| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: nur Verknüpfungen auf externer Festplatte und SD-KarteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.10.2013, 10:18
| #1 |
 |  nur Verknüpfungen auf externer Festplatte und SD-Karte Liebes Trojaner-Board, seit etwa einem Monat zeigt meine externe Festplatte nur noch Verknüpfungen an, allein neu gespeicherte Daten kann ich öffnen. Dasselbe bei meiner Sd-Karte. Zusätzlich werden die Ordner Recycled (SD) und Thumbs, $RECYCLE.bin, .designerthumb (Festplatte) angezeigt. Bei einigen PC, an die ich die Festplatte angeschlossen hatte, kam eine Warnung bzgl. eines Trojaners. Kann ich meine Daten noch irgendwie retten? Grüße TLau |
|
23.10.2013, 11:36
| #2 |
| /// the machine /// TB-Ausbilder    | nur Verknüpfungen auf externer Festplatte und SD-Karte hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
23.10.2013, 16:58
| #3 |
| | nur Verknüpfungen auf externer Festplatte und SD-Karte Das aus FRST:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2013
Ran by Tani (administrator) on TANI-VAIO on 23-10-2013 17:53:40
Running from C:\Users\Tani\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(COMPANYVERS_NAME) C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Sony Corporation) c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btmsrvview.exe
(Whilokii) C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
(Spotify Ltd) C:\Users\Tani\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(MindAd) C:\Users\Tani\Downloads\setup.exe
(@ ) C:\Users\Tani\AppData\Local\Temp\DownloadManager.exe
() C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Intel AT Service signup] - c:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe [382976 2012-02-15] (Intel Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] - C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe [42536 2013-03-07] (MindSpark)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260928 2012-03-13] (NVIDIA Corporation)
Startup: C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C05FC48508942C04&affID=121564&tt=230713_18220&tsp=4954
SearchScopes: HKCU - {8EAD5713-1176-441B-854A-0A9AFD637938} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511
BHO: CS Browser Assistant - {11111111-1111-1111-1111-110411181196} - C:\Program Files (x86)\CS Browser Assistant\CS Browser Assistant-bho64.dll No File
BHO: ElectroLyrics-16 - {11111111-1111-1111-1111-110411411152} - C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-bho64.dll No File
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Updater By Sweetpacks - {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension64.dll No File
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\WhilokiiBHO.dll (Whilokii)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default
FF user.js: detected! => C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\user.js
FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=C05FC48508942C04&affID=121564&tt=230713_18220&tsp=4954
FF SearchEngineOrder.1: Delta Search
FF Homepage: google.de
FF Keyword.URL: hxxp://mysearch.sweetpacks.com/?src=2&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com
FF Extension: FromDocToPDF - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\65ffxtbr@FromDocToPDF_65.com
FF Extension: No Name - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com
FF Extension: Delta Toolbar - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\ffxtlbr@delta.com
FF Extension: Whilokii - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\firefox@whilokii.net
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF Extension: BonanzaDeals - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
FF Extension: firefox - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\firefox@whilokii.net.xpi
FF Extension: No Name - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (CS Browser Assistant) - C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0
CHR Extension: (ElectroLyrics-16) - C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0
CHR HKLM-x32\...\Chrome\Extension: [nibgmhfiionbhpeidijmiildfjnbbkic] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc)
R2 FromDocToPDF_65Service; C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe [42504 2013-03-07] (COMPANYVERS_NAME)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2401632 2012-11-29] (TuneUp Software)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304 2013-10-05] (Whilokii)
R2 Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [65304 2013-10-23] (Whilokii)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2012-02-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-23 17:53 - 2013-10-23 17:53 - 01955374 _____ (Farbar) C:\Users\Tani\Downloads\FRST64.exe
2013-10-23 17:53 - 2013-10-23 17:53 - 00000000 ____D C:\FRST
2013-10-23 17:52 - 2013-10-23 17:52 - 01088127 _____ (Farbar) C:\Users\Tani\Downloads\FRST.exe
2013-10-23 11:15 - 2013-10-23 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-23 11:11 - 2013-10-23 11:11 - 00001461 _____ C:\Users\Tani\Desktop\Continue Music Remote.lnk
2013-10-23 11:10 - 2013-10-23 11:10 - 00614520 _____ (MindAd) C:\Users\Tani\Downloads\setup.exe
2013-10-22 13:18 - 2013-10-22 13:18 - 00000000 _____ C:\Windows\SysWOW64\shoB3D7.tmp
2013-10-22 09:48 - 2013-10-22 09:48 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-10-22 03:19 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-22 03:19 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-22 03:19 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-22 03:19 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-22 03:19 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-22 03:19 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-22 03:19 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-22 03:19 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-22 03:19 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-22 03:19 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-22 03:19 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-22 03:19 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-22 03:19 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-22 03:19 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-22 03:19 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-22 03:19 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-22 03:19 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-22 03:19 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-22 03:19 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-22 03:19 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-22 03:19 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-21 23:56 - 2013-10-21 23:56 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-10-21 23:38 - 2013-10-21 23:38 - 00000983 _____ C:\Users\Public\Desktop\Deluge.lnk
2013-10-21 23:38 - 2013-10-21 23:38 - 00000000 ____D C:\Program Files (x86)\Deluge
2013-10-21 23:37 - 2013-10-22 13:15 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-10-21 23:36 - 2013-10-22 13:15 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-10-21 23:36 - 2013-10-22 13:14 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-10-21 23:36 - 2013-10-21 23:36 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zqsyhouh.sys
2013-10-21 23:36 - 2013-10-21 23:36 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-10-21 23:36 - 2013-07-21 16:13 - 01656112 _____ C:\Windows\system32\dmwu.exe
2013-10-21 23:36 - 2013-07-21 16:10 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll
2013-10-21 23:35 - 2013-10-22 13:14 - 00000000 ____D C:\Program Files (x86)\CSBrowserHelper
2013-10-21 23:35 - 2013-10-21 23:35 - 00000000 ____D C:\Users\Tani\AppData\Local\CS Browser Assistant
2013-10-21 23:34 - 2013-10-22 13:14 - 00000000 ____D C:\Users\Tani\AppData\Local\SwvUpdater
2013-10-21 23:34 - 2013-10-21 23:34 - 00001962 _____ C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk
2013-10-21 23:18 - 2013-10-21 23:18 - 00000089 _____ C:\Users\Tani\AppData\Roaming\WB.CFG
2013-10-21 22:24 - 2013-10-21 22:24 - 01060070 _____ C:\Users\Tani\Downloads\adwcleaner.exe
2013-10-21 22:23 - 2013-10-21 22:23 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Malwarebytes
2013-10-21 22:21 - 2013-10-21 22:21 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 22:21 - 2013-10-21 22:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 22:21 - 2013-10-21 22:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 22:21 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-21 22:20 - 2013-10-21 22:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tani\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 22:19 - 2013-10-22 13:15 - 00000000 ____D C:\ProgramData\Systweak
2013-10-21 22:19 - 2013-10-22 12:25 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-21 22:19 - 2013-10-22 09:42 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-10-21 22:19 - 2013-10-22 09:41 - 00003318 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-10-21 22:19 - 2013-10-21 23:58 - 00000282 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-10-21 22:19 - 2013-10-21 22:19 - 00003024 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-10-21 22:19 - 2013-10-21 22:19 - 00001091 _____ C:\Users\Tani\Desktop\MyPC Backup.lnk
2013-10-21 22:19 - 2013-10-21 22:19 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-21 22:19 - 2013-10-21 22:19 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-21 22:19 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-10-21 22:18 - 2013-10-23 17:48 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-21 22:18 - 2013-10-23 11:06 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-10-21 22:18 - 2013-10-22 13:15 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Systweak
2013-10-21 22:18 - 2013-10-21 23:55 - 00000000 ____D C:\Users\Tani\AppData\Roaming\DigitalSite
2013-10-21 22:18 - 2013-10-21 22:18 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-10-21 22:18 - 2013-10-21 22:18 - 00003228 _____ C:\Windows\System32\Tasks\DigitalSite
2013-10-21 22:18 - 2013-10-21 22:18 - 00001114 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-10-21 22:18 - 2013-10-21 22:18 - 00001054 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-10-21 22:18 - 2013-10-21 22:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\0D0S1L2Z1P1B
2013-10-21 22:18 - 2013-10-21 22:18 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-21 22:18 - 2013-07-22 16:07 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-10-21 22:04 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-21 22:04 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-21 22:04 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-21 22:04 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-21 22:04 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-21 22:04 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-21 22:04 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-21 22:04 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-21 22:04 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-21 22:04 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-21 22:04 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-21 22:04 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-21 22:04 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-21 22:04 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-21 22:04 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-21 22:04 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-21 22:04 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-10-21 22:04 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-21 22:04 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-21 22:04 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-21 22:04 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-21 22:04 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-21 22:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-21 22:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-21 22:04 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-21 22:04 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-21 22:04 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-21 22:04 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-21 22:04 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-21 22:04 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-21 22:04 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-21 22:04 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-21 22:04 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-21 22:04 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-21 22:04 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-21 22:04 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-21 22:04 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-21 22:04 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-21 22:04 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-21 22:04 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-21 22:04 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-21 22:04 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-21 22:04 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-21 22:04 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-21 22:04 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-21 22:04 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-21 22:01 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-21 22:01 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-21 22:01 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-21 22:01 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-21 22:01 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-21 22:01 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-21 22:00 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-21 21:57 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-21 21:57 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-21 21:57 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-21 21:57 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-21 21:56 - 2013-10-21 21:56 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-21 21:55 - 2013-10-22 13:15 - 00000000 ____D C:\ProgramData\BitGuard
==================== One Month Modified Files and Folders =======
2013-10-23 17:53 - 2013-10-23 17:53 - 01955374 _____ (Farbar) C:\Users\Tani\Downloads\FRST64.exe
2013-10-23 17:53 - 2013-10-23 17:53 - 00000000 ____D C:\FRST
2013-10-23 17:52 - 2013-10-23 17:52 - 01088127 _____ (Farbar) C:\Users\Tani\Downloads\FRST.exe
2013-10-23 17:48 - 2013-10-21 22:18 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-23 17:48 - 2013-02-01 17:24 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Spotify
2013-10-23 17:48 - 2013-02-01 16:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-23 17:48 - 2013-02-01 15:39 - 01321161 _____ C:\Windows\WindowsUpdate.log
2013-10-23 11:25 - 2013-02-01 18:24 - 00000000 ____D C:\Users\Tani\AppData\Local\Mozilla
2013-10-23 11:25 - 2013-02-01 17:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-23 11:16 - 2013-10-23 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-23 11:11 - 2013-10-23 11:11 - 00001461 _____ C:\Users\Tani\Desktop\Continue Music Remote.lnk
2013-10-23 11:10 - 2013-10-23 11:10 - 00614520 _____ (MindAd) C:\Users\Tani\Downloads\setup.exe
2013-10-23 11:06 - 2013-10-21 22:18 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-10-23 10:33 - 2009-07-14 06:51 - 00068566 _____ C:\Windows\setupact.log
2013-10-22 19:52 - 2013-02-01 22:30 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Skype
2013-10-22 18:47 - 2013-02-01 15:29 - 02117566 _____ C:\Windows\system32\perfh007.dat
2013-10-22 18:47 - 2013-02-01 15:29 - 00603196 _____ C:\Windows\system32\perfc007.dat
2013-10-22 18:47 - 2009-07-14 07:13 - 00006484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-22 18:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-22 13:33 - 2013-02-01 19:32 - 00000000 ____D C:\Users\Tani\AppData\Local\Spotify
2013-10-22 13:27 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 13:27 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 13:19 - 2010-11-21 05:47 - 00191442 _____ C:\Windows\PFRO.log
2013-10-22 13:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 13:18 - 2013-10-22 13:18 - 00000000 _____ C:\Windows\SysWOW64\shoB3D7.tmp
2013-10-22 13:15 - 2013-10-21 23:37 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-10-22 13:15 - 2013-10-21 23:36 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-10-22 13:15 - 2013-10-21 22:19 - 00000000 ____D C:\ProgramData\Systweak
2013-10-22 13:15 - 2013-10-21 22:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Systweak
2013-10-22 13:15 - 2013-10-21 21:55 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-22 13:15 - 2013-07-25 12:53 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-10-22 13:14 - 2013-10-21 23:36 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-10-22 13:14 - 2013-10-21 23:35 - 00000000 ____D C:\Program Files (x86)\CSBrowserHelper
2013-10-22 13:14 - 2013-10-21 23:34 - 00000000 ____D C:\Users\Tani\AppData\Local\SwvUpdater
2013-10-22 12:25 - 2013-10-21 22:19 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-22 09:48 - 2013-10-22 09:48 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-10-22 09:42 - 2013-10-21 22:19 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-10-22 09:41 - 2013-10-21 22:19 - 00003318 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-10-22 09:41 - 2013-02-01 17:07 - 00000000 ___RD C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-22 09:41 - 2013-02-01 17:07 - 00000000 ___RD C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-22 09:38 - 2013-04-06 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-22 09:38 - 2013-04-06 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-22 09:38 - 2009-07-14 06:45 - 00329608 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-22 03:21 - 2013-02-01 20:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-10-22 03:11 - 2013-08-15 00:47 - 00000000 ____D C:\Windows\system32\MRT
2013-10-22 03:03 - 2013-02-01 17:10 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-22 03:02 - 2013-02-01 17:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-22 03:02 - 2013-02-01 17:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-21 23:58 - 2013-10-21 22:19 - 00000282 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-10-21 23:56 - 2013-10-21 23:56 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-10-21 23:55 - 2013-10-21 22:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\DigitalSite
2013-10-21 23:38 - 2013-10-21 23:38 - 00000983 _____ C:\Users\Public\Desktop\Deluge.lnk
2013-10-21 23:38 - 2013-10-21 23:38 - 00000000 ____D C:\Program Files (x86)\Deluge
2013-10-21 23:36 - 2013-10-21 23:36 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zqsyhouh.sys
2013-10-21 23:36 - 2013-10-21 23:36 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-10-21 23:35 - 2013-10-21 23:35 - 00000000 ____D C:\Users\Tani\AppData\Local\CS Browser Assistant
2013-10-21 23:34 - 2013-10-21 23:34 - 00001962 _____ C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk
2013-10-21 23:18 - 2013-10-21 23:18 - 00000089 _____ C:\Users\Tani\AppData\Roaming\WB.CFG
2013-10-21 22:39 - 2013-02-01 16:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-21 22:39 - 2013-02-01 16:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-21 22:39 - 2013-02-01 16:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-21 22:24 - 2013-10-21 22:24 - 01060070 _____ C:\Users\Tani\Downloads\adwcleaner.exe
2013-10-21 22:23 - 2013-10-21 22:23 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Malwarebytes
2013-10-21 22:21 - 2013-10-21 22:21 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 22:21 - 2013-10-21 22:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 22:21 - 2013-10-21 22:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 22:21 - 2013-10-21 22:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tani\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 22:19 - 2013-10-21 22:19 - 00003024 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-10-21 22:19 - 2013-10-21 22:19 - 00001091 _____ C:\Users\Tani\Desktop\MyPC Backup.lnk
2013-10-21 22:19 - 2013-10-21 22:19 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-21 22:19 - 2013-10-21 22:19 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-21 22:18 - 2013-10-21 22:18 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-10-21 22:18 - 2013-10-21 22:18 - 00003228 _____ C:\Windows\System32\Tasks\DigitalSite
2013-10-21 22:18 - 2013-10-21 22:18 - 00001114 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-10-21 22:18 - 2013-10-21 22:18 - 00001054 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-10-21 22:18 - 2013-10-21 22:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\0D0S1L2Z1P1B
2013-10-21 22:18 - 2013-10-21 22:18 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-21 22:18 - 2013-02-01 17:24 - 00000000 ____D C:\Users\Tani\AppData\Local\Google
2013-10-21 21:56 - 2013-10-21 21:56 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-26 01:46 - 2013-02-01 18:41 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-23 01:28 - 2013-10-22 03:19 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-22 03:19 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-22 03:19 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 00:55 - 2013-10-22 03:19 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-22 03:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-22 03:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-22 03:19 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-22 03:19 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-22 03:19 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-22 03:19 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-22 03:19 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-22 03:19 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-22 03:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-22 03:19 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-22 03:19 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-22 03:19 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-22 03:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
Some content of TEMP:
====================
C:\Users\Tani\AppData\Local\Temp\022zin2k.dll
C:\Users\Tani\AppData\Local\Temp\944.6310117703399_Update.exe
C:\Users\Tani\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tani\AppData\Local\Temp\COMAP.EXE
C:\Users\Tani\AppData\Local\Temp\DownloadManager.exe
C:\Users\Tani\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Tani\AppData\Local\Temp\vpnclient_setup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-22 13:03
==================== End Of Log ============================
und hier Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2013
Ran by Tani at 2013-10-23 17:54:18
Running from C:\Users\Tani\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ACID Music Studio 8.0 (x32 Version: 8.0.178)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (x32 Version: 15.4.5722.2)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2)
Adobe Acrobat X Standard - English, Français, Deutsch (x32 Version: 10.0.0)
Adobe AIR (x32 Version: 2.7.0.19460)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Aloha TriPeaks (x32 Version: 2.2.0.98)
Amazon Send to Kindle (x32 Version: 1.0.0.192)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.161)
ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.457)
AuthenTec TrueSuite (Version: 5.2.0.675)
AuthenTec WinBio FingerPrint Software (Version: 3.2.1.1030)
Avidemux 2.6 (32-bit) (x32 Version: 2.6.4.8696)
Bejeweled 3 (x32 Version: 2.2.0.98)
Bing Bar (x32 Version: 7.0.610.0)
Bonjour (Version: 3.0.0.10)
BrainVoyager Brain Tutor (x32 Version: 1.2.1)
Build-a-lot 2 (x32 Version: 2.2.0.98)
Cake Mania (x32 Version: 2.2.0.98)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
CyberLink PowerDVD (x32 Version: 9.0.5009.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Deluge 1.3.6 (x32)
Dolby Home Theater v4 (x32 Version: 7.2.7000.4)
DVD Architect Studio 5.0 (x32 Version: 5.0.157)
Evernote v. 4.5.2 (x32 Version: 4.5.2.5904)
FDUx86 (x32 Version: 1.0.0)
Fishdom (TM) 2 (x32 Version: 2.2.0.98)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Free YouTube to MP3 Converter version 3.12.2.426 (x32 Version: 3.12.2.426)
FromDocToPDF Toolbar (x32)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Google Update Helper (x32 Version: 1.3.23.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 8.0.4.1441)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2712)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.0.0.0083)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.0.0.0086)
Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel(R) WiDi (Version: 3.1.26.0)
Intel(R) Wireless Display
Intel® AT Service signup (x32 Version: 2.0.0.3)
Intel® PROSet/Wireless WiFi-Software (Version: 15.00.0000.0708)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Internet Explorer Toolbar 4.9 by SweetPacks (x32 Version: 4.9.0000)
iTunes (Version: 11.0.1.12)
Java Auto Updater (x32 Version: 2.1.5.1)
Java(TM) 7 Update 1 (64-bit) (Version: 7.0.10)
Java(TM) 7 Update 1 (x32 Version: 7.0.10)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
KUx86 (x32 Version: 1.0.0)
Lollipop (HKCU)
Mahjongg Artifacts (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Gallery (Version: 2.1.0.13300)
Media Go (x32 Version: 2.0.317)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (x32 Version: 1.0)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MyFreeCodec (HKCU)
MyPC Backup (Version: )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
NVIDIA Grafiktreiber 296.18 (Version: 296.18)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.12 (Version: 1.7.12)
NVIDIA PhysX (x32 Version: 9.11.1111)
NVIDIA PhysX-Systemsoftware 9.11.1111 (Version: 9.11.1111)
NVIDIA Systemsteuerung 296.18 (Version: 296.18)
NVIDIA Update Components (Version: 1.7.12)
Open It! (x32 Version: 1.1.1)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (x32 Version: 15.4.5722.2)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2)
PDF24 Creator 5.4.0 (x32)
Picasa 3 (x32 Version: 3.9)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayMemories Home (x32 Version: 6.1.01.14210)
PlayStation(R)Network Downloader (x32 Version: 2.07.00849)
PlayStation(R)Store (x32 Version: 4.5.15.13232)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Bowler (x32 Version: 2.2.0.97)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
PYV_x86 (x32 Version: 1.0.0)
QuickTime (x32 Version: 7.73.80.64)
R for Windows 3.0.0 (Version: 3.0.0)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6570)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.92)
Remote Keyboard (x32 Version: 1.2.0.09270)
Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090)
Samsung CLX-3300 Series (x32 Version: 1.01 (01.05.2012))
Samsung Easy Document Creator (x32 Version: 1.02.09 (25.04.2012))
Samsung Easy Printer Manager (x32 Version: 1.02.45.02(01.05.2012))
Samsung Kies (x32 Version: 2.5.1.12123_2)
Samsung Printer Live Update (x32 Version: 1.01.00.04)
Samsung Scan Process Machine (x32 Version: 1.00.18.04)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0)
Skype™ 6.1 (x32 Version: 6.1.129)
Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
SSLx64 (Version: 1.0.0)
SSLx86 (x32 Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 16.0.0.5)
The Hidden Object Game Show (x32 Version: 2.2.0.97)
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270)
TuneUp Utilities 2013 (x32 Version: 13.0.3000.132)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3000.132)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Updater By Sweetpacks 2.0.0.605 (Version: 2.0.0.605)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (Version: 1.0.00.01300)
VAIO - PlayMemories Home Plug-in (Version: 2.0.00.14200)
VAIO - Remote Play mit PlayStation®3 (x32 Version: 1.1.0.21090)
VAIO - Remote-Tastatur (x32 Version: 1.2.0.09270)
VAIO - Remote-Tastatur mit PlayStation®3 (x32 Version: 1.2.0.09210)
VAIO - TrackID™ mit BRAVIA (x32 Version: 1.2.0.09270)
VAIO Care (Version: 7.3.0.14170)
VAIO Control Center (x32 Version: 5.2.2.16060)
VAIO Data Restore Tool (x32 Version: 1.9.0.13190)
VAIO Easy Connect (x32 Version: 1.1.2.01120)
VAIO Gate (x32 Version: 2.4.1.09230)
VAIO Gate Default (x32 Version: 2.5.2.02090)
VAIO Gesture Control (x32 Version: 1.0.0.12300)
VAIO Improvement (x32 Version: 1.3.0.12280)
VAIO Improvement Validation (Version: 1.0.4.01190)
VAIO Sample Contents (x32 Version: 1.4.2.09010)
VAIO Smart Network (x32 Version: 3.11.1.15220)
VAIO Update (x32 Version: 5.7.0.13130)
VAIO Update Merge Module x64 (Version: 5.7.13130)
VAIO*CPU-Lüfterdiagnose (x32 Version: 1.1.0.09200)
VAIO-Handbuch (x32 Version: 2.3.0.12300)
VAIO-Support für Übertragungen (x32 Version: 1.7.0.02231)
VBMx86 (x32 Version: 1.0.0)
VCCx64 (Version: 1.0.0)
VCCx86 (x32 Version: 1.0.0)
Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256)
VHD (x32 Version: 1.0.0)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
VIx64 (Version: 1.0.0)
VIx86 (x32 Version: 1.0.0)
VLC media player 2.0.5 (x32 Version: 2.0.5)
VMLx86 (x32 Version: 1.0.0)
VPMx64 (Version: 1.0.0)
VSNx64 (Version: 1.0.0)
VSNx86 (x32 Version: 1.0.0)
VSSTx64 (Version: 1.0.0)
VSSTx86 (x32 Version: 1.0.0)
VU5x64 (Version: 1.0.0)
VU5x86 (x32 Version: 1.0.0)
VWSTx86 (x32 Version: 1.0.0)
Whilokii 1.0.0 (Version: 1.0.0)
WildTangent Games App (x32 Version: 4.0.5.36)
WildTangent-Spiele (x32 Version: 1.0.2.5)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
Zip Extractor Packages (HKCU)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Елемент керування Windows Live Mesh ActiveX для віддалених підключень (x32 Version: 15.4.5722.2)
Основи Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)
==================== Restore Points =========================
10-08-2013 17:22:15 Windows Update
14-08-2013 07:43:55 Windows Update
14-08-2013 22:46:22 Windows Update
18-08-2013 19:54:25 Windows Update
21-10-2013 19:56:56 Windows Update
22-10-2013 01:00:55 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0DD753D1-C6D7-4923-904F-69A4388E0CF4} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {11DB8F54-6E8C-49F8-81EF-2D6194CF7FDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-21] (Adobe Systems Incorporated)
Task: {1ADDB2C9-B9E1-49C9-AE2D-7D149B510EC1} - System32\Tasks\DigitalSite => C:\Users\Tani\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: {1D3E73D4-A405-4E91-8C0D-8ABE11C5AA93} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
Task: {26E9313C-7DAE-4F9C-8292-45B18C6CF851} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {2923F8CB-616E-48FB-9C58-457F9659B751} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {4CC52CB9-6C48-45D9-9B70-92A534BB7E2B} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {4CD8A0E3-AE9A-4CF9-ADC5-7552B12D0869} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {5ECB31E4-4C5A-4900-ABB6-184DE881841D} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {5F382F8C-034A-40B2-8708-7D7316C5CF81} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {63F44E44-CE1D-417E-9759-6D986C815DC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {64B25806-8A9D-4100-AEEB-CFF815354537} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-11-29] (TuneUp Software)
Task: {6B538DBA-05C8-4548-A968-EB635E39B63F} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
Task: {7072416C-1B44-46A5-AFFB-69FC517EE8CF} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Windows\System32\net
Task: {748A002B-962C-4BC6-BD4B-AF27F9F840AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7696F97C-C03F-405C-B2EE-55B4AFEE74DE} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {8473D606-F9BD-4BB5-8346-CBD0A0F9117D} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe
Task: {8C3D8ACC-765F-44D7-8A67-4D44731C3D5F} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {997033BE-F612-4E9F-A6EF-775065A1D350} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {A2BE3A3B-2EA1-4D82-8F95-4BFD06EDFD4D} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {AADC721E-8A14-4ECC-AE62-6C3CDE5EBA33} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)
Task: {B439D0B2-C923-423E-8AFF-8C2A927DEA47} - System32\Tasks\EPUpdater => C:\Users\Tani\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: {B508C7D3-92F4-4470-8B04-59C31C5B962B} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {BD68496D-0BC5-415A-8292-581E38D3678A} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {C0199735-922B-4A29-A668-11CA5360A78A} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {C7B76B13-36BE-4BB0-B90A-1A1B43F6F979} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
Task: {CA0B504D-ED19-49FB-952C-65DD6BBF7A1B} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {D39542B3-BFEA-4947-A62B-D690119D3A03} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {D4BA6582-AFC8-4774-9815-E75989FC74F0} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {DAC9F6C6-5D8B-47F8-9583-B3BB01733BC3} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {E59CAFF7-D41B-492F-BE50-875C249CE7DC} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {E998B361-6677-4BA0-A12F-FCF007703CC3} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {F887DBC5-C694-47F0-98E9-FD8D577B8008} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Tani\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
==================== Loaded Modules (whitelisted) =============
2012-02-20 05:57 - 2012-02-20 05:57 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2012-02-20 05:57 - 2012-02-20 05:57 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2012-04-05 04:04 - 2012-04-03 22:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-20 00:37 - 2013-09-20 00:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-20 00:32 - 2013-09-20 00:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2011-11-30 19:49 - 2011-11-30 19:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
2011-12-13 12:26 - 2011-12-13 12:26 - 00139264 _____ () C:\Program Files (x86)\Intel\Bluetooth\de\btmsrvview.resources.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-02-01 16:06 - 2012-04-06 15:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2013-08-15 09:20 - 2013-08-15 09:20 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll
2013-02-01 15:44 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-02-01 15:50 - 2012-03-23 10:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-10-25 16:13 - 2010-10-25 16:13 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-10-23 11:22 - 2013-10-23 11:22 - 00337920 _____ () C:\Program Files (x86)\Whilokii\bin\sqlite3.DLL
2013-02-01 17:24 - 2013-10-22 11:34 - 34604032 _____ () C:\Users\Tani\AppData\Roaming\Spotify\Data\libcef.dll
2013-10-21 22:39 - 2013-10-21 22:39 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
2013-10-22 11:34 - 2013-10-22 11:34 - 00747008 _____ () C:\Users\Tani\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-10-22 11:34 - 2013-10-22 11:34 - 00137216 _____ () C:\Users\Tani\AppData\Roaming\Spotify\Data\libegl.dll
2013-10-23 11:15 - 2013-10-23 11:16 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-08-09 01:00 - 2013-08-09 01:00 - 02244504 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-08-09 01:00 - 2013-08-09 01:00 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-08-09 01:00 - 2013-08-09 01:00 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows\system32\Drivers\zqsyhouh.sys:changelist
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8065
Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8065
Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7067
Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7067
Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6068
Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6068
Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/23/2013 00:14:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5054
System errors:
=============
Error: (10/22/2013 02:54:33 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (10/22/2013 01:20:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/22/2013 01:20:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/22/2013 01:20:14 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (10/22/2013 01:18:26 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/22/2013 09:47:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (10/22/2013 09:44:08 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet.
Error: (10/22/2013 09:39:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/22/2013 00:02:25 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (10/21/2013 11:58:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8065
Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8065
Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7067
Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7067
Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6068
Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6068
Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/23/2013 00:14:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5054
CodeIntegrity Errors:
===================================
Date: 2013-05-02 10:45:41.693
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-02 10:45:41.671
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-02 10:45:39.631
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-02 10:45:39.605
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-02 10:45:37.560
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-02 10:45:37.537
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-02 10:45:35.498
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-02 10:45:35.478
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-02 10:45:33.427
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-02 10:45:33.406
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 3995.28 MB
Available physical RAM: 1817.55 MB
Total Pagefile: 7988.73 MB
Available Pagefile: 4104.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:443.29 GB) (Free:365.17 GB) NTFS
Drive e: (TANI CAMERA) (Removable) (Total:1.89 GB) (Free:0 GB) FAT
Drive g: (INTENSO) (Fixed) (Total:465.64 GB) (Free:262.06 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9965FECF)
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 1959C36A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)
========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
==================== End Of Log ============================
|
|
24.10.2013, 08:47
| #4 |
| /// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte Externe und SD Karte anklemmen, dran lassen: Panda USB Vaccine - Download - Filepony laden und laufen lassen. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.10.2013, 19:06
| #5 |
| | nur Verknüpfungen auf externer Festplatte und SD-KarteCode:
ATTFilter ComboFix 13-10-24.01 - Tani 24.10.2013 18:53:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3995.1449 [GMT 2:00]
ausgeführt von:: c:\users\Tani\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dhbklcjlaailoapjipjnojcomechjoop_0
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dhbklcjlaailoapjipjnojcomechjoop_0\3
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\background.html
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\crossriderManifest.json
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\manifest.xml
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins.json
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\1_base.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\17_jQuery.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\21_debug.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\22_resources.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\28_initializer.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\47_resources_background.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\64_appApiMessage.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\72_appApiValidation.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\userCode\background.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\userCode\extension.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\icons\actions\1.png
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\icons\icon128.png
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\icons\icon16.png
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\icons\icon48.png
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\api\chrome.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\api\cookie.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\api\message.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\api\pageAction.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\api\pageActionBG.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\background.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\app_api.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\bg_app_api.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\consts.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\cookie_store.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\crossriderAPI.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\delegate.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\events.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\extensionDataStore.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\installer.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\logFile.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\logging.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\onBGDocumentLoad.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\popupResource\newPopup.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\popupResource\popup.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\reports.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\storageWrapper.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\updateManager.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\util.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\xhr.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\main.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\manifest.json
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\popup.html
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\background.html
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\crossriderManifest.json
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\manifest.xml
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins.json
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\1_base.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\101_cortica_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\102_dealply_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\103_intext_5_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\105_corticas_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\107_coupish_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\108_icm_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\116_ads_only_5_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\119_similar_web_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\120_luck_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\129_widdit_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\138_getdeal_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\17_jQuery.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\170_icm1_5_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\21_debug.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\22_resources.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\28_initializer.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\47_resources_background.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\64_appApiMessage.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\7_hooks.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\72_appApiValidation.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\92_superfish_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\userCode\background.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\userCode\extension.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\icons\actions\1.png
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\icons\icon128.png
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\icons\icon16.png
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\icons\icon48.png
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\api\chrome.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\api\cookie.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\api\message.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\api\pageAction.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\api\pageActionBG.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\background.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\app_api.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\bg_app_api.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\consts.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\cookie_store.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\crossriderAPI.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\delegate.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\events.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\extensionDataStore.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\installer.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\logFile.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\logging.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\onBGDocumentLoad.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\popupResource\newPopup.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\popupResource\popup.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\reports.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\storageWrapper.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\updateManager.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\util.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\xhr.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\main.js
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\manifest.json
c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\popup.html
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome.manifest
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\asyncDB.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\background.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\browserAction.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\contextMenu.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\dbManager.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\dom_bg.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\fileManager.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\firefox.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\firefoxNotifications.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\firefoxOmnibox.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\message.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\pageAction.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\request.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\tabs.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\webRequest.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\background.html
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\baseObject.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\browser.xul
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\console.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\consts.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\delegate.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\extensionDataStore.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\folderIOWrapper.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\httpObserver.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\IDBWrapper.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\installer.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\logFile.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\prefs.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\progressListenerObserver.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\registry.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\reloadObserver.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\reports.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\requestObject.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\searchSettings.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\uninstallObserver.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\updateManager.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\utils.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\xhr.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\dialog.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\main.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\options.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\options.xul
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\search_dialog.xul
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\defaults\preferences\prefs.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\manifest.xml
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins.json
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\1_base.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\101_cortica_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\102_dealply_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\103_intext_5_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\105_corticas_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\107_coupish_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\108_icm_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\116_ads_only_5_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\119_similar_web_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\120_luck_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\129_widdit_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\138_getdeal_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\17_jQuery.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\170_icm1_5_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\21_debug.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\22_resources.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\28_initializer.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\47_resources_background.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\64_appApiMessage.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\7_hooks.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\72_appApiValidation.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\92_superfish_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\98_omniCommands.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\userCode\background.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\userCode\extension.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\install.rdf
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\locale\en-US\translations.dtd
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\button1.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\button2.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\button3.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\button4.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\button5.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\crossrider_statusbar.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\icon128.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\icon16.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\icon24.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\icon48.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\panelarrow-up.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\popup.html
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\skin.css
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\update.css
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome.manifest
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\asyncDB.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\background.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\browserAction.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\contextMenu.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\dbManager.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\dom_bg.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\fileManager.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\firefox.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\firefoxNotifications.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\firefoxOmnibox.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\message.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\pageAction.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\request.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\tabs.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\webRequest.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\background.html
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\baseObject.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\browser.xul
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\console.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\consts.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\delegate.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\extensionDataStore.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\folderIOWrapper.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\httpObserver.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\IDBWrapper.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\installer.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\logFile.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\prefs.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\progressListenerObserver.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\registry.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\reloadObserver.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\reports.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\requestObject.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\searchSettings.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\uninstallObserver.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\updateManager.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\utils.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\xhr.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\dialog.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\main.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\options.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\options.xul
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\search_dialog.xul
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\defaults\preferences\prefs.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\manifest.xml
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins.json
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\1_base.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\17_jQuery.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\21_debug.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\22_resources.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\28_initializer.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\47_resources_background.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\64_appApiMessage.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\72_appApiValidation.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\98_omniCommands.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\userCode\background.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\userCode\extension.js
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\install.rdf
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\locale\en-US\translations.dtd
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\button1.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\button2.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\button3.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\button4.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\button5.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\crossrider_statusbar.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\icon128.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\icon16.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\icon24.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\icon48.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\panelarrow-up.png
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\popup.html
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\skin.css
c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\update.css
c:\windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-24 bis 2013-10-24 ))))))))))))))))))))))))))))))
.
.
2013-10-24 17:43 . 2013-10-24 17:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-24 17:43 . 2013-10-24 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-24 16:45 . 2013-10-13 22:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D24D14F1-1494-46D7-93A0-6E9B55EB6FB0}\mpengine.dll
2013-10-24 16:45 . 2013-10-24 16:45 -------- d-----w- c:\programdata\Panda Security
2013-10-24 16:44 . 2013-10-24 16:44 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2013-10-23 15:53 . 2013-10-23 15:53 -------- d-----w- C:\FRST
2013-10-23 08:44 . 2013-10-13 22:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-22 11:18 . 2013-10-22 11:18 0 ----a-w- c:\windows\SysWow64\shoB3D7.tmp
2013-10-21 21:38 . 2013-10-21 21:38 -------- d-----w- c:\program files (x86)\Deluge
2013-10-21 21:37 . 2013-10-22 11:15 -------- d-----w- c:\program files (x86)\SweetIM
2013-10-21 21:36 . 2013-10-21 21:36 -------- d-----w- c:\windows\SysWow64\jmdp
2013-10-21 21:36 . 2013-10-22 11:14 -------- d-----w- c:\windows\SysWow64\ARFC
2013-10-21 21:36 . 2013-07-21 14:13 1656112 ----a-w- c:\windows\system32\dmwu.exe
2013-10-21 21:36 . 2013-07-21 14:10 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-10-21 21:36 . 2013-10-22 11:15 -------- d-----w- c:\windows\SysWow64\WNLT
2013-10-21 21:36 . 2013-10-21 21:36 49872 ----a-w- c:\windows\system32\drivers\zqsyhouh.sys
2013-10-21 21:35 . 2013-10-21 21:35 -------- d-----w- c:\users\Tani\AppData\Local\CS Browser Assistant
2013-10-21 21:35 . 2013-10-22 11:14 -------- d-----w- c:\program files (x86)\CSBrowserHelper
2013-10-21 21:34 . 2013-10-22 11:14 -------- d-----w- c:\users\Tani\AppData\Local\SwvUpdater
2013-10-21 20:23 . 2013-10-21 20:23 -------- d-----w- c:\users\Tani\AppData\Roaming\Malwarebytes
2013-10-21 20:21 . 2013-10-21 20:21 -------- d-----w- c:\programdata\Malwarebytes
2013-10-21 20:21 . 2013-10-21 20:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-21 20:21 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-21 20:19 . 2013-10-22 11:15 -------- d-----w- c:\programdata\Systweak
2013-10-21 20:19 . 2013-10-21 20:19 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-10-21 20:19 . 2012-07-25 10:03 16896 ----a-w- c:\windows\system32\sasnative64.exe
2013-10-21 20:18 . 2013-10-22 11:15 -------- d-----w- c:\users\Tani\AppData\Roaming\Systweak
2013-10-21 20:18 . 2013-07-22 14:07 20312 ----a-w- c:\windows\system32\roboot64.exe
2013-10-21 20:18 . 2013-10-23 09:06 -------- d-----w- c:\program files (x86)\Whilokii
2013-10-21 20:18 . 2013-10-21 20:18 -------- d-----w- c:\users\Tani\AppData\Roaming\0D0S1L2Z1P1B
2013-10-21 20:18 . 2013-10-21 21:55 -------- d-----w- c:\users\Tani\AppData\Roaming\DigitalSite
2013-10-21 20:18 . 2013-10-21 20:18 -------- d-----w- c:\program files (x86)\OpenIt
2013-10-21 20:01 . 2013-10-21 19:58 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EC171AF-13E3-42D9-8137-DA662C52F35D}\gapaengine.dll
2013-10-21 20:01 . 2013-07-03 04:40 42496 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-21 20:01 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-21 20:01 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-21 20:01 . 2013-09-14 01:10 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-21 20:01 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-21 20:01 . 2013-09-08 02:27 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-10-21 20:00 . 2013-09-08 02:03 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-10-21 19:57 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-21 19:57 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-21 19:57 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-21 19:57 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-21 19:55 . 2013-10-22 11:15 -------- d-----w- c:\programdata\BitGuard
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-21 20:39 . 2013-02-01 14:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-21 20:39 . 2013-02-01 14:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-25 23:46 . 2013-02-01 16:41 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-08-29 01:48 . 2013-10-21 20:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{204df522-9a96-4a72-abb0-60f7a216d6d2}]
2013-10-23 09:06 249624 ----a-w- c:\program files (x86)\Whilokii\WhilokiiBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-26 12:47 280736 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18706176]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Intel AT Service signup"="c:\program files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe" [2012-02-15 382976]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"FromDocToPDF Search Scope Monitor"="c:\progra~2\FROMDO~2\bar\1.bin\65srchmn.exe" [2013-03-07 42536]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-9-20 1953320]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x]
S2 FromDocToPDF_65Service;FromDocToPDFService;c:\progra~2\FROMDO~2\bar\1.bin\65barsvc.exe;c:\progra~2\FROMDO~2\bar\1.bin\65barsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Update Whilokii;Update Whilokii;c:\program files (x86)\Whilokii\updateWhilokii.exe;c:\program files (x86)\Whilokii\updateWhilokii.exe [x]
S2 Util Whilokii;Util Whilokii;c:\program files (x86)\Whilokii\bin\utilWhilokii.exe;c:\program files (x86)\Whilokii\bin\utilWhilokii.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-01 20:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-26 12:47 340640 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-19 11406608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 439064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://mysearch.sweetpacks.com/?src=2&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511&q=
FF - ExtSQL: 2013-10-05 03:05; firefox@whilokii.net; c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\firefox@whilokii.net.xpi
FF - ExtSQL: 2013-10-21 22:18; {f9d03c26-0575-497e-821d-f7956d23e0ca}; c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
FF - ExtSQL: 2013-10-21 23:35; ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com; c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com
FF - ExtSQL: 2013-10-21 23:35; 0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com; c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com
FF - ExtSQL: 2013-10-21 23:38; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: !HIDDEN! 2013-03-07 22:46; 65ffxtbr@FromDocToPDF_65.com; c:\program files (x86)\FromDocToPDF_65\bar\1.bin
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c05ff83e000000000000c48508942c04
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15911
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.012:53
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121564&tt=230713_18220&tsp=4954
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk - c:\windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe -user_logon
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{11111111-1111-1111-1111-110411181196} - c:\program files (x86)\CS Browser Assistant\CS Browser Assistant-bho64.dll
BHO-{11111111-1111-1111-1111-110411411152} - c:\program files (x86)\ElectroLyrics-16\ElectroLyrics-16-bho64.dll
BHO-{DEDAF650-12B8-48f5-A843-BBA100716106} - c:\program files\Updater By Sweetpacks\Extension64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-lollipop - c:\users\tani\appdata\local\lollipop\lollipop.bat
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-24 19:46:10
ComboFix-quarantined-files.txt 2013-10-24 17:46
.
Vor Suchlauf: 11 Verzeichnis(se), 397.207.154.688 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 398.175.801.344 Bytes frei
.
- - End Of File - - 365BBC14FB85E1A1DAFA5E4868FA196B
Geändert von TLau (24.10.2013 um 19:12 Uhr) |
|
25.10.2013, 10:39
| #6 |
| /// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte SD KArte im Explorer öffnen, Screenshot bitte von dem was du siehst. Verknüpfungen kannste du löschen wenn die Ordner wieder gehen.
__________________ --> nur Verknüpfungen auf externer Festplatte und SD-Karte |
|
25.10.2013, 12:34
| #7 |
| | nur Verknüpfungen auf externer Festplatte und SD-Karte Hier der Screenshot: |
|
26.10.2013, 12:01
| #8 |
| /// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte Lässt Du auch versteckte Dateien anzeigen auf der SD KArte?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.10.2013, 09:29
| #9 |
| | nur Verknüpfungen auf externer Festplatte und SD-Karte Ja, die Einstellung ist aktiviert. |
|
27.10.2013, 17:37
| #10 |
| /// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte Dann sollten aber die Original-Ordner auch da sein, nicht nur die Verknüpfungen. Was passiert wenn Du die Ordner öffnen willst?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.10.2013, 09:24
| #11 |
| | nur Verknüpfungen auf externer Festplatte und SD-Karte Dann zeigt sich dieses Fenster: |
|
28.10.2013, 13:47
| #12 |
| /// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte Rechtsklick/Eigenschaften, welcher Pfad steht in der Verknüpfung?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.10.2013, 08:33
| #13 |
| | nur Verknüpfungen auf externer Festplatte und SD-Karte Folgendes: |
|
29.10.2013, 14:04
| #14 |
| /// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte was ist Laufwerk G? MBAM bitte Vollscan aller Laufwerke: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.10.2013, 22:07
| #15 |
| | nur Verknüpfungen auf externer Festplatte und SD-Karte Laufwerk G ist die externe Festplatte, die allerdings zu dem Zeitpunkt gar nicht angeschlossen war. Das Logfile von Malware war leider verschwunden nach dem Neustart, hatte vergessen es zu speichern. Hier die restlichen: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by Tani (administrator) on TANI-VAIO on 30-10-2013 22:03:10
Running from C:\Users\Tani\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Sony Corporation) c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Farbar) C:\Users\Tani\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Intel AT Service signup] - C:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe [382976 2012-02-15] (Intel Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260928 2012-03-13] (NVIDIA Corporation)
Startup: C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {8EAD5713-1176-441B-854A-0A9AFD637938} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
BHO: CS Browser Assistant - {11111111-1111-1111-1111-110411181196} - C:\Program Files (x86)\CS Browser Assistant\CS Browser Assistant-bho64.dll No File
BHO: ElectroLyrics-16 - {11111111-1111-1111-1111-110411411152} - C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-bho64.dll No File
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firefox - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\firefox@whilokii.net.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [nibgmhfiionbhpeidijmiildfjnbbkic] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2401632 2012-11-29] (TuneUp Software)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-30 22:02 - 2013-10-30 22:03 - 01956614 _____ (Farbar) C:\Users\Tani\Downloads\FRST64(1).exe
2013-10-30 22:00 - 2013-10-30 22:01 - 00001827 _____ C:\Users\Tani\Desktop\JRT.txt
2013-10-30 21:54 - 2013-10-30 21:54 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 21:50 - 2013-10-30 21:50 - 01033335 _____ (Thisisu) C:\Users\Tani\Downloads\JRT.exe
2013-10-30 21:47 - 2013-10-30 21:47 - 00025543 _____ C:\Users\Tani\Desktop\AdwCleaner[S0].txt
2013-10-29 21:55 - 2013-10-30 21:45 - 00000000 ____D C:\AdwCleaner
2013-10-27 00:22 - 2013-10-28 09:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-25 08:06 - 2013-10-25 08:06 - 00000000 ____D C:\Users\Tani\Documents\Fax
2013-10-25 06:52 - 2013-10-25 06:52 - 13821642 _____ C:\Users\Tani\Downloads\Articles.zip
2013-10-24 22:19 - 2013-10-24 22:19 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-24 21:48 - 2013-10-24 21:48 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
2013-10-24 21:48 - 2013-10-24 21:48 - 00000000 ____D C:\Program Files\Microsoft Research
2013-10-24 21:27 - 2013-10-24 21:27 - 02534400 _____ C:\Users\Tani\Downloads\ICE-1.4.4-for-64-bit-Windows.msi
2013-10-24 21:25 - 2013-10-24 21:26 - 02270208 _____ C:\Users\Tani\Downloads\ICE-1.4.4-for-32-bit-Windows.msi
2013-10-24 18:46 - 2013-10-24 18:46 - 00094150 _____ C:\ComboFix.txt
2013-10-24 17:50 - 2013-10-24 18:46 - 00000000 ____D C:\Qoobox
2013-10-24 17:50 - 2013-10-24 18:46 - 00000000 ____D C:\ComboFix
2013-10-24 17:50 - 2013-10-24 18:44 - 00000000 ____D C:\Windows\erdnt
2013-10-24 17:50 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-24 17:50 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-24 17:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-24 17:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-24 17:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-24 17:50 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-24 17:50 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-24 17:50 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-24 17:47 - 2013-10-24 17:47 - 05136677 ____R (Swearware) C:\Users\Tani\Downloads\ComboFix.exe
2013-10-24 17:45 - 2013-10-24 17:45 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-24 17:44 - 2013-10-24 17:44 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-10-24 17:44 - 2013-10-24 17:44 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-10-24 17:42 - 2013-10-24 17:43 - 00848856 _____ (Panda Security ) C:\Users\Tani\Downloads\USBVaccineSetup.exe
2013-10-23 16:54 - 2013-10-23 16:58 - 00036576 _____ C:\Users\Tani\Downloads\Addition.txt
2013-10-23 16:53 - 2013-10-23 16:53 - 01955374 _____ (Farbar) C:\Users\Tani\Downloads\FRST64.exe
2013-10-23 16:53 - 2013-10-23 16:53 - 00000000 ____D C:\FRST
2013-10-23 16:52 - 2013-10-23 16:52 - 01088127 _____ (Farbar) C:\Users\Tani\Downloads\FRST.exe
2013-10-23 10:15 - 2013-10-23 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-22 02:19 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-22 02:19 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-22 02:19 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-22 02:19 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-22 02:19 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-22 02:19 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-22 02:19 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-22 02:19 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-22 02:19 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-22 02:19 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-22 02:19 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-22 02:19 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-22 02:19 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-22 02:19 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-22 02:19 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-22 02:19 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-22 02:19 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-22 02:19 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-22 02:19 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-22 02:19 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-22 02:19 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-21 22:38 - 2013-10-21 22:38 - 00000000 ____D C:\Program Files (x86)\Deluge
2013-10-21 22:36 - 2013-10-21 22:36 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zqsyhouh.sys
2013-10-21 22:35 - 2013-10-22 12:14 - 00000000 ____D C:\Program Files (x86)\CSBrowserHelper
2013-10-21 22:35 - 2013-10-21 22:35 - 00000000 ____D C:\Users\Tani\AppData\Local\CS Browser Assistant
2013-10-21 22:18 - 2013-10-21 22:18 - 00000089 _____ C:\Users\Tani\AppData\Roaming\WB.CFG
2013-10-21 21:24 - 2013-10-21 21:24 - 01060070 _____ C:\Users\Tani\Downloads\adwcleaner.exe
2013-10-21 21:23 - 2013-10-21 21:23 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Malwarebytes
2013-10-21 21:21 - 2013-10-21 21:21 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 21:21 - 2013-10-21 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 21:21 - 2013-10-21 21:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 21:21 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-21 21:20 - 2013-10-21 21:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tani\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 21:19 - 2012-07-25 11:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-10-21 21:18 - 2013-10-21 21:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\0D0S1L2Z1P1B
2013-10-21 21:04 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-21 21:04 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-21 21:04 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-21 21:04 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-21 21:04 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-21 21:04 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-21 21:04 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-21 21:04 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-21 21:04 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-21 21:04 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-21 21:04 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-21 21:04 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-21 21:04 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-21 21:04 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-21 21:04 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-21 21:04 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-21 21:04 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-10-21 21:04 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-21 21:04 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-21 21:04 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-21 21:04 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-21 21:04 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-21 21:04 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-21 21:04 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-21 21:04 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-21 21:04 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-21 21:04 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-21 21:04 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-21 21:04 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-21 21:04 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-21 21:04 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-21 21:04 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-21 21:04 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-21 21:04 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-21 21:04 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-21 21:04 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-21 21:04 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-21 21:04 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-21 21:04 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-21 21:04 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-21 21:04 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-21 21:04 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-21 21:04 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-21 21:04 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-21 21:04 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-21 21:04 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-21 21:01 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-21 21:01 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-21 21:01 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-21 21:01 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-21 21:01 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-21 21:01 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-21 21:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-21 20:57 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-21 20:57 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-21 20:57 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-21 20:57 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
==================== One Month Modified Files and Folders =======
2013-10-30 22:03 - 2013-10-30 22:02 - 01956614 _____ (Farbar) C:\Users\Tani\Downloads\FRST64(1).exe
2013-10-30 22:01 - 2013-10-30 22:00 - 00001827 _____ C:\Users\Tani\Desktop\JRT.txt
2013-10-30 21:54 - 2013-10-30 21:54 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 21:54 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 21:54 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 21:53 - 2013-02-01 14:29 - 02265486 _____ C:\Windows\system32\perfh007.dat
2013-10-30 21:53 - 2013-02-01 14:29 - 00650556 _____ C:\Windows\system32\perfc007.dat
2013-10-30 21:53 - 2009-07-14 06:13 - 00006484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-30 21:50 - 2013-10-30 21:50 - 01033335 _____ (Thisisu) C:\Users\Tani\Downloads\JRT.exe
2013-10-30 21:50 - 2013-02-01 14:39 - 01822998 _____ C:\Windows\WindowsUpdate.log
2013-10-30 21:47 - 2013-10-30 21:47 - 00025543 _____ C:\Users\Tani\Desktop\AdwCleaner[S0].txt
2013-10-30 21:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-30 21:46 - 2009-07-14 05:51 - 00069462 _____ C:\Windows\setupact.log
2013-10-30 21:45 - 2013-10-29 21:55 - 00000000 ____D C:\AdwCleaner
2013-10-30 21:45 - 2013-02-01 16:07 - 00000000 ___RD C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-30 21:43 - 2013-02-01 15:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 19:08 - 2013-03-05 18:26 - 00000000 ____D C:\Users\Tani\Documents\Scannen
2013-10-30 07:54 - 2013-02-01 16:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-30 07:54 - 2010-11-21 04:47 - 00192408 _____ C:\Windows\PFRO.log
2013-10-30 07:52 - 2013-02-01 19:54 - 00000000 ____D C:\Users\Tani\AppData\Roaming\SoftGrid Client
2013-10-30 07:51 - 2013-02-01 16:24 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Spotify
2013-10-29 21:24 - 2013-08-11 18:32 - 00000000 ____D C:\Users\Tani\Tani
2013-10-29 21:24 - 2013-04-19 18:02 - 00000000 ____D C:\Users\Tani\Desktop\Tani
2013-10-29 21:23 - 2013-02-01 16:04 - 00000000 ____D C:\Users\Tani
2013-10-29 20:51 - 2013-02-01 18:32 - 00000000 ____D C:\Users\Tani\AppData\Local\Spotify
2013-10-29 20:29 - 2013-02-01 17:23 - 00000000 ____D C:\Users\Tani\Desktop\Uni
2013-10-29 11:16 - 2013-02-01 21:30 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Skype
2013-10-28 12:48 - 2013-02-02 09:53 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-10-28 09:19 - 2013-10-27 00:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-25 08:10 - 2013-02-02 08:12 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-10-25 08:09 - 2013-07-26 12:07 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-10-25 08:09 - 2013-02-01 16:08 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Adobe
2013-10-25 08:06 - 2013-10-25 08:06 - 00000000 ____D C:\Users\Tani\Documents\Fax
2013-10-25 08:06 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-10-25 06:52 - 2013-10-25 06:52 - 13821642 _____ C:\Users\Tani\Downloads\Articles.zip
2013-10-24 22:21 - 2013-02-13 09:54 - 00000000 ____D C:\Users\Tani\Documents\SelfMV
2013-10-24 22:19 - 2013-10-24 22:19 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-24 22:18 - 2013-02-01 14:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-24 22:17 - 2013-02-13 09:36 - 00000000 ____D C:\Users\Tani\AppData\Local\Downloaded Installations
2013-10-24 22:17 - 2013-02-02 08:11 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-10-24 21:48 - 2013-10-24 21:48 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
2013-10-24 21:48 - 2013-10-24 21:48 - 00000000 ____D C:\Program Files\Microsoft Research
2013-10-24 21:27 - 2013-10-24 21:27 - 02534400 _____ C:\Users\Tani\Downloads\ICE-1.4.4-for-64-bit-Windows.msi
2013-10-24 21:26 - 2013-10-24 21:25 - 02270208 _____ C:\Users\Tani\Downloads\ICE-1.4.4-for-32-bit-Windows.msi
2013-10-24 18:46 - 2013-10-24 18:46 - 00094150 _____ C:\ComboFix.txt
2013-10-24 18:46 - 2013-10-24 17:50 - 00000000 ____D C:\Qoobox
2013-10-24 18:46 - 2013-10-24 17:50 - 00000000 ____D C:\ComboFix
2013-10-24 18:46 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-10-24 18:44 - 2013-10-24 17:50 - 00000000 ____D C:\Windows\erdnt
2013-10-24 18:44 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-10-24 17:47 - 2013-10-24 17:47 - 05136677 ____R (Swearware) C:\Users\Tani\Downloads\ComboFix.exe
2013-10-24 17:45 - 2013-10-24 17:45 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-24 17:44 - 2013-10-24 17:44 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-10-24 17:44 - 2013-10-24 17:44 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-10-24 17:43 - 2013-10-24 17:42 - 00848856 _____ (Panda Security ) C:\Users\Tani\Downloads\USBVaccineSetup.exe
2013-10-23 16:58 - 2013-10-23 16:54 - 00036576 _____ C:\Users\Tani\Downloads\Addition.txt
2013-10-23 16:53 - 2013-10-23 16:53 - 01955374 _____ (Farbar) C:\Users\Tani\Downloads\FRST64.exe
2013-10-23 16:53 - 2013-10-23 16:53 - 00000000 ____D C:\FRST
2013-10-23 16:52 - 2013-10-23 16:52 - 01088127 _____ (Farbar) C:\Users\Tani\Downloads\FRST.exe
2013-10-23 10:25 - 2013-02-01 17:24 - 00000000 ____D C:\Users\Tani\AppData\Local\Mozilla
2013-10-23 10:16 - 2013-10-23 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-22 17:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-22 12:14 - 2013-10-21 22:35 - 00000000 ____D C:\Program Files (x86)\CSBrowserHelper
2013-10-22 08:41 - 2013-02-01 16:07 - 00000000 ___RD C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-22 08:38 - 2013-04-06 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-22 08:38 - 2013-04-06 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-22 08:38 - 2009-07-14 05:45 - 00329608 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-22 02:21 - 2013-02-01 19:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-10-22 02:11 - 2013-08-14 23:47 - 00000000 ____D C:\Windows\system32\MRT
2013-10-22 02:03 - 2013-02-01 16:10 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-22 02:02 - 2013-02-01 16:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-22 02:02 - 2013-02-01 16:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-21 22:38 - 2013-10-21 22:38 - 00000000 ____D C:\Program Files (x86)\Deluge
2013-10-21 22:36 - 2013-10-21 22:36 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zqsyhouh.sys
2013-10-21 22:35 - 2013-10-21 22:35 - 00000000 ____D C:\Users\Tani\AppData\Local\CS Browser Assistant
2013-10-21 22:18 - 2013-10-21 22:18 - 00000089 _____ C:\Users\Tani\AppData\Roaming\WB.CFG
2013-10-21 21:39 - 2013-02-01 15:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-21 21:39 - 2013-02-01 15:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-21 21:39 - 2013-02-01 15:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-21 21:24 - 2013-10-21 21:24 - 01060070 _____ C:\Users\Tani\Downloads\adwcleaner.exe
2013-10-21 21:23 - 2013-10-21 21:23 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Malwarebytes
2013-10-21 21:21 - 2013-10-21 21:21 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 21:21 - 2013-10-21 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 21:21 - 2013-10-21 21:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 21:21 - 2013-10-21 21:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tani\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 21:18 - 2013-10-21 21:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\0D0S1L2Z1P1B
2013-10-21 21:18 - 2013-02-01 16:24 - 00000000 ____D C:\Users\Tani\AppData\Local\Google
Some content of TEMP:
====================
C:\Users\Tani\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-22 12:03
==================== End Of Log ============================
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Tani on 30.10.2013 at 21:54:50,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3266562472-1703614650-1015984034-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422182296}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422412252}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422182296}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422412252}
~~~ Files
Successfully deleted: [File] "C:\Users\Tani\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] C:\Windows\syswow64\shoB3D7.tmp
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Tani\appdata\local\{385C3627-0A64-4DD9-A0F0-9EFED069501C}
Successfully deleted: [Empty Folder] C:\Users\Tani\appdata\local\{544E39AD-6A12-4AA5-BD0B-7291D9BB312E}
~~~ FireFox
Emptied folder: C:\Users\Tani\AppData\Roaming\mozilla\firefox\profiles\78qk6azx.default\minidumps [57 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.10.2013 at 22:00:47,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 30/10/2013 um 21:45:01
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Tani - TANI-VAIO
# Gestartet von : C:\Users\Tani\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : BackupStack
Dienst Gelöscht : FromDocToPDF_65Service
[#] Dienst Gelöscht : update whilokii
[#] Dienst Gelöscht : Util Whilokii
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\FromDocToPDF_65
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Whilokii
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
Ordner Gelöscht : C:\Users\Tani\AppData\Local\FromDocToPDF_65
Ordner Gelöscht : C:\Users\Tani\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\65ffxtbr@FromDocToPDF_65.com
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\firefox@whilokii.net
Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Windows\System32\dmwu.exe
Datei Gelöscht : C:\Windows\System32\ImhxxpComm.dll
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\searchplugins\BrowserDefender.xml
Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard
Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsUpdate
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [65ffxtbr@FromDocToPDF_65.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
Schlüssel Gelöscht : HKCU\Software\86db8fe234ef14
Schlüssel Gelöscht : HKLM\SOFTWARE\86db8fe234ef14
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope Monitor]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466186696}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DEDAF650-12B8-48F5-A843-BBA100716106}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466186696}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEDAF650-12B8-48F5-A843-BBA100716106}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Whilokii
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\FromDocToPDF_65
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Whilokii
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\wnlt
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=C05FC48508942C04&affID=121564&tt=230713_18220&tsp=4954");
Zeile gelöscht : user_pref("browser.search.order.1", "Delta Search");
Zeile gelöscht : user_pref("extensions.aed1050190ac54666b53751b7d0aef96bb7c6859bad3040bea166552cb29db885com41896.41896.thankyou", "hxxp://crossrider.com/thank_you/41896");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141df1d4a5deee23f35cb88c98d039d7");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "c05ff83e000000000000c48508942c04");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15911");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.22.0");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.22.012:53:15");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.22.0");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121564&tt=230713_18220&tsp=4954");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=1C72CEF1-D763-4CB9-8BEB-CF22D9117A41&n=77fc6942&p2=^Y6^xdm043^YY^de&si=swissconverter");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.user.defined", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013030722");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm043^YY^de");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "1C72CEF1-D763-4CB9-8BEB-CF22D9117A41");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1383155971667");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://mysearch.sweetpacks.com/?src=2&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511&q=");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "google.de");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511");
*************************
AdwCleaner[R0].txt - [26701 octets] - [30/10/2013 08:03:39]
AdwCleaner[S0].txt - [25245 octets] - [30/10/2013 21:45:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25306 octets] ##########
|
|
| Themen zu nur Verknüpfungen auf externer Festplatte und SD-Karte |
| $recycle.bin, angeschlossen, dasselbe, daten, externe, externe festplatte, externer, festplatte, gen, geschlossen, neu, nur verknüpfungen, ordner, platte, recycle.bin, recycled, retten, sd-karte, troja, trojaner, verknüpfung, verknüpfungen, warnung, zusätzlich |
WARNUNG an die MITLESER: 
Linear-Darstellung
