 2014-06-29 13:43	--------	d-----w-	c:\users\User\AppData\Roaming\AVG2014
2014-06-29 13:43 . 2014-06-30 18:22	--------	d-----w-	c:\users\User\AppData\Local\Avg2014
2014-06-28 13:12 . 2014-06-28 13:12	--------	d-----w-	c:\users\Tammy\AppData\Roaming\AVG2014
2014-06-28 13:11 . 2014-06-28 13:31	--------	d-----w-	c:\programdata\AVG2014
2014-06-28 13:11 . 2014-06-28 13:11	--------	d-----w-	C:\$AVG
2014-06-28 13:11 . 2014-06-28 13:11	--------	d-----w-	c:\program files (x86)\AVG
2014-06-28 13:04 . 2014-07-11 17:26	--------	d-----w-	c:\programdata\MFAData
2014-06-28 13:04 . 2014-06-28 13:14	--------	d-----w-	c:\users\Tammy\AppData\Local\Avg2014
2014-06-28 13:04 . 2014-06-28 13:04	--------	d-----w-	c:\users\Tammy\AppData\Local\MFAData
2014-06-28 12:57 . 2014-06-28 12:57	--------	d-----w-	c:\users\Tammy\AppData\Roaming\dlg
2014-06-28 12:57 . 2014-07-04 13:32	--------	d-----w-	c:\program files (x86)\PC Speed Up
2014-06-28 12:56 . 2014-06-28 13:08	--------	d-----w-	c:\program files (x86)\WinSecurity
2014-06-27 13:05 . 2014-06-27 13:05	--------	d-sh--w-	c:\users\User\AppData\Local\EmieUserList
2014-06-27 13:05 . 2014-06-27 13:05	--------	d-sh--w-	c:\users\User\AppData\Local\EmieSiteList
2014-06-20 18:22 . 2014-06-28 13:55	--------	d-----w-	c:\users\Tammy\AppData\Roaming\Winamp
2014-06-19 17:24 . 2014-07-08 12:43	--------	d-----w-	c:\program files (x86)\SpeedFan
2014-06-19 17:16 . 2014-06-19 17:16	--------	d-----w-	c:\program files\CPUID
2014-06-18 14:53 . 2014-06-18 14:53	--------	d-----w-	c:\users\Default\AppData\Local\Google
2014-06-17 14:21 . 2014-06-17 14:21	235800	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07	328984	----a-w-	c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06	269080	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06	190744	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06	242968	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06	153368	----a-w-	c:\windows\system32\drivers\avgdiska.sys
2014-06-17 14:06 . 2014-06-17 14:06	123672	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06	31512	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2014-06-13 18:54 . 2014-06-13 18:54	--------	d-----w-	c:\users\User\AppData\Local\Adobe
2014-06-13 18:51 . 2014-06-19 17:09	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2014-06-13 18:51 . 2014-06-13 18:51	--------	d-----w-	c:\programdata\McAfee
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 15:30 . 2009-10-14 05:12	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-07-09 15:12 . 2014-03-15 17:27	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 15:12 . 2014-03-15 17:27	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-03 08:41 . 2014-03-15 20:31	589008	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-02 07:46 . 2014-06-02 07:46	829264	----a-w-	c:\windows\system32\msvcr100.dll
2014-06-02 07:46 . 2014-06-02 07:46	608080	----a-w-	c:\windows\system32\msvcp100.dll
2014-06-02 06:55 . 2014-06-02 06:55	773968	----a-w-	c:\windows\SysWow64\msvcr100.dll
2014-06-02 06:55 . 2014-06-02 06:55	421200	----a-w-	c:\windows\SysWow64\msvcp100.dll
2014-05-08 09:32 . 2014-06-11 16:53	1112064	----a-w-	c:\windows\system32\rdpcorets.dll
2014-04-25 02:34 . 2014-06-11 16:53	801280	----a-w-	c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 16:53	626688	----a-w-	c:\windows\SysWow64\usp10.dll
2014-04-14 18:13 . 2014-03-15 15:18	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-05-30 10:34	297128	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-15 20:39	222920	----a-w-	c:\users\Tammy\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-15 20:39	222920	----a-w-	c:\users\Tammy\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-15 20:39	222920	----a-w-	c:\users\Tammy\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21446272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
.
c:\users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-7-9 195248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-15 21:53	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 15:12]
.
2014-07-11 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-09 13:28]
.
2014-07-10 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-09 13:28]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15 15:12]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15 15:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-05-27 15:49	357376	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-15 20:39	261832	----a-w-	c:\users\Tammy\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-15 20:39	261832	----a-w-	c:\users\Tammy\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-15 20:39	261832	----a-w-	c:\users\Tammy\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-15 442352]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jq&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 217.16.112.21 217.16.112.22
FF - ProfilePath - c:\users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Plus-HD-9.6 - c:\program files (x86)\Plus-HD-9.6\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-11  19:36:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-07-11 17:36
.
Vor Suchlauf: 9 Verzeichnis(se), 106.513.887.232 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 106.932.604.928 Bytes frei
.
- - End Of File - - 844E82DE14C33EAE5A65AC7EC4E47A77
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 12.07.2014, 18:02   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Ständige Werbepopups - Vermutlich Trojaner eingefangen?

Alt 14.07.2014, 20:26   #7
Kagami-Kun
 
Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.07.2014
Suchlauf-Zeit: 19:58:47
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.14.08
Rootkit Datenbank: v2014.07.09.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Tammy

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 325841
Verstrichene Zeit: 22 Min, 59 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 40
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [2f411b8423588aac066038576d95b050], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [2f411b8423588aac066038576d95b050], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [d29e5e413f3c23138a1e84ce3dc5669a], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057304.BHO, In Quarantäne, [75fbedb242394de90c47718893704ab6], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057304.Sandbox, In Quarantäne, [145caff06e0d91a59bb8f60341c2ae52], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057304.Sandbox.1, In Quarantäne, [d69a97085b20d066f75c43b6a75c21df], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, In Quarantäne, [ed83a4fb1e5d0f27a16111c5659d2bd5], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [6709613e1b606fc7de402cd89c6845bb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, In Quarantäne, [fe72336c1665082e517a3ebbd42f5aa6], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\Plus-HD-9.6, In Quarantäne, [c2ae8e115d1eba7c0229c81dfe045fa1], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [1d53128d453614228e556d68a062d42c], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057304.BHO, In Quarantäne, [9dd3bbe463180630c291c534c93ade22], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057304.Sandbox, In Quarantäne, [72fe6e31c2b972c41340e21750b348b8], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057304.Sandbox.1, In Quarantäne, [502077282853a096db78f10815eed927], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [a2ce950aed8ef343e8c326946b979b65], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\19979, In Quarantäne, [7ff1138c433877bfeb17c115976b40c0], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [264a8f10a1da50e6110d23e18a7a6799], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.6, In Quarantäne, [e38dcfd089f281b51f8eb1248d75837d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [1e52227d5e1dcf675f6c719b867e7a86], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.6, In Quarantäne, [82eeddc2bac106307439b71ec73b58a8], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, In Quarantäne, [83ed9b047dfe3204f5761502659f18e8], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.6, In Quarantäne, [4a26762955262f079c1121b4d42e09f7], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, In Quarantäne, [89e7dcc35f1c2313aa591cbabc46bb45], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Plus HD, In Quarantäne, [1a567d221d5ee155a509fadb8280ca36], 
PUP.Optional.Qone8, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [f17fced146354ee8ad707193a85c9070], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [640ca4fb18630b2bdb92fdd4ae54c838], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 

Registrierungswerte: 2
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [a2ce950aed8ef343e8c326946b979b65]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com, In Quarantäne, [333db4eb3b403303902a53c4699b8c74]

Registrierungsdaten: 14
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D),Ersetzt,[452b099685f6ff3746ae2570d82c9967]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D),Ersetzt,[442cf6a9bcbf95a1608b296ccf35758b]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[76fafba4fa818babdb3f316ff50f9e62]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D),Ersetzt,[b0c02a750f6cc2749262a3f261a3c33d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}),Ersetzt,[5719554abebd59dde900672ef014946c]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D),Ersetzt,[7df3930c83f8a88e8d5a276ec143df21]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D),Ersetzt,[2f41a3fc0e6d54e245a60d88e61e38c8]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[ec8468374f2ccd695bbf970928dc2bd5]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jt&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jt&q={searchTerms}),Ersetzt,[1957f6a93249ff37ea3acccac73de21e]
PUP.Optional.Trovi.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M8D4C3E68-3558-418D-9385-27EF51EEC9A8&SearchSource=55&CUI=&UM=5&UP=&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M8D4C3E68-3558-418D-9385-27EF51EEC9A8&SearchSource=55&CUI=&UM=5&UP=&SSPV=),Ersetzt,[7df35b44d9a23ff7de7b722360a401ff]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D),Ersetzt,[99d7dfc07efd36006c808e0762a2bf41]
PUP.Optional.Snapdo, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jq&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jq&q={searchTerms}),Ersetzt,[7df3386745366bcb1775fea106fe847c]
PUP.Optional.Snapdo, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jq&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jq&q={searchTerms}),Ersetzt,[b1bfadf27ffcd75f8904dac509fb19e7]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1567794981-3600654592-3206697278-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jq&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jq&q={searchTerms}),Ersetzt,[432df7a81a610a2c8b9a4b4b40c49769]

Ordner: 75
PUP.Optional.OpenCandy, C:\Users\Tammy\AppData\Roaming\OpenCandy, In Quarantäne, [81efa7f87308a4920f118c13df23e51b], 
PUP.Optional.OpenCandy, C:\Users\Tammy\AppData\Roaming\OpenCandy\71623DEB3BA84D298A1DC6BD82FCD1E9, In Quarantäne, [81efa7f87308a4920f118c13df23e51b], 
PUP.Optional.OpenCandy, C:\Users\Tammy\AppData\Roaming\OpenCandy\80E24C14820A4C2DA8955C4C5738D374, In Quarantäne, [81efa7f87308a4920f118c13df23e51b], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy, In Quarantäne, [531dcfd0e39895a18a962d72a16106fa], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\AA0CDA2C62914874B9CA026D85FA342A, In Quarantäne, [531dcfd0e39895a18a962d72a16106fa], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\E503024EFF1F4898B191D5B5B411C26A, In Quarantäne, [531dcfd0e39895a18a962d72a16106fa], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\defaults, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\defaults\preferences, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\userCode, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\locale, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\locale\en-US, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\defaults, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\defaults\preferences, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\userCode, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\locale, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\locale\en-US, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.weDownload.A, C:\Program Files (x86)\The weDownload Manager, In Quarantäne, [aec27e21cbb0ab8b8016663ff60ca060], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.6, In Quarantäne, [620e514e6e0db97d87758f16dd25d32d], 
PUP.Optional.PriceMeter.A, C:\Users\Tammy\AppData\Local\PriceMeter, In Quarantäne, [77f99f00b1ca3402e8231f8745bd9967], 
PUP.Optional.PriceMeter.A, C:\Users\Tammy\AppData\Local\PriceMeter\TEMP, In Quarantäne, [77f99f00b1ca3402e8231f8745bd9967], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{F50892F7-CAE9-4E3F-AE45-CEE77EF6E393}, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 

Dateien: 335
PUP.Optional.SmartBar, C:\Windows\Installer\MSIA8AD.tmp, In Quarantäne, [244c79268bf000369e94002ebd438d73], 
PUP.Optional.PriceMeter.A, C:\Windows\System32\Tasks\pricemeterdownloader, In Quarantäne, [eb85bde2c4b7ef478fb755664fb3ef11], 
PUP.Optional.Trovi.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\searchplugins\trovi-search.xml, In Quarantäne, [bcb47e21f18a5ed8fd450dbdf60c52ae], 
PUP.Optional.Trovi.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\searchplugins\trovi-search.xml, In Quarantäne, [4d231e81fd7eec4aa9992aa0679b27d9], 
PUP.Optional.Superfish.A, C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, In Quarantäne, [d898dec16615e155b98c24a6e121ad53], 
PUP.Optional.Superfish.A, C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [d59b148b730869cdc38216b4788ac937], 
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [1a56aef1ec8f72c402e3765f6e949769], 
PUP.Optional.WebSearch.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\searchplugins\Web Search.xml, In Quarantäne, [066ae1beea9187af7a09746400025fa1], 
PUP.Optional.WebSearch.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\searchplugins\Web Search.xml, In Quarantäne, [0d63336c1b6006300e75d7010cf644bc], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [d997b2edf18a320476e528f17f857f81], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [dc94237c0279b284104c64b5d034ed13], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [422e564922590c2ae578e138df25b24e], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [eb85722da8d37abcb1adca4f23e103fd], 
PUP.Optional.OpenCandy, C:\Users\Tammy\AppData\Roaming\OpenCandy\71623DEB3BA84D298A1DC6BD82FCD1E9\TuneUpUtilities2014_de-DE.exe, In Quarantäne, [81efa7f87308a4920f118c13df23e51b], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\E503024EFF1F4898B191D5B5B411C26A\TuneUpUtilities2014_de-DE.exe, In Quarantäne, [531dcfd0e39895a18a962d72a16106fa], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome.manifest, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\install.rdf, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\05c92e242fbc51fa4048a16f6635a077.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\093a1d2cac1cd963db4f67e1bff7dadd.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\570075c194a4d0a37d75250d7fd5cbce.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\580c534dd5e5ee5a53ee4c29851a44f7.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\5c6afa17d495a9aba200fd0807b51595.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\background.html, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\browser.xul, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\dialog.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\options.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\options.xul, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\search_dialog.xul, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\8eaf2e4fffc7ed1a20e94d7469609849.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\24c5e4c545d22259f7f3feb020025ae4.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\3db9b566441c3ce539a47c136cd48be6.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\653dc395423d446a662f26bc613f6cd8.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\6c117500db3fffdd8a3b71ae03c99402.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\7133317ab15b08892491e414f7daf5ac.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\7fcc9b381b5359fe8547ff85f1d7294b.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\8943bff75c5f152015a99ec4808bd542.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\8c840d8f4d16457977cd86eb8ea4f224.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\add8a59ba0500dcd69790a6ec7508393.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\c17ac2bb19d2935d0e4c1d5592f434d8.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\c7ceabc273b10299c5bd0341d473de15.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\d7ee7d6049aaf04f8634d8d763ca1da6.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\dc4b21ee0bf4ceb74dd871eac05d380b.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\e0e130b260d8bd1a46400c70f57d393c.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\f7605ea37cd39a649b821db02a818701.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\98667123241ac848761589b8381cdd10.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\04688b2c4c86d629300a480de3c47477.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\0b217339dc4fc62e3f08fba4482cbf35.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\2fe78fe7155066ccdb8dde2edd29eade.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\2fea446c94e17b237b53d91e269029b0.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\34579f215635a245bf07a47d5d80fabe.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\38fffa6b4893357f5f76d2cd41b66318.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\5666b0e6d7bd78707c84dc7754435712.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\674016e407ef683053c50a851a63e1e9.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\7779fae36a3b73b99aaa284f378646f7.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\7e54a6437655bc15d0f9e70a5f072bbf.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\8bb3fdfb45cc8533659d1148705a3628.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\90b60bd2a55c70b043c7a2f1fe9b6642.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\94aa32e6af3a5ed03bc68c4d1d9586ff.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\a089efcd3e659ab6c6a68bd2218b640f.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\b4d9aa796745fb9ae401a63e7df16aa6.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\b7163d2c7b7722f9285d1982e934b064.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\c58148e05dc98a307f2809292f2e2e78.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\f09b290bfdcd751cd2e839ce60b4e68f.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\fa679abd2aba4c1b739e8229503db720.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\installer.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\defaults\preferences\prefs.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\manifest.xml, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins.json, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\231.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\1.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\102.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\104.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\119.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\123.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\13.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\14.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\16.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\17.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\177.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\178.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\179.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\180.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\182.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\183.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\195.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\198.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\199.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\207.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\21.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\22.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\220.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\223.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\244.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\246.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\259.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\260.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\262.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\263.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\268.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\273.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\28.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\281.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\284.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\290.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\4.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\47.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\64.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\7.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\72.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\78.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\9.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\91.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\98.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\userCode\background.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\userCode\extension.js, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\locale\en-US\translations.dtd, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\button1.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\button2.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\button3.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\button4.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\button5.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\crossrider_statusbar.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\icon128.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\icon16.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\icon24.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\icon48.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\panelarrow-up.png, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\popup.html, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\skin.css, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\update.css, In Quarantäne, [8fe138672853bd79bef2653f11f15fa1], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome.manifest, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\install.rdf, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\0307e330749b95e0e8e18d81ad0319a9.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\0395c50aebde859820a314c75d3c778b.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\5e4b102b2b005045d765da308ebe5dc4.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\8d93d40a399fb838b3d61e5c70c13597.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\background.html, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\browser.xul, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\dceb2c4060e57a263acee402f8fcf062.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\dialog.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\options.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\options.xul, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\search_dialog.xul, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\7f16f5f87f6d6ab9b1e238e888e48ca2.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\1acc22ea76cf7ca2ea8b8e364212627f.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\1aceb436e23e962a44204fc86a5d20c0.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\20ea6076ba148c0810e9cdaa19f0b00c.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\2ab84e1cb0523d78628b5a82ef22675e.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\39bb547e725a572cb98a97f2287995c4.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\50d6760c1547b4bd9123eb06b5cf774b.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\61ff14534b052090c7a52fb6506106cd.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\6e091ad7ef0d990481de0d4d1bd628ce.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\a4781e236d49d6c5eafd8b5bd7673039.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\c08b48db605722b0b169a7568a46ae60.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\ccd5ead4f5bfa16fd1c431c323fd7398.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\d1b61bf4005271e6bed9e5289b4d4f0a.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\d2eccc5054a52e2d04cf2366af0c266c.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\e51fa3e9c7db7a4392bba3e41e6baa8f.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\api\fa9669723bcfdb177ad7f687fd4dcf3e.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\e90e272aaaa748ea4133321fb98acdb3.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\01e450d173b0ad949c3fa8ae780d2f5e.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\250aac28465224761e759a5759bcde3a.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\2ccc68ffca300ef6c3987cdffc38258e.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\5d983fc68fd018e1e397df500cff6d21.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\67a0792b5c91572aaaf2b39dec327694.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\6e0464b54a2bd9927bb009bf0520a920.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\82612497957acbd4e2884adcecda683e.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\9b23f54b42520e24e7b0b47ee39d4696.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\9f0f482356c33368a6c1303d059030b0.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\a0e5f4fdbd58ed54053b026372a42e74.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\b263e93cc26014b87991f430614cdb14.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\c7579a41d9ce1ced48f30a4a0fcb181f.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\e046244fdf90b52cd438b736c98c8328.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\e9a65f28ae96134c186e21bf4cd751c4.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\ebc750bb8a62af82c2eb52eee5a11af3.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\f04dc6de9eb4544bb9060c8cb1a14baf.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\f829160f4c00e2e5350ad07204982bd2.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\faeb09d3abe880e5f663bcb75fe5efc1.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\fe81d01c2038bfaca12720fc79884583.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\chrome\content\core\installer.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\defaults\preferences\prefs.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\manifest.xml, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins.json, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\244.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\1.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\102.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\104.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\119.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\123.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\13.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\14.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\16.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\17.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\177.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\178.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\179.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\180.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\182.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\183.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\195.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\198.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\199.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\207.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\21.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\22.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\220.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\223.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\231.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\246.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\259.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\260.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\262.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\263.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\268.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\273.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\28.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\281.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\284.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\290.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\4.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\47.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\64.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\7.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\72.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\78.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\9.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\91.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\plugins\98.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\userCode\background.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\extensionData\userCode\extension.js, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\locale\en-US\translations.dtd, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\button1.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\button2.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\button3.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\button4.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\button5.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\crossrider_statusbar.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\icon128.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\icon16.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\icon24.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\icon48.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\panelarrow-up.png, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\popup.html, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\skin.css, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\extensions\048da175-3ee8-49e5-9d6f-2feb4d4793d5@3f15bd8f-93f6-4d68-a7c5-ae4f792d6bd4.com\skin\update.css, In Quarantäne, [b1bf643b1f5cdc5a218f1193f21004fc], 
PUP.Optional.weDownload.A, C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll, In Quarantäne, [aec27e21cbb0ab8b8016663ff60ca060], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.6\1293297481.mxaddon, In Quarantäne, [620e514e6e0db97d87758f16dd25d32d], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.6\360-57304.crx, In Quarantäne, [620e514e6e0db97d87758f16dd25d32d], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.6\57304.crx, In Quarantäne, [620e514e6e0db97d87758f16dd25d32d], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.6\57304.xpi, In Quarantäne, [620e514e6e0db97d87758f16dd25d32d], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.6\background.html, In Quarantäne, [620e514e6e0db97d87758f16dd25d32d], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.6\bgNova.html, In Quarantäne, [620e514e6e0db97d87758f16dd25d32d], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6.ico, In Quarantäne, [620e514e6e0db97d87758f16dd25d32d], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.6\utils.exe, In Quarantäne, [620e514e6e0db97d87758f16dd25d32d], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.FastStart.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [0070adf26318d363f342e4d204fe4cb4], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, In Quarantäne, [e090148bd7a4c274c390febbe022e917], 
PUP.Optional.WebsSearches.A, C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://istart.webssearches.com/?type=hp&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D" ],), Ersetzt,[0e62b7e806752e087c3a17b7e61e42be]
PUP.Optional.WebsSearches.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D");), Ersetzt,[5d13cbd43843ae88a80c7f4fb94bfe02]
PUP.Optional.CrossRider.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "146827b3855fbca19d7e681b85624ccc");), Ersetzt,[98d8d7c81b60f244fe1b7b5448bce11f]
PUP.Optional.Snapdo.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TcRj-sGQ-yRDLXimK9DOA8tEqe9anGJDjgdiImIfaSj_EfX6qKhQllys7uPfFM4d",), Ersetzt,[b2bea3fc47341323942bb816659fc53b]
PUP.Optional.Snapdo.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TcRj-sGQ-yRDLXimK9DOA8tEqe9anGJDjgdiImIfaSj_EfX6qKhQllys7uPfFM4d" ],), Ersetzt,[72fe534ccab1dd59f506d6f9ad57f709]
PUP.Optional.SnapDo.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TcLVQkQHIoA0cJEsE_G4PT45Ss8KNjd5YezH8sDNS4aChZ_TrRbrUOe5aqtHnjgD");), Ersetzt,[77f9b0ef611a1521f61b755a7490758b]
PUP.Optional.SnapDo.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-TZM7GL94m3Bpi9iHb-sysQnVAl2j52YfjuhAgRUk_Fii8-1kpCQvJDCsloiWhvdithtL_GPddWn3TchSGpIC7Gt-QEcODtR3UmowVsL5r-pv4qPemTiXFQGp-ddQU5pBYkOYukpp36Jt&q=");), Ersetzt,[e18f07988cefdb5bac668a45cd3716ea]
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14684bfb89ec3fcce8c033cb14e38c7b");), Ersetzt,[a2ce950ab4c73afcf5248748b74dc838]

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Alt 14.07.2014, 20:28   #8
Kagami-Kun
 
Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



Code:
ATTFilter
# AdwCleaner v3.215 - Bericht erstellt am 14/07/2014 um 20:54:43
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Tammy - ADMIN
# Gestartet von : C:\Users\Tammy\Downloads\adwcleaner_3.215.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\WinSecurity
Ordner Gelöscht : C:\Users\Tammy\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\User\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Ordner Gelöscht : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Ordner Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Ordner Gelöscht : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Ordner Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511731104}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522732204}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555735504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566736604}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522732204}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555735504}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566736604}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\WEDLMNGR
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D");
Zeile gelöscht : user_pref("extensions.a048da1753ee849e59d6f2feb4d4793d53f15bd8f93f64d68a7c5ae4f792d6bd4com57304.57304.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
Zeile gelöscht : user_pref("extensions.a048da1753ee849e59d6f2feb4d4793d53f15bd8f93f64d68a7c5ae4f792d6bd4com57304.57304.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "146827b3855fbca19d7e681b85624ccc");

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cqu5z69d.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.a048da1753ee849e59d6f2feb4d4793d53f15bd8f93f64d68a7c5ae4f792d6bd4com57304.57304.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
Zeile gelöscht : user_pref("extensions.a048da1753ee849e59d6f2feb4d4793d53f15bd8f93f64d68a7c5ae4f792d6bd4com57304.57304.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
Gelöscht [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Gelöscht [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Gelöscht [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [8986 octets] - [14/07/2014 20:51:58]
AdwCleaner[S0].txt - [7823 octets] - [14/07/2014 20:54:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7883 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Tammy on 14.07.2014 at 21:08:24,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Tammy\AppData\Roaming\mozilla\firefox\profiles\jwj9jl6d.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.07.2014 at 21:15:33,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by Tammy (administrator) on ADMIN on 14-07-2014 21:19:55
Running from C:\Users\Tammy\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MSN Toolbar] => C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe [240992 2009-11-16] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1567794981-3600654592-3206697278-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.16.112.21 217.16.112.22

FireFox:
========
FF ProfilePath: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default
FF SearchEngineOrder.3: Bing 
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-03]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2014-07-03]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-07-03]

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (No Name) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-21]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]
CHR Extension: (No Name) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-06-07]
CHR Extension: (Google-Suche) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-15]
CHR Extension: (No Name) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-06-07]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-15]
CHR Extension: (Virtual Keyboard) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
CHR Extension: (Google Mail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-22] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-15] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-15] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-15] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-14 21:19 - 2014-07-14 21:19 - 00026600 _____ () C:\Users\Tammy\Downloads\FRST.txt
2014-07-14 21:19 - 2014-07-14 21:19 - 00000000 ____D () C:\Users\Tammy\Downloads\FRST-OlderVersion
2014-07-14 21:15 - 2014-07-14 21:15 - 00000753 _____ () C:\Users\Tammy\Desktop\JRT.txt
2014-07-14 21:08 - 2014-07-14 21:08 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 21:04 - 2014-07-14 21:07 - 01016261 _____ (Thisisu) C:\Users\Tammy\Downloads\JRT.exe
2014-07-14 20:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-14 20:51 - 2014-07-14 20:54 - 00000000 ____D () C:\AdwCleaner
2014-07-14 20:45 - 2014-07-14 20:45 - 01348263 _____ () C:\Users\Tammy\Downloads\adwcleaner_3.215.exe
2014-07-14 20:44 - 2014-07-14 20:44 - 00117163 _____ () C:\Users\Tammy\Desktop\mbam.txt.txt
2014-07-14 19:57 - 2014-07-14 21:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 19:56 - 2014-07-14 19:56 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 19:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 19:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 19:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 19:55 - 2014-07-14 19:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-13 19:56 - 2014-07-13 20:22 - 00000000 ____D () C:\Users\User\Desktop\dragana
2014-07-13 18:12 - 2014-07-13 18:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\NVIDIA
2014-07-11 19:36 - 2014-07-11 19:36 - 00030165 _____ () C:\ComboFix.txt
2014-07-11 19:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-11 19:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-11 19:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-11 19:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-11 19:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-11 19:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-11 19:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-11 19:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-11 19:02 - 2014-07-11 19:36 - 00000000 ____D () C:\Qoobox
2014-07-11 19:02 - 2014-07-11 19:33 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 18:58 - 2014-07-11 18:59 - 05218473 ____R (Swearware) C:\Users\Tammy\Downloads\ComboFix.exe
2014-07-11 18:53 - 2014-07-11 18:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-11 18:52 - 2014-07-11 18:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tammy\Downloads\revosetup95.exe
2014-07-10 18:39 - 2014-07-10 18:40 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\HpUpdate
2014-07-10 15:16 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:16 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:16 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:16 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:16 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:16 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:16 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:16 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:16 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:16 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:16 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:16 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:16 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:16 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:16 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:16 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:16 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:16 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:16 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:16 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:16 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:16 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:16 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:16 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:16 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:16 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:16 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:16 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:16 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:16 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:16 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:16 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:16 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:16 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:16 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:16 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:16 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:16 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:16 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:16 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:16 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:16 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:16 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:16 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:16 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:16 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:16 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:16 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:16 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:16 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:16 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:16 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:16 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:16 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:16 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:16 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:09 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:09 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:09 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 17:06 - 2014-07-08 17:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer
2014-07-08 15:07 - 2014-07-08 15:07 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-08 15:05 - 2014-07-08 15:05 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0 (1).exe
2014-07-08 15:03 - 2014-07-08 15:03 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0.exe
2014-07-08 14:31 - 2014-07-08 14:31 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\TeamViewer
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 14:30 - 2014-07-08 14:30 - 06263496 _____ (TeamViewer GmbH) C:\Users\Tammy\Downloads\TeamViewer_Setup_de-ckc(1).exe
2014-07-08 14:25 - 2014-07-14 21:19 - 00000000 ____D () C:\FRST
2014-07-08 14:23 - 2014-07-14 21:19 - 02086912 _____ (Farbar) C:\Users\Tammy\Downloads\FRST64.exe
2014-07-05 10:50 - 2014-07-05 10:50 - 00286324 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-07-04 16:27 - 2014-07-04 16:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\IrfanView
2014-07-04 16:14 - 2014-07-04 16:14 - 00289428 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-07-04 16:14 - 2014-07-04 16:14 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-04 15:28 - 2014-07-04 15:30 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
2014-07-04 15:28 - 2014-07-04 15:28 - 06252036 _____ () C:\Users\Tammy\Downloads\paint.net.4.0.install.zip
2014-07-04 15:24 - 2014-07-07 19:53 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\IrfanView
2014-07-04 15:24 - 2014-07-07 19:53 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-04 15:23 - 2014-07-04 15:23 - 02197648 _____ (Irfan Skiljan) C:\Users\Tammy\Downloads\iview438g_setup.exe
2014-07-03 18:10 - 2014-07-03 18:10 - 00000000 ____D () C:\ProgramData\WEBREG
2014-07-03 18:09 - 2014-07-03 18:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\HP
2014-07-03 18:06 - 2014-07-03 18:06 - 00001380 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Program Files (x86)\MSN Toolbar
2014-07-03 18:04 - 2014-07-03 18:04 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2014-07-03 18:04 - 2014-07-03 18:04 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-07-03 18:03 - 2014-07-03 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-03 18:02 - 2010-01-20 20:03 - 01412224 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpost_p04h.dll
2014-07-03 18:02 - 2010-01-20 20:03 - 01179776 _____ (Hewlett-Packard) C:\Windows\system32\hposwia_p04h.dll
2014-07-03 18:02 - 2010-01-20 20:03 - 00525440 _____ (Hewlett-Packard Co.) C:\Windows\system32\hposc_p04a.dll
2014-07-03 18:01 - 2010-01-20 20:03 - 00643200 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2014-07-03 18:01 - 2010-01-06 14:33 - 00138752 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l101.dll
2014-07-03 18:00 - 2014-07-03 18:06 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-03 17:59 - 2014-07-03 18:10 - 00192758 _____ () C:\Windows\hpoins51.dat
2014-07-03 17:59 - 2014-07-03 18:10 - 00000782 _____ () C:\ProgramData\hpzinstall.log
2014-07-03 17:58 - 2014-07-03 18:09 - 00000000 ____D () C:\ProgramData\HP
2014-07-03 16:52 - 2014-07-03 16:52 - 00094365 _____ () C:\Users\User\Documents\lkghöfg.xps
2014-07-03 16:50 - 2014-07-03 16:50 - 00672392 _____ () C:\Users\User\Documents\sfokjsd.xps
2014-07-03 16:47 - 2014-07-03 16:47 - 00094365 _____ () C:\Users\User\Documents\mario.xps
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-29 20:18 - 2014-06-29 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Games
2014-06-29 15:43 - 2014-06-30 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-06-29 15:43 - 2014-06-29 15:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2014
2014-06-28 15:12 - 2014-06-28 15:12 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\AVG2014
2014-06-28 15:11 - 2014-07-01 18:10 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-28 15:11 - 2014-07-01 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-28 15:11 - 2014-06-28 15:31 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ____D () C:\$AVG
2014-06-28 15:04 - 2014-07-14 19:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-28 15:04 - 2014-06-28 15:14 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Avg2014
2014-06-28 15:04 - 2014-06-28 15:04 - 00000000 ____D () C:\Users\Tammy\AppData\Local\MFAData
2014-06-28 15:01 - 2014-06-28 15:02 - 155080296 _____ (AVG Technologies) C:\Users\Tammy\Downloads\avg_free_x86_all_2014_4714a7694.exe
2014-06-28 15:00 - 2014-07-14 20:54 - 00001083 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-28 14:57 - 2014-06-28 14:57 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\dlg
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-06-20 20:22 - 2014-06-28 15:55 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Winamp
2014-06-20 15:41 - 2014-06-28 17:05 - 00000000 ____D () C:\Users\Tammy\Desktop\2c Spaken
2014-06-19 19:24 - 2014-07-08 14:43 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-19 19:24 - 2014-06-19 19:24 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-06-19 19:24 - 2014-06-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-06-19 19:23 - 2014-06-19 19:24 - 02143832 _____ () C:\Users\Tammy\Downloads\instsf449.exe
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Program Files\CPUID
2014-06-19 19:15 - 2014-06-19 19:15 - 01141408 _____ ( ) C:\Users\Tammy\Downloads\hwmonitor_1.25-setup.exe
2014-06-19 19:09 - 2014-06-13 20:51 - 00000030 _____ () C:\AVScanner.ini
2014-06-19 13:31 - 2014-07-08 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-06-15 22:30 - 2014-06-15 22:31 - 00000000 ____D () C:\Users\User\Desktop\mama

==================== One Month Modified Files and Folders =======

2014-07-14 21:20 - 2014-07-14 21:19 - 00026600 _____ () C:\Users\Tammy\Downloads\FRST.txt
2014-07-14 21:19 - 2014-07-14 21:19 - 00000000 ____D () C:\Users\Tammy\Downloads\FRST-OlderVersion
2014-07-14 21:19 - 2014-07-08 14:25 - 00000000 ____D () C:\FRST
2014-07-14 21:19 - 2014-07-08 14:23 - 02086912 _____ (Farbar) C:\Users\Tammy\Downloads\FRST64.exe
2014-07-14 21:15 - 2014-07-14 21:15 - 00000753 _____ () C:\Users\Tammy\Desktop\JRT.txt
2014-07-14 21:12 - 2014-03-15 19:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-14 21:08 - 2014-07-14 21:08 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 21:07 - 2014-07-14 21:04 - 01016261 _____ (Thisisu) C:\Users\Tammy\Downloads\JRT.exe
2014-07-14 21:04 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-14 21:04 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-14 21:04 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-14 21:03 - 2014-03-16 18:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Skype
2014-07-14 21:00 - 2014-07-14 19:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 20:58 - 2014-03-15 18:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-14 20:58 - 2014-03-15 17:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 20:58 - 2014-03-15 17:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 20:57 - 2014-03-15 17:42 - 00316532 _____ () C:\Windows\PFRO.log
2014-07-14 20:57 - 2014-03-15 16:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-14 20:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-14 20:57 - 2009-07-14 06:51 - 00090504 _____ () C:\Windows\setupact.log
2014-07-14 20:56 - 2014-03-15 16:29 - 01527976 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 20:56 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 20:56 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 20:54 - 2014-07-14 20:51 - 00000000 ____D () C:\AdwCleaner
2014-07-14 20:54 - 2014-06-28 15:00 - 00001083 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-14 20:54 - 2014-03-15 20:18 - 00000995 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-14 20:54 - 2014-03-15 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 20:45 - 2014-07-14 20:45 - 01348263 _____ () C:\Users\Tammy\Downloads\adwcleaner_3.215.exe
2014-07-14 20:44 - 2014-07-14 20:44 - 00117163 _____ () C:\Users\Tammy\Desktop\mbam.txt.txt
2014-07-14 19:56 - 2014-07-14 19:56 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 19:56 - 2014-07-14 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-14 19:26 - 2014-06-28 15:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-13 20:22 - 2014-07-13 19:56 - 00000000 ____D () C:\Users\User\Desktop\dragana
2014-07-13 18:12 - 2014-07-13 18:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\NVIDIA
2014-07-12 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 22:29 - 2014-03-15 17:11 - 00000000 ____D () C:\Users\Tammy\Desktop\Desktop Bider -.-
2014-07-11 19:36 - 2014-07-11 19:36 - 00030165 _____ () C:\ComboFix.txt
2014-07-11 19:36 - 2014-07-11 19:02 - 00000000 ____D () C:\Qoobox
2014-07-11 19:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-11 19:33 - 2014-07-11 19:02 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 19:25 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-11 19:22 - 2009-07-14 04:34 - 77070336 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-11 19:22 - 2009-07-14 04:34 - 24117248 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-11 19:22 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-11 19:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-11 19:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-07-11 18:59 - 2014-07-11 18:58 - 05218473 ____R (Swearware) C:\Users\Tammy\Downloads\ComboFix.exe
2014-07-11 18:53 - 2014-07-11 18:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-11 18:53 - 2014-07-11 18:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tammy\Downloads\revosetup95.exe
2014-07-10 18:40 - 2014-07-10 18:39 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\HpUpdate
2014-07-10 17:54 - 2009-07-14 06:45 - 00436408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 17:50 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 17:31 - 2014-04-30 20:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 17:30 - 2009-10-14 07:12 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 16:13 - 2014-06-09 13:25 - 00020480 ____H () C:\Users\Tammy\Desktop\photothumb.db
2014-07-09 17:12 - 2014-03-15 19:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 17:12 - 2014-03-15 19:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 17:12 - 2014-03-15 19:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 17:09 - 2014-03-15 22:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 16:59 - 2014-06-09 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-08 17:07 - 2014-03-15 19:15 - 00111832 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 17:06 - 2014-07-08 17:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer
2014-07-08 15:07 - 2014-07-08 15:07 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-08 15:07 - 2014-06-19 13:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-08 15:05 - 2014-07-08 15:05 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0 (1).exe
2014-07-08 15:03 - 2014-07-08 15:03 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0.exe
2014-07-08 14:43 - 2014-06-19 19:24 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-07-08 14:41 - 2014-03-15 20:22 - 00111832 _____ () C:\Users\Tammy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 14:31 - 2014-07-08 14:31 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\TeamViewer
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 14:30 - 2014-07-08 14:30 - 06263496 _____ (TeamViewer GmbH) C:\Users\Tammy\Downloads\TeamViewer_Setup_de-ckc(1).exe
2014-07-07 21:47 - 2014-03-15 17:25 - 00000000 ___RD () C:\Users\Tammy\Desktop\tumblr
2014-07-07 21:43 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-07 21:00 - 2014-03-15 17:15 - 00000000 ___RD () C:\Users\Tammy\Desktop\Tammy
2014-07-07 19:53 - 2014-07-04 15:24 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\IrfanView
2014-07-07 19:53 - 2014-07-04 15:24 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-05 10:50 - 2014-07-05 10:50 - 00286324 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-07-05 08:01 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-04 16:27 - 2014-07-04 16:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\IrfanView
2014-07-04 16:14 - 2014-07-04 16:14 - 00289428 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-07-04 16:14 - 2014-07-04 16:14 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-04 15:30 - 2014-07-04 15:28 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
2014-07-04 15:28 - 2014-07-04 15:28 - 06252036 _____ () C:\Users\Tammy\Downloads\paint.net.4.0.install.zip
2014-07-04 15:25 - 2014-03-15 17:12 - 00000000 ____D () C:\Users\Tammy\Desktop\Songs~
2014-07-04 15:23 - 2014-07-04 15:23 - 02197648 _____ (Irfan Skiljan) C:\Users\Tammy\Downloads\iview438g_setup.exe
2014-07-03 18:11 - 2014-07-03 18:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\HP
2014-07-03 18:10 - 2014-07-03 18:10 - 00000000 ____D () C:\ProgramData\WEBREG
2014-07-03 18:10 - 2014-07-03 17:59 - 00192758 _____ () C:\Windows\hpoins51.dat
2014-07-03 18:10 - 2014-07-03 17:59 - 00000782 _____ () C:\ProgramData\hpzinstall.log
2014-07-03 18:09 - 2014-07-03 17:58 - 00000000 ____D () C:\ProgramData\HP
2014-07-03 18:09 - 2009-07-14 04:34 - 00000438 _____ () C:\Windows\win.ini
2014-07-03 18:06 - 2014-07-03 18:06 - 00001380 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Program Files (x86)\MSN Toolbar
2014-07-03 18:06 - 2014-07-03 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-03 18:06 - 2014-07-03 18:00 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-03 18:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-03 18:04 - 2014-07-03 18:04 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2014-07-03 18:04 - 2014-07-03 18:04 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-07-03 16:52 - 2014-07-03 16:52 - 00094365 _____ () C:\Users\User\Documents\lkghöfg.xps
2014-07-03 16:50 - 2014-07-03 16:50 - 00672392 _____ () C:\Users\User\Documents\sfokjsd.xps
2014-07-03 16:47 - 2014-07-03 16:47 - 00094365 _____ () C:\Users\User\Documents\mario.xps
2014-07-02 19:36 - 2014-03-15 16:27 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-07-01 18:10 - 2014-06-28 15:11 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-01 18:10 - 2014-06-28 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-30 20:22 - 2014-06-29 15:43 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-06-29 20:18 - 2014-06-29 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Games
2014-06-29 15:43 - 2014-06-29 15:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2014
2014-06-28 17:05 - 2014-06-20 15:41 - 00000000 ____D () C:\Users\Tammy\Desktop\2c Spaken
2014-06-28 15:55 - 2014-06-20 20:22 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Winamp
2014-06-28 15:31 - 2014-06-28 15:11 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-28 15:14 - 2014-06-28 15:04 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Avg2014
2014-06-28 15:12 - 2014-06-28 15:12 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\AVG2014
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ____D () C:\$AVG
2014-06-28 15:11 - 2014-06-07 00:26 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\TuneUp Software
2014-06-28 15:04 - 2014-06-28 15:04 - 00000000 ____D () C:\Users\Tammy\AppData\Local\MFAData
2014-06-28 15:02 - 2014-06-28 15:01 - 155080296 _____ (AVG Technologies) C:\Users\Tammy\Downloads\avg_free_x86_all_2014_4714a7694.exe
2014-06-28 14:57 - 2014-06-28 14:57 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\dlg
2014-06-27 20:24 - 2014-03-15 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-06-23 21:36 - 2014-03-15 17:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-06-22 16:53 - 2014-03-15 17:13 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 16:53 - 2014-03-15 17:13 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 22:14 - 2014-07-10 15:16 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-10 15:16 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 09:17 - 2014-06-01 20:08 - 00000000 ____D () C:\Users\User\Desktop\muzika
2014-06-19 19:24 - 2014-06-19 19:24 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-06-19 19:24 - 2014-06-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-06-19 19:24 - 2014-06-19 19:23 - 02143832 _____ () C:\Users\Tammy\Downloads\instsf449.exe
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Program Files\CPUID
2014-06-19 19:15 - 2014-06-19 19:15 - 01141408 _____ ( ) C:\Users\Tammy\Downloads\hwmonitor_1.25-setup.exe
2014-06-19 19:09 - 2014-06-13 20:51 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-06-19 03:39 - 2014-07-10 15:16 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-10 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-10 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-10 15:16 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-10 15:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-10 15:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-10 15:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-10 15:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-10 15:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-10 15:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-10 15:16 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-10 15:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-10 15:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-10 15:16 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-10 15:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-10 15:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-10 15:16 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-10 15:16 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-10 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-10 15:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-10 15:16 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-10 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-10 15:16 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-10 15:16 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-10 15:16 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-10 15:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-10 15:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-10 15:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-10 15:16 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-10 15:16 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-10 15:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-10 15:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-10 15:16 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-10 15:16 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-10 15:16 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-10 15:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-10 15:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-10 15:16 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-10 15:16 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-10 15:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-10 15:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-10 15:16 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-10 15:16 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-10 15:16 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-10 15:16 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-10 15:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-10 15:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-10 15:16 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-10 15:16 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-10 15:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-10 15:16 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-10 15:16 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-10 15:16 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-10 15:16 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-06-18 04:18 - 2014-07-10 15:14 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-10 15:14 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-10 15:14 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-06-15 22:31 - 2014-06-15 22:30 - 00000000 ____D () C:\Users\User\Desktop\mama

Some content of TEMP:
====================
C:\Users\Tammy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 11:32

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 15.07.2014, 19:26   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.07.2014, 19:37   #10
Kagami-Kun
 
Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by Tammy (administrator) on ADMIN on 18-07-2014 21:59:03
Running from C:\Users\Tammy\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MSN Toolbar] => C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe [240992 2009-11-16] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1567794981-3600654592-3206697278-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.16.112.21 217.16.112.22

FireFox:
========
FF ProfilePath: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\jwj9jl6d.default
FF SearchEngineOrder.3: Bing 
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-03]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2014-07-03]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-07-03]

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (No Name) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-21]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]
CHR Extension: (No Name) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-06-07]
CHR Extension: (Google-Suche) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-15]
CHR Extension: (No Name) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-06-07]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-15]
CHR Extension: (Virtual Keyboard) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
CHR Extension: (Google Mail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-22] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-15] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-15] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-15] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-18 21:50 - 2014-07-18 21:50 - 00854390 _____ () C:\Users\Tammy\Downloads\SecurityCheck.exe
2014-07-18 17:56 - 2014-07-18 17:56 - 03071973 _____ () C:\Users\Tammy\Desktop\Steve Smith - Is She Not Enough_ (Full).m4a
2014-07-17 18:28 - 2014-07-18 19:01 - 00000000 ____D () C:\Users\Tammy\Desktop\ZUM SORTIEREN
2014-07-17 17:57 - 2014-07-17 17:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-17 17:56 - 2014-07-17 17:56 - 02347384 _____ (ESET) C:\Users\Tammy\Downloads\esetsmartinstaller_deu.exe
2014-07-16 16:43 - 2014-07-16 16:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6EA0172B.sys
2014-07-14 21:19 - 2014-07-18 21:59 - 00026942 _____ () C:\Users\Tammy\Downloads\FRST.txt
2014-07-14 21:19 - 2014-07-14 21:19 - 00000000 ____D () C:\Users\Tammy\Downloads\FRST-OlderVersion
2014-07-14 21:08 - 2014-07-14 21:08 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 21:04 - 2014-07-14 21:07 - 01016261 _____ (Thisisu) C:\Users\Tammy\Downloads\JRT.exe
2014-07-14 20:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-14 20:51 - 2014-07-14 20:54 - 00000000 ____D () C:\AdwCleaner
2014-07-14 20:45 - 2014-07-14 20:45 - 01348263 _____ () C:\Users\Tammy\Downloads\adwcleaner_3.215.exe
2014-07-14 20:44 - 2014-07-14 20:44 - 00117163 _____ () C:\Users\Tammy\Desktop\mbam.txt.txt
2014-07-14 19:57 - 2014-07-18 20:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 19:56 - 2014-07-14 19:56 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 19:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 19:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 19:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 19:55 - 2014-07-14 19:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-13 19:56 - 2014-07-13 20:22 - 00000000 ____D () C:\Users\User\Desktop\dragana
2014-07-13 18:12 - 2014-07-13 18:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\NVIDIA
2014-07-11 19:36 - 2014-07-11 19:36 - 00030165 _____ () C:\ComboFix.txt
2014-07-11 19:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-11 19:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-11 19:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-11 19:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-11 19:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-11 19:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-11 19:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-11 19:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-11 19:02 - 2014-07-11 19:36 - 00000000 ____D () C:\Qoobox
2014-07-11 19:02 - 2014-07-11 19:33 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 18:58 - 2014-07-11 18:59 - 05218473 ____R (Swearware) C:\Users\Tammy\Downloads\ComboFix.exe
2014-07-11 18:53 - 2014-07-11 18:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-11 18:52 - 2014-07-11 18:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tammy\Downloads\revosetup95.exe
2014-07-10 18:39 - 2014-07-10 18:40 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\HpUpdate
2014-07-10 15:16 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:16 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:16 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:16 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:16 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:16 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:16 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:16 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:16 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:16 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:16 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:16 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:16 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:16 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:16 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:16 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:16 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:16 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:16 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:16 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:16 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:16 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:16 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:16 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:16 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:16 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:16 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:16 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:16 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:16 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:16 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:16 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:16 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:16 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:16 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:16 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:16 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:16 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:16 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:16 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:16 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:16 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:16 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:16 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:16 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:16 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:16 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:16 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:16 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:16 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:16 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:16 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:16 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:16 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:16 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:16 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:09 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:09 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:09 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 17:06 - 2014-07-08 17:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer
2014-07-08 15:07 - 2014-07-08 15:07 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-08 15:05 - 2014-07-08 15:05 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0 (1).exe
2014-07-08 15:03 - 2014-07-08 15:03 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0.exe
2014-07-08 14:31 - 2014-07-08 14:31 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\TeamViewer
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 14:30 - 2014-07-08 14:30 - 06263496 _____ (TeamViewer GmbH) C:\Users\Tammy\Downloads\TeamViewer_Setup_de-ckc(1).exe
2014-07-08 14:25 - 2014-07-18 21:59 - 00000000 ____D () C:\FRST
2014-07-08 14:23 - 2014-07-14 21:19 - 02086912 _____ (Farbar) C:\Users\Tammy\Downloads\FRST64.exe
2014-07-05 10:50 - 2014-07-05 10:50 - 00286324 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-07-04 16:27 - 2014-07-04 16:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\IrfanView
2014-07-04 16:14 - 2014-07-04 16:14 - 00289428 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-07-04 16:14 - 2014-07-04 16:14 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-04 15:28 - 2014-07-04 15:30 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
2014-07-04 15:28 - 2014-07-04 15:28 - 06252036 _____ () C:\Users\Tammy\Downloads\paint.net.4.0.install.zip
2014-07-04 15:24 - 2014-07-07 19:53 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\IrfanView
2014-07-04 15:24 - 2014-07-07 19:53 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-04 15:23 - 2014-07-04 15:23 - 02197648 _____ (Irfan Skiljan) C:\Users\Tammy\Downloads\iview438g_setup.exe
2014-07-03 18:10 - 2014-07-03 18:10 - 00000000 ____D () C:\ProgramData\WEBREG
2014-07-03 18:09 - 2014-07-03 18:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\HP
2014-07-03 18:06 - 2014-07-03 18:06 - 00001380 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Program Files (x86)\MSN Toolbar
2014-07-03 18:04 - 2014-07-03 18:04 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2014-07-03 18:04 - 2014-07-03 18:04 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-07-03 18:03 - 2014-07-03 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-03 18:02 - 2010-01-20 20:03 - 01412224 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpost_p04h.dll
2014-07-03 18:02 - 2010-01-20 20:03 - 01179776 _____ (Hewlett-Packard) C:\Windows\system32\hposwia_p04h.dll
2014-07-03 18:02 - 2010-01-20 20:03 - 00525440 _____ (Hewlett-Packard Co.) C:\Windows\system32\hposc_p04a.dll
2014-07-03 18:01 - 2010-01-20 20:03 - 00643200 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2014-07-03 18:01 - 2010-01-06 14:33 - 00138752 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l101.dll
2014-07-03 18:00 - 2014-07-03 18:06 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-03 17:59 - 2014-07-03 18:10 - 00192758 _____ () C:\Windows\hpoins51.dat
2014-07-03 17:59 - 2014-07-03 18:10 - 00000782 _____ () C:\ProgramData\hpzinstall.log
2014-07-03 17:58 - 2014-07-03 18:09 - 00000000 ____D () C:\ProgramData\HP
2014-07-03 16:52 - 2014-07-03 16:52 - 00094365 _____ () C:\Users\User\Documents\lkghöfg.xps
2014-07-03 16:50 - 2014-07-03 16:50 - 00672392 _____ () C:\Users\User\Documents\sfokjsd.xps
2014-07-03 16:47 - 2014-07-03 16:47 - 00094365 _____ () C:\Users\User\Documents\mario.xps
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-29 20:18 - 2014-06-29 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Games
2014-06-29 15:43 - 2014-06-30 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-06-29 15:43 - 2014-06-29 15:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2014
2014-06-28 19:58 - 2014-06-28 19:58 - 03656034 _____ () C:\Users\Tammy\Desktop\Masked Bitch by Levi Rivaille (Shoose's version).m4a
2014-06-28 15:12 - 2014-06-28 15:12 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\AVG2014
2014-06-28 15:11 - 2014-07-01 18:10 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-28 15:11 - 2014-07-01 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-28 15:11 - 2014-06-28 15:31 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ____D () C:\$AVG
2014-06-28 15:04 - 2014-07-17 22:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-28 15:04 - 2014-06-28 15:14 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Avg2014
2014-06-28 15:04 - 2014-06-28 15:04 - 00000000 ____D () C:\Users\Tammy\AppData\Local\MFAData
2014-06-28 15:01 - 2014-06-28 15:02 - 155080296 _____ (AVG Technologies) C:\Users\Tammy\Downloads\avg_free_x86_all_2014_4714a7694.exe
2014-06-28 15:00 - 2014-07-14 20:54 - 00001083 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-28 14:57 - 2014-06-28 14:57 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\dlg
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-06-20 20:22 - 2014-06-28 15:55 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Winamp
2014-06-20 15:41 - 2014-06-28 17:05 - 00000000 ____D () C:\Users\Tammy\Desktop\2c Spaken
2014-06-20 15:16 - 2014-06-20 15:16 - 01879784 _____ () C:\Users\Tammy\Desktop\JBB 2013 - Punch Arogunz (Qualifikation).m4a
2014-06-19 19:24 - 2014-07-08 14:43 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-19 19:24 - 2014-06-19 19:24 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-06-19 19:24 - 2014-06-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-06-19 19:23 - 2014-06-19 19:24 - 02143832 _____ () C:\Users\Tammy\Downloads\instsf449.exe
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Program Files\CPUID
2014-06-19 19:15 - 2014-06-19 19:15 - 01141408 _____ ( ) C:\Users\Tammy\Downloads\hwmonitor_1.25-setup.exe
2014-06-19 19:09 - 2014-06-13 20:51 - 00000030 _____ () C:\AVScanner.ini
2014-06-19 13:31 - 2014-07-08 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

==================== One Month Modified Files and Folders =======

2014-07-18 21:59 - 2014-07-14 21:19 - 00026942 _____ () C:\Users\Tammy\Downloads\FRST.txt
2014-07-18 21:59 - 2014-07-08 14:25 - 00000000 ____D () C:\FRST
2014-07-18 21:58 - 2014-03-15 17:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 21:50 - 2014-07-18 21:50 - 00854390 _____ () C:\Users\Tammy\Downloads\SecurityCheck.exe
2014-07-18 21:36 - 2014-03-15 18:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-18 21:17 - 2014-03-16 18:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Skype
2014-07-18 21:17 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 21:17 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 21:12 - 2014-03-15 19:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-18 20:57 - 2014-07-14 19:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 19:01 - 2014-07-17 18:28 - 00000000 ____D () C:\Users\Tammy\Desktop\ZUM SORTIEREN
2014-07-18 18:46 - 2014-03-15 17:15 - 00000000 ___RD () C:\Users\Tammy\Desktop\Tammy
2014-07-18 17:56 - 2014-07-18 17:56 - 03071973 _____ () C:\Users\Tammy\Desktop\Steve Smith - Is She Not Enough_ (Full).m4a
2014-07-18 17:21 - 2014-03-15 16:29 - 01754903 _____ () C:\Windows\WindowsUpdate.log
2014-07-18 17:16 - 2014-03-15 17:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-18 17:16 - 2014-03-15 16:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-18 17:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-18 17:16 - 2009-07-14 06:51 - 00091490 _____ () C:\Windows\setupact.log
2014-07-17 22:23 - 2014-06-28 15:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-17 18:10 - 2014-03-15 17:12 - 00000000 ____D () C:\Users\Tammy\Desktop\Songs~
2014-07-17 17:57 - 2014-07-17 17:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-17 17:56 - 2014-07-17 17:56 - 02347384 _____ (ESET) C:\Users\Tammy\Downloads\esetsmartinstaller_deu.exe
2014-07-17 17:28 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-17 17:28 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-17 17:28 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 16:43 - 2014-07-16 16:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6EA0172B.sys
2014-07-15 20:37 - 2014-06-15 22:30 - 00000000 ____D () C:\Users\User\Desktop\mama
2014-07-14 21:19 - 2014-07-14 21:19 - 00000000 ____D () C:\Users\Tammy\Downloads\FRST-OlderVersion
2014-07-14 21:19 - 2014-07-08 14:23 - 02086912 _____ (Farbar) C:\Users\Tammy\Downloads\FRST64.exe
2014-07-14 21:08 - 2014-07-14 21:08 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 21:07 - 2014-07-14 21:04 - 01016261 _____ (Thisisu) C:\Users\Tammy\Downloads\JRT.exe
2014-07-14 20:57 - 2014-03-15 17:42 - 00316532 _____ () C:\Windows\PFRO.log
2014-07-14 20:54 - 2014-07-14 20:51 - 00000000 ____D () C:\AdwCleaner
2014-07-14 20:54 - 2014-06-28 15:00 - 00001083 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-14 20:54 - 2014-03-15 20:18 - 00000995 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-14 20:54 - 2014-03-15 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 20:45 - 2014-07-14 20:45 - 01348263 _____ () C:\Users\Tammy\Downloads\adwcleaner_3.215.exe
2014-07-14 20:44 - 2014-07-14 20:44 - 00117163 _____ () C:\Users\Tammy\Desktop\mbam.txt.txt
2014-07-14 19:56 - 2014-07-14 19:56 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 19:56 - 2014-07-14 19:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 19:56 - 2014-07-14 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-13 20:22 - 2014-07-13 19:56 - 00000000 ____D () C:\Users\User\Desktop\dragana
2014-07-13 18:12 - 2014-07-13 18:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\NVIDIA
2014-07-12 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 22:29 - 2014-03-15 17:11 - 00000000 ____D () C:\Users\Tammy\Desktop\Desktop Bider -.-
2014-07-11 19:36 - 2014-07-11 19:36 - 00030165 _____ () C:\ComboFix.txt
2014-07-11 19:36 - 2014-07-11 19:02 - 00000000 ____D () C:\Qoobox
2014-07-11 19:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-11 19:33 - 2014-07-11 19:02 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 19:25 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-11 19:22 - 2009-07-14 04:34 - 77070336 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-11 19:22 - 2009-07-14 04:34 - 24117248 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-11 19:22 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-11 19:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-11 19:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-07-11 18:59 - 2014-07-11 18:58 - 05218473 ____R (Swearware) C:\Users\Tammy\Downloads\ComboFix.exe
2014-07-11 18:53 - 2014-07-11 18:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-11 18:53 - 2014-07-11 18:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tammy\Downloads\revosetup95.exe
2014-07-10 18:40 - 2014-07-10 18:39 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\HpUpdate
2014-07-10 17:54 - 2009-07-14 06:45 - 00436408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 17:50 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 17:31 - 2014-04-30 20:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 17:30 - 2009-10-14 07:12 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 16:13 - 2014-06-09 13:25 - 00020480 ____H () C:\Users\Tammy\Desktop\photothumb.db
2014-07-09 17:12 - 2014-03-15 19:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 17:12 - 2014-03-15 19:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 17:12 - 2014-03-15 19:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 17:09 - 2014-03-15 22:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 16:59 - 2014-06-09 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-08 17:07 - 2014-03-15 19:15 - 00111832 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 17:06 - 2014-07-08 17:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer
2014-07-08 15:07 - 2014-07-08 15:07 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-08 15:07 - 2014-07-08 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-08 15:07 - 2014-06-19 13:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-08 15:05 - 2014-07-08 15:05 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0 (1).exe
2014-07-08 15:03 - 2014-07-08 15:03 - 00284288 _____ (Mozilla) C:\Users\Tammy\Downloads\Firefox Setup Stub 30.0.exe
2014-07-08 14:43 - 2014-06-19 19:24 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-07-08 14:41 - 2014-03-15 20:22 - 00111832 _____ () C:\Users\Tammy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 14:31 - 2014-07-08 14:31 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\TeamViewer
2014-07-08 14:31 - 2014-07-08 14:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 14:30 - 2014-07-08 14:30 - 06263496 _____ (TeamViewer GmbH) C:\Users\Tammy\Downloads\TeamViewer_Setup_de-ckc(1).exe
2014-07-07 21:47 - 2014-03-15 17:25 - 00000000 ___RD () C:\Users\Tammy\Desktop\tumblr
2014-07-07 21:43 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-07 19:53 - 2014-07-04 15:24 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\IrfanView
2014-07-07 19:53 - 2014-07-04 15:24 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-05 10:50 - 2014-07-05 10:50 - 00286324 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-07-05 08:01 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-04 16:27 - 2014-07-04 16:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\IrfanView
2014-07-04 16:14 - 2014-07-04 16:14 - 00289428 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-07-04 16:14 - 2014-07-04 16:14 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-04 15:30 - 2014-07-04 15:28 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
2014-07-04 15:28 - 2014-07-04 15:28 - 06252036 _____ () C:\Users\Tammy\Downloads\paint.net.4.0.install.zip
2014-07-04 15:23 - 2014-07-04 15:23 - 02197648 _____ (Irfan Skiljan) C:\Users\Tammy\Downloads\iview438g_setup.exe
2014-07-03 18:11 - 2014-07-03 18:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\HP
2014-07-03 18:10 - 2014-07-03 18:10 - 00000000 ____D () C:\ProgramData\WEBREG
2014-07-03 18:10 - 2014-07-03 17:59 - 00192758 _____ () C:\Windows\hpoins51.dat
2014-07-03 18:10 - 2014-07-03 17:59 - 00000782 _____ () C:\ProgramData\hpzinstall.log
2014-07-03 18:09 - 2014-07-03 17:58 - 00000000 ____D () C:\ProgramData\HP
2014-07-03 18:09 - 2009-07-14 04:34 - 00000438 _____ () C:\Windows\win.ini
2014-07-03 18:06 - 2014-07-03 18:06 - 00001380 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2014-07-03 18:06 - 2014-07-03 18:06 - 00000000 ____D () C:\Program Files (x86)\MSN Toolbar
2014-07-03 18:06 - 2014-07-03 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-03 18:06 - 2014-07-03 18:00 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-03 18:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-03 18:04 - 2014-07-03 18:04 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2014-07-03 18:04 - 2014-07-03 18:04 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-07-03 16:52 - 2014-07-03 16:52 - 00094365 _____ () C:\Users\User\Documents\lkghöfg.xps
2014-07-03 16:50 - 2014-07-03 16:50 - 00672392 _____ () C:\Users\User\Documents\sfokjsd.xps
2014-07-03 16:47 - 2014-07-03 16:47 - 00094365 _____ () C:\Users\User\Documents\mario.xps
2014-07-02 19:36 - 2014-03-15 16:27 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-07-01 18:10 - 2014-06-28 15:11 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-01 18:10 - 2014-06-28 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-30 20:22 - 2014-06-29 15:43 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-06-29 20:18 - 2014-06-29 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Games
2014-06-29 15:43 - 2014-06-29 15:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2014
2014-06-28 19:58 - 2014-06-28 19:58 - 03656034 _____ () C:\Users\Tammy\Desktop\Masked Bitch by Levi Rivaille (Shoose's version).m4a
2014-06-28 17:05 - 2014-06-20 15:41 - 00000000 ____D () C:\Users\Tammy\Desktop\2c Spaken
2014-06-28 15:55 - 2014-06-20 20:22 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Winamp
2014-06-28 15:31 - 2014-06-28 15:11 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-28 15:14 - 2014-06-28 15:04 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Avg2014
2014-06-28 15:12 - 2014-06-28 15:12 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\AVG2014
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-06-28 15:11 - 2014-06-28 15:11 - 00000000 ____D () C:\$AVG
2014-06-28 15:11 - 2014-06-07 00:26 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\TuneUp Software
2014-06-28 15:04 - 2014-06-28 15:04 - 00000000 ____D () C:\Users\Tammy\AppData\Local\MFAData
2014-06-28 15:02 - 2014-06-28 15:01 - 155080296 _____ (AVG Technologies) C:\Users\Tammy\Downloads\avg_free_x86_all_2014_4714a7694.exe
2014-06-28 14:57 - 2014-06-28 14:57 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\dlg
2014-06-27 20:24 - 2014-03-15 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-06-27 15:05 - 2014-06-27 15:05 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-06-23 21:36 - 2014-03-15 17:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-06-22 16:53 - 2014-03-15 17:13 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 16:53 - 2014-03-15 17:13 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 22:14 - 2014-07-10 15:16 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-10 15:16 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 15:16 - 2014-06-20 15:16 - 01879784 _____ () C:\Users\Tammy\Desktop\JBB 2013 - Punch Arogunz (Qualifikation).m4a
2014-06-20 09:17 - 2014-06-01 20:08 - 00000000 ____D () C:\Users\User\Desktop\muzika
2014-06-19 19:24 - 2014-06-19 19:24 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-06-19 19:24 - 2014-06-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-06-19 19:24 - 2014-06-19 19:23 - 02143832 _____ () C:\Users\Tammy\Downloads\instsf449.exe
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Program Files\CPUID
2014-06-19 19:15 - 2014-06-19 19:15 - 01141408 _____ ( ) C:\Users\Tammy\Downloads\hwmonitor_1.25-setup.exe
2014-06-19 19:09 - 2014-06-13 20:51 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-06-19 03:39 - 2014-07-10 15:16 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-10 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-10 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-10 15:16 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-10 15:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-10 15:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-10 15:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-10 15:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-10 15:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-10 15:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-10 15:16 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-10 15:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-10 15:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-10 15:16 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-10 15:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-10 15:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-10 15:16 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-10 15:16 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-10 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-10 15:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-10 15:16 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-10 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-10 15:16 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-10 15:16 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-10 15:16 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-10 15:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-10 15:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-10 15:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-10 15:16 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-10 15:16 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-10 15:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-10 15:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-10 15:16 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-10 15:16 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-10 15:16 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-10 15:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-10 15:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-10 15:16 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-10 15:16 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-10 15:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-10 15:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-10 15:16 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-10 15:16 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-10 15:16 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-10 15:16 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-10 15:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-10 15:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-10 15:16 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-10 15:16 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-10 15:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-10 15:16 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-10 15:16 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-10 15:16 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-10 15:16 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-06-18 16:53 - 2014-06-18 16:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-06-18 04:18 - 2014-07-10 15:14 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-10 15:14 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-10 15:14 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Tammy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 11:32

==================== End Of Log ============================
         
--- --- ---



Die ganzen Werbungen sind weg! Es öffnen sich keine Werbe-Seiten mehr von selbst, alles super! Vielen vielen lieben Dank! (:

Eine Frage; Der Code für Eset is viel zu lang, darf ich denn einfach irgendow in der Mitte cutten und Zweiteilig senden?

Alt 19.07.2014, 21:30   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



klar darfst du das
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.07.2014, 11:40   #12
Kagami-Kun
 
Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



Ach verdammt. Ich wollte es hier grad einfügen, hatte es in Word gespeichert..Ich habs unabsichtlich gelöscht..ich mach das nochmal mit Eset. Tut mir leid :c

Alt 20.07.2014, 17:32   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.07.2014, 15:45   #14
Kagami-Kun
 
Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4410edc10f8aad4c8860f1e2d8ee3e48
# engine=19259
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-20 02:19:16
# local_time=2014-07-20 04:19:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 114215 92999940 0 0
# compatibility_mode_1='Kaspersky Anti-Virus'
# compatibility_mode=1293 16777213 100 100 13928 37340378 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3992670 157495806 0 0
# scanned=243273
# found=291
# cleaned=0
# scan_time=12727
sh=EF45D0610B9A2A125B94DECBC97442C2044DD54A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Lokaler Datenträger F\USER-PC\Backup Set 2013-03-09 152752\Backup Files 2013-03-09 152752\Backup files 1.zip"
sh=CAA56BB774697165C9C8097C40D531F7FFCD7803 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Lokaler Datenträger F\USER-PC\Backup Set 2013-03-09 152752\Backup Files 2013-03-09 152752\Backup files 11.zip"
sh=EE755B88C180E104B5683D8D9861C9F880F3EE60 ft=0 fh=0000000000000000 vn="Variante von Win32/BrowserCompanion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Lokaler Datenträger F\USER-PC\Backup Set 2013-03-09 152752\Backup Files 2013-03-09 152752\Backup files 13.zip"
sh=D8A06E8A8F3B6388F1006200873CCECC7ADD3FB6 ft=0 fh=0000000000000000 vn="Variante von Win32/BSDownloader evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Lokaler Datenträger F\USER-PC\Backup Set 2013-03-09 152752\Backup Files 2013-03-09 152752\Backup files 15.zip"
sh=0990369A9A3E7221DE18AF674E68658033CD4161 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Lokaler Datenträger F\USER-PC\Backup Set 2013-03-09 152752\Backup Files 2013-03-09 152752\Backup files 16.zip"
sh=0C438D37157ED07075EDF559E3DA7B9B84965B0A ft=0 fh=0000000000000000 vn="Win32/Toolbar.CrossRider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Lokaler Datenträger F\USER-PC\Backup Set 2013-03-09 152752\Backup Files 2013-03-09 152752\Backup files 17.zip"
sh=D4BB8D4DD6141E3F550D7D57B57CDC857161723B ft=0 fh=0000000000000000 vn="OSX/ChatZum.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Lokaler Datenträger F\USER-PC\Backup Set 2013-03-09 152752\Backup Files 2013-03-09 152752\Backup files 7.zip"
sh=80672D16C8A6869FAEEE408DBA5B7577BF6C7AC3 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Lokaler Datenträger F\USER-PC\Backup Set 2013-03-09 152752\Backup Files 2013-03-09 152752\Backup files 8.zip"
sh=ADC736D664408A8327B74B856C129EEEB38C070F ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Lokaler Datenträger F\USER-PC\Backup Set 2013-03-09 152752\Backup Files 2013-03-09 152752\Backup files 9.zip"
sh=77782215196D26229160AD302E5B450EA7912EAF ft=1 fh=4a3e7ec558055b28 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll"
sh=23EDEB631CEC8FDD1EA70B10D235B5B92AE91235 ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\witmain.js"
sh=F55E393C4D57D21B480A31DD489F67EDBDBABFC3 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js"
sh=D4290B72810DBCDDFE49B3A887C32B8210448F23 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\flavour.js"
sh=96782E610940265452A5866899E108A440602F61 ft=1 fh=e2b5f6e68841dc2b vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\mgHelperGC.dll"
sh=102237472CEAAC2888FF21F2564A25A5DACB306F ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\newtab.js"
sh=9B267C770C94DDC2618C0556335D312BFD244E1E ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\toolbar.js"
sh=35C96F72A5D6A44FCE7CE68DF1BCAF7B48350091 ft=1 fh=a22e4ae349e54c97 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DIO5C2D\pcspeedup_3.2.6[1].exe"
sh=00F0F12B957C93533A4F8BBDA4669206292BC27A ft=1 fh=0527cfeaa2c1dfde vn="Variante von Win32/DealPly.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JZG3BTC\dpupdated2[1].exe"
sh=22EA12E23878248FEBC79C3B7FD1FA8B91F03725 ft=1 fh=fe2b149769bf0004 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENQUAQN2\SearchGolTB[1].exe"
sh=D1937AEB8ADBC5C7EB69C1AEFEEA4DEC6A1A90B5 ft=1 fh=e6c02fe7d3021daa vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAKGRJBS\wajam_downloadB[1].exe"
sh=4ED6E8313BB5164C001B08FDED409AE8C72530C6 ft=1 fh=8a8b19828fde40b4 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTVXBGA3\statisticsstub[1].exe"
sh=3571F0FECC4226E53A1C4B595AA88CB82521C9C0 ft=0 fh=0000000000000000 vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.35.zip"
sh=460FAB593C52A20FF1C135BCB9045359E8D08DA4 ft=1 fh=7d490d691a4e705b vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe"
sh=A0FD1396ED2D7B79BDFB9AF24FD98AC701632E07 ft=1 fh=32cb4b5a2245d585 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe"
sh=B3E9B985A45EF896577466209FC1FDEDB066EB70 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk"
sh=570EB9952C88AF1EBF1B6E444948897310CCDC6B ft=1 fh=8dd053864897c267 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe"
sh=369F318CC3EA2F94D60F4B9C2EC76515D847E5F3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\0Extension.crx"
sh=9FB11754FD928683EBC090166FE3657ECB9C5017 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\1Extension.crx"
sh=ACE127BFAABF83C085FE3111F46B374C37676CB2 ft=1 fh=826081d6bc50159e vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\BrowserHelper.exe"
sh=08DC1F9CEF796E4DF7232E321BD51DC23A5F2408 ft=1 fh=cd05000cdf916b32 vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll"
sh=445EBA43B493191CB54E638A92FF5C4F105309BC ft=1 fh=cd642d3389171ecb vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\Smartbar.Resources.ProductsRemovalLibary.dll"
sh=E2CA9FD8D763CD3A0A5E7CAADAB4A720438B2A7A ft=1 fh=02aacdf87d9e7ecd vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll"
sh=793CEBA4611F4D01E75D7015F85C9CF7BAB667F2 ft=1 fh=7090fd408f4cf17d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\Smartbar.Resources.ShortcutsLibrary.dll"
sh=A011BC400665D52E3AA641EA76E73CC7A9A49FC0 ft=1 fh=8eb155e419ee26f3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\Smartbar.Resources.Translations.dll"
sh=4BC0F42F4A2040893479EDA04A71D2743E6F67DF ft=1 fh=a2032c384d8c136d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\Smartbar.Resources.UninstallScreen.dll"
sh=5BED6A3C4E4C26CBF517CA830BF86634AABC0B6D ft=1 fh=4b44fab4337351f7 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll"
sh=5BED6A3C4E4C26CBF517CA830BF86634AABC0B6D ft=1 fh=4b44fab4337351f7 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll"
sh=01E08B1F040A25086DC2C1C4C50E9AD4A164CBBE ft=1 fh=0ce31d75dd81f230 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll"
sh=01E08B1F040A25086DC2C1C4C50E9AD4A164CBBE ft=1 fh=0ce31d75dd81f230 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll"
sh=0DB7CDDBC723D62B07FA04C1B2BC3F2F0638F6A9 ft=1 fh=99433ad6718150fc vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe"
sh=01C36BDCDF09BF19ED11687A00C9FD39163F059A ft=1 fh=e1048f6d1e52b4fa vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll"
sh=2B3499A8F1FC142920B4191E1D864962996DAC0B ft=1 fh=f721f93480f759da vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll"
sh=3039100FBFC26218C636B92358E82C7EF5B2B832 ft=1 fh=01f699d0d73ec25b vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll"
sh=1E1D5990D01E3CDAFC6FE8C51D2938B1171B7AC9 ft=1 fh=2adf53df2602d414 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll"
sh=EAA328FDEDE741996E4EB761459CA57B6AF0797F ft=1 fh=1e17849dab906175 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll"
sh=E7A06A582218F5DD0E8DD0A6B30E8D993F45E335 ft=1 fh=c3a343ae1ba20fba vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_10.dll"
sh=3AC4106396ABF4412FA9FA434FCC816007511849 ft=1 fh=e7ff80b85aee9fe1 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_11.dll"
sh=ABAA231F5172D62DB83B8396640EDC3A96B99AAF ft=1 fh=a660ff4ebb92c017 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_12.dll"
sh=A3089A02827A38390D918C378ADA0318FA343F3A ft=1 fh=14594b9b2421fb24 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_13.dll"
sh=D25520431384F5ED3393D42D40EA847E4F49AF7A ft=1 fh=75a833ecf81f82d3 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_14.dll"
sh=2440B5594C82A9389F3010521E3C3D2A2F394E38 ft=1 fh=372c54954e0fab89 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_15.dll"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll"
sh=40C5876ECB2EB35A773CEF999F813F7CABCE6A4C ft=1 fh=69048a99a287becf vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll"
sh=96A3AFFD8915F6C217BCA5E6F5EC39016BC5FC2A ft=1 fh=90fcad47ab7713ea vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll"
sh=36CBEB7819233F5DA3FF9CAFF4E31115408E0B98 ft=1 fh=4681bb645ef0d686 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll"
sh=1D0D731A06FEACFC39F6137EC67C4027168A011C ft=1 fh=87ae3dd6f7edab9f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll"
sh=00F0F12B957C93533A4F8BBDA4669206292BC27A ft=1 fh=0527cfeaa2c1dfde vn="Variante von Win32/DealPly.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\airB5FB.exe"
sh=D1937AEB8ADBC5C7EB69C1AEFEEA4DEC6A1A90B5 ft=1 fh=e6c02fe7d3021daa vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\airE23A.exe"
sh=3BA752D7C6B4DF125DABAC10F4581B3CA0E4322A ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\blabbers-ff-le.xpi"
sh=B5B2BB3EF16C2F37259A29630070A78DA35AA235 ft=0 fh=0000000000000000 vn="OSX/ChatZum.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\chatzum.xpi"
sh=3F3F5C0C3609AAD62336F66589C1D40680FAEDCE ft=1 fh=022ea46c1b07fcd3 vn="OSX/ChatZum.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\chatzum_aff10_s.exe"
sh=EA9C0CD88DFA663B4621722AD187E3F50B19508E ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\che49CD.tmp"
sh=3CA1D6BDC1C2F227E12612236F469FC1A387A4CD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\che82BE.tmp"
sh=D197604CD23C448FA25FC1696220E1557DA0C286 ft=1 fh=6f40c7784a68560f vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\datamngrUI.exe.8395505"
sh=AF2055716C3479465178FDA2BCE2A384D9C3D900 ft=1 fh=2c3e41334e99ecd2 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\ezLooker-S-Setup_Suite1.exe"
sh=63F67E84D2A1B71B00D8CDF3471E3A04FEFDE19D ft=1 fh=315a83e2b9f2c9ed vn="Win32/BrowserCompanion evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\g377_sf_de.exe"
sh=45EBE0FDE5DFE2D3680BB9EC4ACA875DE0F392EA ft=1 fh=c71c0011eeab8e7c vn="Win32/bProtector.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\install_helper.exe"
sh=ED0FFF33D2DA9A36F99C67DB4BDF3C142E2F79DF ft=0 fh=0000000000000000 vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\mgsqlite3.7z"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\mgsqlite3.dll"
sh=5EECAE4A2A56FBB439B24211F06C15339E09DED6 ft=1 fh=e61a0de357142c54 vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\MyBabylonTB(1).exe"
sh=5EECAE4A2A56FBB439B24211F06C15339E09DED6 ft=1 fh=e61a0de357142c54 vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\MyBabylonTB(2).exe"
sh=5EECAE4A2A56FBB439B24211F06C15339E09DED6 ft=1 fh=e61a0de357142c54 vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\MyBabylonTB.exe"
sh=FAA2CADDA8ECE2AD015CFF40EC0BF927FF0164FE ft=1 fh=ca91636c12e1e6ed vn="Variante von Win32/SweetIM.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\Shortcut_SweetImSetup.exe"
sh=D421183ABD3A0A203003C7E84DA5CFB71AF7E2B7 ft=1 fh=f8eb5f349708f3fe vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\simbo.exe"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\tbDVDV.dll"
sh=8A4DC5DC5983B9CEDEB6694B96165D1AABFED073 ft=1 fh=e1192ff437c2e42a vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\Yontoo-C2(1).exe"
sh=8A4DC5DC5983B9CEDEB6694B96165D1AABFED073 ft=1 fh=e1192ff437c2e42a vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\Yontoo-C2.exe"
sh=9588275FF7803065136FC9EAF31BDFC74C97A5E3 ft=1 fh=17c2405dd0893139 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\YontooSetup-S.exe"
sh=67F405E93A8EDC01849B407789DC871C31723607 ft=1 fh=45e1c19d2fbdf616 vn="Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\apcrtldr.dll"
sh=8D517049FE3E20B2AF9020FF742975030AF22CD6 ft=0 fh=0000000000000000 vn="JS/Bandoo.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\chromeExtension.crx"
sh=A64CDEAE45F09978895AF4D3B3F69A39AA1860C4 ft=1 fh=6c3989e827d1eecc vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\Datamngr.dll"
sh=0347608A386E2D70B68AE25442823AA49A1F5A8A ft=1 fh=b074414bcddb96c8 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\DatamngrCoordinator.exe"
sh=A411CAA36439F67BA1F2C756D99241B7C411AB1E ft=1 fh=048cb43789b06a07 vn="Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\Helper.dll"
sh=6C5A07A38B0BC5F34354731AC86AA2B20E414817 ft=1 fh=7d80d6f1ff1e297f vn="Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\IEBHO.dll"
sh=DACAFB297CB464F407AC95C757923715321FEE1B ft=1 fh=76f66f9cd5b65639 vn="Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\mgrldr.dll"
sh=BFDC3839ACE19D582651CBDBCA401D85ACB87CEE ft=1 fh=c71c0011ea55d4ef vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\SRTOOL~1\dtUser.exe"
sh=E02E52D8D6D4809A43A0747AD2D43EA571EFAF81 ft=1 fh=28dc55d634c41655 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\SRTOOL~1\searchresultsDx.dl"
sh=7223962B03D4EFEBB2183F1AD27EF47048F0B796 ft=1 fh=4e6c4908f37e801e vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\SRTOOL~1\searchresultstb.dl"
sh=A6694B8088994D12583E7890875925EB897E093C ft=1 fh=b308471e1aa678f4 vn="Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\x64\apcrtldr.dll"
sh=9B8E7705E876969A38B7FAFCBCD8A15F08055A77 ft=1 fh=8339561d4e7c1611 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\x64\Datamngr.dll"
sh=467EB37523F48C8A5C146D5A9597828DA8158EB7 ft=1 fh=8888458793558d18 vn="Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\x64\IEBHO.dll"
sh=75B3BF7E6A070DB3E17FC29D6B13CA0997398F27 ft=1 fh=46bb0cac2a2fd63c vn="Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\.8395505\x64\mgrldr.dll"
sh=035EF1A19AFC0D423C85505DB17D2859FAC2250F ft=1 fh=b94a471135a3d38b vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\5418708A-BAB0-7891-B594-531381ECB106\Latest\BabMaint.exe"
sh=DED201AE02FB9EA3646489AFEDA49270C4620D9C ft=1 fh=c71c001196f8c3ac vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\5418708A-BAB0-7891-B594-531381ECB106\Latest\BExternal.dll"
sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\5418708A-BAB0-7891-B594-531381ECB106\Latest\BUSolution.dll"
sh=1466BC1893B6D4B277A177CD2C7D1BEF65F6AAEB ft=1 fh=407239d3cdeb51cc vn="Win32/Toolbar.Babylon.U evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\5418708A-BAB0-7891-B594-531381ECB106\Latest\CrxInstaller.dum"
sh=C179EC7FD95F96DE417DF6954395F005930420A5 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\5418708A-BAB0-7891-B594-531381ECB106\Latest\Delta.crx"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\5418708A-BAB0-7891-B594-531381ECB106\Latest\IEHelper.dll"
sh=0A4A79A31B8AE0F61D3A8C8A56CAC1F7767539B9 ft=1 fh=08c120e98e5f840b vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\5418708A-BAB0-7891-B594-531381ECB106\Latest\MyBabylonTB.exe"
sh=935F58155F74B051F9123B6022B7D358B52B146F ft=1 fh=4132c7bb6eed2e50 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\5418708A-BAB0-7891-B594-531381ECB106\Latest\Setup.exe"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\62F314D3-BAB0-7891-9EFA-A42ECFF4195A\Latest\BabMaint.exe"
sh=DED201AE02FB9EA3646489AFEDA49270C4620D9C ft=1 fh=c71c001196f8c3ac vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\62F314D3-BAB0-7891-9EFA-A42ECFF4195A\Latest\BExternal.dll"
sh=1466BC1893B6D4B277A177CD2C7D1BEF65F6AAEB ft=1 fh=407239d3cdeb51cc vn="Win32/Toolbar.Babylon.U evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\62F314D3-BAB0-7891-9EFA-A42ECFF4195A\Latest\CrxInstaller.dll"
sh=1C32DE0B70FA16C936FDB283E9C59F52F2AA26AD ft=1 fh=c71c0011cc4fdd54 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\62F314D3-BAB0-7891-9EFA-A42ECFF4195A\Latest\enhancedNT.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\62F314D3-BAB0-7891-9EFA-A42ECFF4195A\Latest\IEHelper.dll"
sh=964116A6BE5925057953284D9CFBD8E0CD15A962 ft=1 fh=c71c00112ecb5df5 vn="Win32/Toolbar.Babylon.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\62F314D3-BAB0-7891-9EFA-A42ECFF4195A\Latest\MntrDLLInstall.dll"
sh=3BACAF51EA4D7573C9D6DB40BD1C982BF2765FD8 ft=1 fh=c71c00119f3875ad vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\62F314D3-BAB0-7891-9EFA-A42ECFF4195A\Latest\Setup.exe"
sh=82CBA5A22C663EF6AB4265B5277C6568C06C5CC7 ft=1 fh=c71c0011cb509e52 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\7ED91435-BAB0-7891-A629-C7B60B40ABAB\BExternal.dll"
sh=ACA968F5B84DEA1791FED5FA624C52A421B128E0 ft=1 fh=a2f09fc0c048064d vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\7ED91435-BAB0-7891-A629-C7B60B40ABAB\IECookieLow.dll"
sh=351AAC3A6A5F4079D5D1DF602477874F15DA998A ft=1 fh=519ec74de0091ba2 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\7ED91435-BAB0-7891-A629-C7B60B40ABAB\Setup.exe"
sh=C60345A525F9ECE867A2D918E498132048637929 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\7ED91435-BAB0-7891-A629-C7B60B40ABAB\Latest\BabylonObjectInstaller.msi"
sh=ED347470A707ABFAE734D580C28AE08F47342C03 ft=1 fh=c71c00119ba364ce vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\7ED91435-BAB0-7891-A629-C7B60B40ABAB\Latest\BExternal.dll"
sh=ACA968F5B84DEA1791FED5FA624C52A421B128E0 ft=1 fh=a2f09fc0c048064d vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\7ED91435-BAB0-7891-A629-C7B60B40ABAB\Latest\IECookieLow.dll"
sh=1296CC646637D9A06A5A62159188CFE00686751D ft=1 fh=049a1a8fedddfebb vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\7ED91435-BAB0-7891-A629-C7B60B40ABAB\Latest\IEHelper.dll"
sh=CB32EB27A195FD774A8D357000AAACB9099284D7 ft=1 fh=bcc07331dcab9981 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\7ED91435-BAB0-7891-A629-C7B60B40ABAB\Latest\Setup.exe"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus2BE\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus367C\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus36C8\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus4F01\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus6666\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus73E7\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7500\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus752F\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus758C\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus75CB\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7628\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7657\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus76C4\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus76C5\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus76E3\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7731\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus779F\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus77FC\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus780C\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus783B\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7925\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus79B1\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus79B2\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus79FF\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7A2E\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7A4D\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7AAB\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7B08\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7B37\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7C9E\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7CDC\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7CEC\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7DE5\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus7FC9\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8055\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8065\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus80B3\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8111\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus81CC\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus81EB\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8249\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8277\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8342\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus83AF\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus846B\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8499\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus84B9\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus84D8\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus85A3\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8620\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8758\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8786\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus87C5\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus8C47\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\bus974F\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\busB338\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\busBE2\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\busBF3C\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\busC477\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\busCB13\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\busD00A\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\busE13\enhancedNT.dll"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\busECF5\enhancedNT.dll"
sh=59322E934F7FCF5C2508D7722B5B7F656116C2DC ft=1 fh=9709d03929ece6e0 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\ct2269050\ffLogic.exe"
sh=CF00EBFB4D1BE91C5373F3009D528210E8BF3E1C ft=1 fh=f4b27fcb0e648a40 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\ct2269050\ieLogic.exe"
sh=5A0B2E3D7EA5AAACCC7AA2A579373021204BEDA1 ft=1 fh=572549f60b65a80d vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\ct2269050\statisticsStub.exe"
sh=1D1CAEBD90ABD53555A4EE248088E8C57FB0ACD1 ft=1 fh=d85698c116f3f7d7 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\ct3227983\ffLogic.exe"
sh=4ED6E8313BB5164C001B08FDED409AE8C72530C6 ft=1 fh=8a8b19828fde40b4 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\ct3227983\statisticsStub.exe"
sh=4BD1981BC6680B80697FECA143C8979A2A2CC336 ft=1 fh=b2dbe3fe8a6f36cd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\ct3244149\ffLogic.exe"
sh=4ED6E8313BB5164C001B08FDED409AE8C72530C6 ft=1 fh=8a8b19828fde40b4 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\ct3244149\statisticsStub.exe"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\E52C7B43-BAB0-7891-8536-496A0A826E97\Latest\BabMaint.exe"
sh=DED201AE02FB9EA3646489AFEDA49270C4620D9C ft=1 fh=c71c001196f8c3ac vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\E52C7B43-BAB0-7891-8536-496A0A826E97\Latest\BExternal.dll"
sh=1466BC1893B6D4B277A177CD2C7D1BEF65F6AAEB ft=1 fh=407239d3cdeb51cc vn="Win32/Toolbar.Babylon.U evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\E52C7B43-BAB0-7891-8536-496A0A826E97\Latest\CrxInstaller.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\E52C7B43-BAB0-7891-8536-496A0A826E97\Latest\IEHelper.dll"
sh=25EA5C7F4A48D166A2006CA37B936ECA340F58ED ft=1 fh=c71c0011e4611a52 vn="Win32/Toolbar.Babylon.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\E52C7B43-BAB0-7891-8536-496A0A826E97\Latest\MntrDLLInstall.dll"
sh=63B9ACAA33978D6BA181B45C51DABE9FF76B50AA ft=1 fh=75ac944de1f3f413 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\E52C7B43-BAB0-7891-8536-496A0A826E97\Latest\Setup.exe"
sh=351AAC3A6A5F4079D5D1DF602477874F15DA998A ft=1 fh=519ec74de0091ba2 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\F50E2B66-BAB0-7891-B6C8-7EF5E795B22B\Setup.exe"
sh=ACA968F5B84DEA1791FED5FA624C52A421B128E0 ft=1 fh=a2f09fc0c048064d vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\F50E2B66-BAB0-7891-B6C8-7EF5E795B22B\Latest\IECookieLow.dll"
sh=DE9869806B971E5B4770E3F1680DFF7A3FD902C3 ft=1 fh=601c77d4161c3318 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\F50E2B66-BAB0-7891-B6C8-7EF5E795B22B\Latest\IEHelper.dll"
sh=71252EE3B3C0BC079D35EA6A6CEDC9DA37AF2A88 ft=1 fh=7afcd91426c27a54 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\F50E2B66-BAB0-7891-B6C8-7EF5E795B22B\Latest\MyBabylonTB.exe"
sh=5EE25580D80E6E387576FAC8437DBD385A2313EF ft=1 fh=a6a73d7faa8d40bf vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\F50E2B66-BAB0-7891-B6C8-7EF5E795B22B\Latest\Setup.exe"
sh=C2D03B5ECA61D4162E72AEDB4DE06ADF32C29167 ft=1 fh=872ffd8282d31593 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\ibtmpf564504\component_514.decrpt"
sh=D99FA9347B3E05EC6A36156323A5D53BE8F9F14F ft=1 fh=e9a3de554c15b3cd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\iNTERNET Turbo\conduitinstaller.exe"
sh=711D368DBFB68409C13E6ED447B5720AB444C2F9 ft=1 fh=49c3b4fd48feaaf1 vn="Variante von Win32/Toolbar.CrossRider.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\is87173921\IWantThis_IC_V3_ROW.exe"
sh=EB6AA6E142A33CEE2C2B47C3C201BDF6B28FA846 ft=1 fh=fc79af95b58d1e11 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\is87173921\MyBabylonTB.exe"
sh=0415C3339461F2950ADC445D04813DFF5E5A8133 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\Smartbar\LinkuryInstaller.msi"
sh=EA7B5B7C50F12076831302762947B75E0CC4D44F ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\YontooLayers\yl.js"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}\mgSqlite3.dll"
sh=A72DF8AB5727485D98B6520A2587285AFD0B728A ft=1 fh=154beeaa6fbb0958 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Local\Temp\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}\VistaCookiesCollector.exe"
sh=A24B9FB4F38473ECAC32B472CCE9B3491B81726C ft=1 fh=c71c0011b420df55 vn="Variante von Win32/BrowserCompanion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\BabSolution\Shared\BabMaint.exe"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\BabSolution\Shared\EnhancedNT.dll"
sh=404CCDD0C1EAD3AC4E636BB0CACF6A5B0558EDDD ft=1 fh=50f7a819ca7f850c vn="Variante von Win32/BrowserCompanion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\BrowserCompanion\tcbhn.exe"
sh=2D6B1EC0EFA47C992C32AD9CECFB0EC4543ACA0A ft=1 fh=7076499debea4e9c vn="Variante von Win32/DealPly.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe"
sh=F66F477B53B39DF2C2C561D4AF1C7C8F87C89046 ft=1 fh=d0f38e5e390c9502 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\dhfaynr4.default\extensions\ffxtlbr@delta.com\uninstall.exe"
sh=9CA4774891E9538150DBC295BC303D11173CE7FB ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\dhfaynr4.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}\chrome\content\dealplyshopping.xul"
sh=5FAFDC5C2F7BB903DE8A7BBBDB20D518949721B8 ft=1 fh=fb35a249052591d3 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe"
sh=176ADA30E0A869BA40FC6474C28A4B7D6F755E49 ft=1 fh=0e7592f605e8dd91 vn="Win32/Amonetize evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\OpenCandy\07A87980D94A40C9B7DD3FDF1DA0A213\setup_759.exe"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\OpenCandy\27FE09DCAF174B59B8ABB63889C7D278\DeltaTB.exe"
sh=22EA12E23878248FEBC79C3B7FD1FA8B91F03725 ft=1 fh=fe2b149769bf0004 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\OpenCandy\E4D683268FA24C43A60C33341CEDFA3D\SearchGolTB.exe"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\OpenCandy\FF1BDDC070334D468A1D123453FD016E\DeltaTB.exe"
sh=45EBE0FDE5DFE2D3680BB9EC4ACA875DE0F392EA ft=1 fh=c71c0011eeab8e7c vn="Win32/bProtector.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\AppData\Roaming\SpeedTestAnalysis\install_helper.exe"
sh=35C96F72A5D6A44FCE7CE68DF1BCAF7B48350091 ft=1 fh=a22e4ae349e54c97 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\Documents\PCSU_Update.exe"
sh=C24089D407E6280B79BEC86532E9DE0118E4DE71 ft=1 fh=c71c0011cedfdcb5 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\Tammy\Local Settings\Application Data\Bundled software uninstaller\biclient.exe"
sh=E8DED0A406425301A74C6BCDE4B71E0F1A3E3214 ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\witmain.js"
sh=BB01ED8E580FEAC55B8A3F6568A27D3EE8ECA32C ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.573_0\main.js"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.573_0\resources\localscript.js"
sh=F55E393C4D57D21B480A31DD489F67EDBDBABFC3 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js"
sh=D4290B72810DBCDDFE49B3A887C32B8210448F23 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\flavour.js"
sh=102237472CEAAC2888FF21F2564A25A5DACB306F ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\newtab.js"
sh=9B267C770C94DDC2618C0556335D312BFD244E1E ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\toolbar.js"
sh=42C28E041EA5F8B06D4857E8E6FCA75ABD4BCF2F ft=1 fh=b55fe72874790c5f vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DXXMQOE\tbedrs[1].dll"
sh=41CDE566540E31CF556FFC948255F45D4A94EAF8 ft=1 fh=3fb8233a96c1e513 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K11C7D2O\tbedrs[1].dll"
sh=B8458F55612A39B66CB7511B83DF77158A6DC6B5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W406FRNA\GenericSS[1].zip"
sh=7812DFAFF64BAD239859813C5654B9ED16466339 ft=1 fh=148431a8262f735d vn="Win32/Conduit.SearchProtect.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W406FRNA\spstub[1].exe"
sh=AFFE6E9713E9A978FB02DDE2DC7B140AE7D49EEC ft=1 fh=ddacea57b1eca302 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Temp\HBZdIkNr.exe.part"
sh=A3E1C3254E599505A71C7842AF34C87496B94827 ft=1 fh=beba3bd1b6161ebb vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Temp\is8XRj+L.exe.part"
sh=AFFE6E9713E9A978FB02DDE2DC7B140AE7D49EEC ft=1 fh=ddacea57b1eca302 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Temp\PnISbMt2.exe.part"
sh=D421183ABD3A0A203003C7E84DA5CFB71AF7E2B7 ft=1 fh=f8eb5f349708f3fe vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Temp\simbo.exe"
sh=A3E1C3254E599505A71C7842AF34C87496B94827 ft=1 fh=beba3bd1b6161ebb vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\Local\Temp\ZAs__1xR.exe.part"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVDV.dll"
sh=41CDE566540E31CF556FFC948255F45D4A94EAF8 ft=1 fh=3fb8233a96c1e513 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll"
sh=A3E1C3254E599505A71C7842AF34C87496B94827 ft=1 fh=beba3bd1b6161ebb vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\Downloads\iLividSetup-r390-n-bf.exe"
sh=B5406ABAF22C04B346B765B70CCBE96EBD92BA32 ft=1 fh=726dbab417421b85 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Daten alt\Daten Stojanovic\Users\User\Downloads\iLividSetup.exe"
sh=0C608E4A45B18C1A125192DE84998D83F5D2D423 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 10.zip"
sh=69B5551CF48555F51E020BACD729ACAD8EEEEDD5 ft=0 fh=0000000000000000 vn="Variante von Win32/BSDownloader evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 104.zip"
sh=FAC424D57F0A05852B2C067C91A304E6330B2DDA ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 14.zip"
sh=05C61612267F375A3925F3B53F0AE03A97CD564E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 15.zip"
sh=1F9BA27DBC1EF58CB4B377978912C0C263965B58 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 16.zip"
sh=A2A5BE4F514835D04224A28EEAA6EA686A6AE1D8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 25.zip"
sh=949B7178D89D1D20AD59C6082EC1094B863C04D8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 26.zip"
sh=F3914F12487270452432119881332F3458F5060E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 28.zip"
sh=4DB9B20D21D6588CC5FE93DC62D469EF45FF9A8C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 3.zip"
sh=49FD76615A0C15B1526E5141D5AB9698588C9068 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 4.zip"
sh=FEE8766F218579034355773A285DA1053E6FF4BD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 46.zip"
sh=3755FFBA28BD3E23BA297523DBD4BAA4B905F914 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 5.zip"
sh=A24D3F6BD7B518A24CFADD3723FD1463ACAA7AEC ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 58.zip"
sh=2B46CB34B7DDBA5648C7AAA653F9F738A9489EEC ft=0 fh=0000000000000000 vn="Variante von Win32/AirAdInstaller.A evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 6.zip"
sh=F108E41FB70C3AB32F3F442AFF973F2F5891B5CE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 7.zip"
sh=4C1E558BE669FB7639BA949FD0E83BBBF23C872D ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 8.zip"
sh=7FACFF5BB62657D1CBE016816743645EC0726596 ft=0 fh=0000000000000000 vn="Variante von Win32/BrowserCompanion.A evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 82.zip"
sh=9AE8DC80831DB5C56DF1E7949720FBD33CED499D ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 175007\Backup files 9.zip"
sh=AC47942403E51F31976CDDF7294CBB94A7DDA337 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 182218\Backup files 12.zip"
sh=4462EEF103FEE8A2A30E72624B4638A6F6BC7D4B ft=0 fh=0000000000000000 vn="OSX/ChatZum.C evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 182218\Backup files 143.zip"
sh=D52F6B9D54076ED253EEBE298AFEA38838E8135F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 182218\Backup files 155.zip"
sh=A6E54BB398C691D7468683AB9401F7BFAB63343A ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 182218\Backup files 166.zip"
sh=EDB13682C74EE801E328126A921DA60AB9737368 ft=0 fh=0000000000000000 vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 182218\Backup files 178.zip"
sh=70B46F7C8E916CE57C31219F1BE60135217BB26E ft=0 fh=0000000000000000 vn="Win32/Toolbar.CrossRider.C evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 182218\Backup files 23.zip"
sh=2E96977743FEFF88C74BD53C26495DB39216E078 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-15 182218\Backup files 349.zip"
sh=F4870FA8B31E27881F63A218433A2075581CA94B ft=0 fh=0000000000000000 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 10.zip"
sh=23B0FB17E6CD9BFA33E94804427FDAE4AAC279DD ft=0 fh=0000000000000000 vn="Variante von Win32/BSDownloader evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 107.zip"
sh=53BF657EEEE4000D2C304E9BDA059C217AC1DCA9 ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 11.zip"
sh=9E1C5CF5BAB3A22460AEFC2246AB66D19DA504D4 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 118.zip"
sh=E465D64A95D13ED791578CB35E82868CF48D03EF ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 12.zip"
sh=17B1F064FA04CD0BFE7E30EC145AB9BF34B9F80A ft=0 fh=0000000000000000 vn="Win32/Toolbar.CrossRider.C evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 129.zip"
sh=14E070647AB516E98F313D2CB8C5023FBA2F1B68 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.L evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 13.zip"
sh=11AA72A6A5655FE904FF53193EE8282555C6C92E ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 22.zip"
sh=966166AD6EC9EBA86686D1961C978D6014458126 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 23.zip"
sh=969EB77731F560CA285795B3B4E2DFC4D4402F6B ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 24.zip"
sh=9C6A086119A55CEF91E5493B974748032F22B77A ft=0 fh=0000000000000000 vn="OSX/ChatZum.C evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 249.zip"
sh=42FEB21AB8ACE89CA6E652A55B94091504B44C35 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 261.zip"
sh=49C322CEAA9AAE088B0E70CA3400BEDBB6D39867 ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 272.zip"
sh=409AC7D3A8526FDA82FD2E2763B30C65872F8D29 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 28.zip"
sh=AB07A180268AF99EFBEDD0FFD498DC8311433620 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 4.zip"
sh=CCE34E002204B5B49BECF52C0EF8868054D3787E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 49.zip"
sh=6DA91AEACAE73555D2C2EF573115186A551152C8 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 5.zip"
sh=F86D19E60A4A163132ECC9A16F3D85608AFEA041 ft=0 fh=0000000000000000 vn="Win32/bProtector.H evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 6.zip"
sh=D4E24D959711931B8081F7776EF00FCBE29BB4E5 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 61.zip"
sh=19FB3662AD8F6DA4C34CCD1CCBE88B030BE2F81F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 7.zip"
sh=17379FCC9E9507727DC741C9DCBD77A5AF1F007E ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 8.zip"
sh=9B70DAA24C1C284EE2A7FD2A16BBA76DE1ADF1A9 ft=0 fh=0000000000000000 vn="Variante von Win32/BrowserCompanion.A evtl. unerwünschte Anwendung" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 85.zip"
sh=98E48D9E22529C129ECF7E20595F164B60238A48 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\ADMIN\Backup Set 2014-03-15 175007\Backup Files 2014-03-16 190001\Backup files 9.zip"
         

Alt 22.07.2014, 10:47   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Standard

Ständige Werbepopups - Vermutlich Trojaner eingefangen?



Backup auf D und den Ordner alte Daten auf dem Desktop kannste löschen, nur Müll drin.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1404480652&from=slbnew&uid=ST500DM002-1BD142_S2AQK75DXXXXS2AQK75D&q={searchTerms}
CHR DefaultNewTabURL:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Ständige Werbepopups - Vermutlich Trojaner eingefangen?
osx/chatzum.c, pup.optional.crossrider.a, pup.optional.dealply.a, pup.optional.faststart.a, pup.optional.globalupdate.a, pup.optional.globalupdate.t, pup.optional.opencandy, pup.optional.plushd.a, pup.optional.pricemeter.a, pup.optional.qone8, pup.optional.searchprotect.a, pup.optional.smartbar, pup.optional.snapdo, pup.optional.snapdo.a, pup.optional.snapdo.t, pup.optional.softonic.a, pup.optional.superfish.a, pup.optional.trovi.a, pup.optional.websearch.a, pup.optional.webssearches.a, pup.optional.wedownload.a, super, win32/browsercompanion.a, win32/speedchecker.a, win32/toolbar.crossrider.c, win32/toolbar.linkury



Ähnliche Themen: Ständige Werbepopups - Vermutlich Trojaner eingefangen?


  1. Windows 8: Ständige Werbepopups
    Log-Analyse und Auswertung - 19.11.2015 (3)
  2. vermutlich Trojaner über Facebook eingefangen - was tun?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (3)
  3. Malware eingefangen - zig Werbepopups & zusätzliche Fenster öffnen sich - ADS Power by Name
    Plagegeister aller Art und deren Bekämpfung - 24.04.2015 (31)
  4. Vermutlich wieder etwas eingefangen
    Plagegeister aller Art und deren Bekämpfung - 23.02.2015 (21)
  5. Vermutlich Trojaner (Remote Control) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 28.10.2014 (16)
  6. Vermutlich Trojaner Click Compare eingefangen ?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2014 (74)
  7. Vermutlich fbDownloader eingefangen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (11)
  8. Vermutlich Verschlüsselungstrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (5)
  9. ständige werbepopups bei Firefox
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (2)
  10. Schadsoftware eingefangen (Vermutlich noch nicht erkannt)
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (3)
  11. Vermutlich Keylogger durch Sch...tool eingefangen
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  12. Vermutlich Trojaner oder Keylogger eingefangen
    Plagegeister aller Art und deren Bekämpfung - 15.10.2011 (12)
  13. Vermutlich DNS-Changer eingefangen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2010 (14)
  14. Hab ich mir wiedermal was eingefangen?! - Ständige PC-Abstürze
    Log-Analyse und Auswertung - 05.05.2009 (4)
  15. Ständige Werbepopups ohne das der Browser offen ist?!
    Plagegeister aller Art und deren Bekämpfung - 16.01.2009 (44)
  16. Bitte um Hilfe - vermutlich Trojaner eingefangen
    Log-Analyse und Auswertung - 18.09.2008 (3)
  17. habe vermutlich einen Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 17.04.2006 (6)

Zum Thema Ständige Werbepopups - Vermutlich Trojaner eingefangen? - Also wie soll ich anfangen.. Spielt sich eigentlich nur in Firefox ab. Sei ungefähr 3 Wochen öffnen sich bei jedem zweiten Klick Werbeseiten. Andere Seiten wie zb. Youtube sind voll - Ständige Werbepopups - Vermutlich Trojaner eingefangen?...
Archiv
Du betrachtest: Ständige Werbepopups - Vermutlich Trojaner eingefangen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.