| |
| |||||||
Log-Analyse und Auswertung: Log auswertung von Vieren verseuchtem RechnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.07.2014, 14:26
| #1 |
 |  Log auswertung von Vieren verseuchtem Rechner haben hier einen rechner der schon länger in der ecke stand und spinnt ohne ende... Habe mir wie empfohlen die beiden Programme geladen und das ist das ergebniss.... Bitte um Hilfe. Code:
ATTFilter # AdwCleaner v3.301 - Bericht erstellt am 29/07/2014 um 15:15:54
# Aktualisiert 28/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Andreas - ANDREAS-ANDREAS
# Gestartet von : C:\Users\Andreas\Downloads\adwcleaner_3.301.exe
# Option : Löschen
***** [ Dienste ] *****
[x] Nicht Gelöscht : BackupStack
[x] Nicht Gelöscht : Registry Helper Service
[x] Nicht Gelöscht : WajamUpdaterV3
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\Registry Helper
Ordner Gelöscht : C:\Program Files\Wajam
Ordner Gelöscht : C:\Windows\system32\SearchProtect
Ordner Gelöscht : C:\Users\Andreas\SearchProtect
Ordner Gelöscht : C:\Users\Andreas\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\eCyber
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\HoolappforAndroid
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\iSafe
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\Extensions\staged\ffxtlbr@mysearchdial.com
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com
Ordner Gelöscht : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel
Ordner Gelöscht : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Datei Gelöscht : C:\Windows\system32\RegistryHelperLM.ocx
Datei Gelöscht : C:\Users\Andreas\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js
Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js
***** [ Tasks ] *****
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 29.07.2014 Scan Time: 14:57:43 Logfile: scan 1 andreas.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.29.03 Rootkit Database: v2014.07.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Andreas Scan Type: Threat Scan Result: Completed Objects Scanned: 291346 Time Elapsed: 8 min, 5 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.Wajam.A, C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe, 2356, , [72d5d2d36c0f05312c6fcb49c0446a96] Modules: 0 (No malicious items detected) Registry Keys: 68 PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, , [82c5e3c2e29962d48d2c6e2958aa9f61], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, , [e85feabba6d5c076fcf0fe987d855fa1], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [c186871ef883e551506afa9d51b1738d], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [f750a9fca3d8ab8bbf427e191ee42ed2], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, , [99ae4d58542762d4084a5f38d32f32ce], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [fc4b0a9bd5a693a3b6e72e2fee14e31d], PUP.Optional.FindRight.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2C774641-5504-46A8-B63F-6715AE3FE376}, , [380fbaebc8b3112536929ac77f83da26], PUP.Optional.FindRight.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2C774641-5504-46A8-B63F-6715AE3FE376}, , [380fbaebc8b3112536929ac77f83da26], PUP.Optional.Wajam.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [3d0af6af1b602b0b1533dc880af846ba], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO, , [3d0af6af1b602b0b1533dc880af846ba], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO.1, , [3d0af6af1b602b0b1533dc880af846ba], PUP.Optional.Wajam.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [3d0af6af1b602b0b1533dc880af846ba], PUP.Optional.SupTab.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [093e00a57dfe999dc53164fd4cb6867a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [093e00a57dfe999dc53164fd4cb6867a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [093e00a57dfe999dc53164fd4cb6867a], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}, , [9daa1f8674072f076d3675219969ab55], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd, , [61e69e07cface94dd9c9960010f2f907], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd.1, , [61e69e07cface94dd9c9960010f2f907], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr, , [54f32b7a6b10053159482d6904fe7d83], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr.1, , [c285e1c487f446f0465b920439c9847c], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader, , [70d7c3e28deea2944e6d950139c9da26], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader.1, , [91b6fbaafa813df97348385e70927a86], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, , [5fe89b0aef8c64d21ecf2c6a0cf6817f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, , [ae99a500245791a532bbb7dffe0445bb], PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\awesomehpSoftware, , [dd6a9d0885f6ec4ad8adfef515ed53ad], PUP.Optional.Feven.A, HKLM\SOFTWARE\Feven Pro 1.2, , [5becced7e19aee486b0923b7e121e41c], PUP.Optional.FindRight.A, HKLM\SOFTWARE\FindRight, , [69deadf8e2990234095b8f6348bab749], PUP.Optional.MediaPlayerEnhance.A, HKLM\SOFTWARE\MediaPlayerEnhance, , [2b1c4e574338f0461e90539eee1407f9], PUP.Optional.Wajam.A, HKLM\SOFTWARE\Wajam, , [4afda7fe7cff45f14900d255a16357a9], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0044150.BHO, , [ba8d8c196318f93ddd5fdeef12f0a15f], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0044150.BHO.1, , [dd6a980d5f1cf93d2b11b01dbd45f010], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0044150.Sandbox, , [d37405a0512ab4826bd1d2fbcb378080], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0044150.Sandbox.1, , [67e03570daa19e986fcdfad35ca63ac6], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051682.BHO, , [b394aafb08731e182913b6179d6541bf], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051682.BHO.1, , [5deae2c3abd0bc7a0b313c91000237c9], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051682.Sandbox, , [3512dec72457c86e9ca09835e51d59a7], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051682.Sandbox.1, , [b295a3022b5061d5a59714b9f909d32d], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\priam_bho.DLL, , [99aeb6ef9cdfcc6ad831df31d133fe02], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\INSTALLCORE\mysearchdial, , [98af7a2b0972a78fbb5810fc788c0ef2], PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WajamUpdaterV3, , [72d5d2d36c0f05312c6fcb49c0446a96], PUP.Optional.Feven.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Feven Pro 1.2, , [92b5fbaa334890a6fa7b6476f01258a8], PUP.Optional.FindRight.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FindRight, , [83c4f1b4fd7ebb7bfe679f53e02221df], PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MediaPlayerEnhance, , [02455f461d5eb87ec9e651a0e31fbf41], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, , [69de92133744f93d8334fb1221e321df], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, , [48ffe4c1b2c9d165ceea9e6fd430c040], PUP.Optional.CrossRider.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [1c2be1c41b6046f067aa0d14db296997], PUP.Optional.Feven.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven Pro 1.2, , [133425801b60ce68c9adfedc659dd52b], PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, , [fc4b73325d1e84b2a10f8d6438ca7789], PUP.Optional.ViewPassword.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ViewPassword, , [2621a6ff6d0e5bdbb08e80540af87090], PUP.Optional.CrossRider.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER, , [84c3663f48336fc710900409c83cbd43], PUP.Optional.InstallCore.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [ae9910959edd0333227747aff80a55ab], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdial, , [2f18a5009fdc59dd2745769ba2628779], PUP.Optional.InstallCore.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [c483e1c405760333b0071fed24e034cc], PUP.Optional.Feven.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Feven, , [55f20a9b601b8aac42ae52c8b054b24e], PUP.Optional.Wajam.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, , [1e29bbeac2b9e74f010ac05033d106fa], Registry Values: 13 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [61e69e07cface94dd9c9960010f2f907], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{3004627E-F8E9-4E8B-909D-316753CBA923}, mysearchdial Toolbar, , [61e69e07cface94dd9c9960010f2f907] PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [c087bfe693e854e26f00ec77fd05f907], PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [c087bfe693e854e26f00ec77fd05f907] PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [c087bfe693e854e26f00ec77fd05f907] PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [7ccbdcc9730834024f202241887ab64a], PUP.Optional.QuickStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\cho8hiap.default-1360004657178\extensions\quick_start@gmail.com, , [0c3b297cdf9c2b0b8d4a6d7d877bed13] PUP.Optional.Wajam.A, HKLM\SOFTWARE\WAJAM|red, 4, , [3a0dddc81467c076898323edbc481be5] PUP.Optional.CrossRider.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER|Verifier, b08309e23270abb5945b345c011641e1, , [84c3663f48336fc710900409c83cbd43] PUP.Optional.InstallCore.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0B1G1O1S0V1G1F, , [c483e1c405760333b0071fed24e034cc] PUP.Optional.QuickStart.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, , [c087d9ccaccfa690c61fc311ab5706fa] PUP.Optional.Wajam.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}, C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi, , [a7a06144b4c7dc5aaf6522bb4cb6c040] PUP.Optional.Wajam.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 9001, , [1e29bbeac2b9e74f010ac05033d106fa] Registry Data: 2 PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.awesomehp.com/web/?type=ds&ts=1393597940&from=tugs&uid=WDCXWD1600JD-00HBB0_WD-WCAL92657842&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.awesomehp.com/web/?type=ds&ts=1393597940&from=tugs&uid=WDCXWD1600JD-00HBB0_WD-WCAL92657842&q={searchTerms}),,[f5526441f784d75fd5f2f0bea064857b] PUP.Optional.Awesomehp.A, HKU\S-1-5-21-658410979-1812693143-141536986-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.awesomehp.com/web/?type=ds&ts=1393597940&from=tugs&uid=WDCXWD1600JD-00HBB0_WD-WCAL92657842&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.awesomehp.com/web/?type=ds&ts=1393597940&from=tugs&uid=WDCXWD1600JD-00HBB0_WD-WCAL92657842&q={searchTerms}),,[2324cadb59220036c1074f5fb84c4ab6] Folders: 35 PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\images, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Wajam.A, C:\Program Files\Wajam, , [5dea7a2b1b6092a4976a3d6de9197e82], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Updater, , [5dea7a2b1b6092a4976a3d6de9197e82], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\mysearchdial, , [a1a633727902072fbb679e0c13ef7987], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\mysearchdial\icons_2.2.15.1631, , [a1a633727902072fbb679e0c13ef7987], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\mysearchdial\UpdateProc, , [a1a633727902072fbb679e0c13ef7987], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, , [c384168f4833290d786f515baa584fb1], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, , [c384168f4833290d786f515baa584fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\userCode, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\icons, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\icons\actions, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\api, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\popupResource, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults\preferences, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale\en-US, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.SystemSpeedup, C:\Users\Andreas\AppData\Roaming\systweak\ssd, , [77d0f4b191ea11252fed279c8f7312ee], PUP.Optional.SupTab.A, C:\Users\Andreas\AppData\Roaming\SupTab, , [ee592f7683f869cd049dcafeae54c33d], Files: 311 PUP.Optional.SupTab.A, C:\Users\Andreas\AppData\Roaming\SupTab\SupTab.dll, , [d374acf9017a1a1c71f88fa620e07b85], PUP.Optional.SilenceInstall, C:\Users\Andreas\AppData\Roaming\VOPackage\Uninstall.exe, , [57f01b8a2f4c64d2c5260139926e10f0], PUP.Optional.SilenceInstall, C:\Users\Andreas\AppData\Roaming\VOPackage\VOPackage.exe, , [1f287332a0dbf34376750d2d24dc758b], PUP.Optional.DomalQ, C:\Users\Andreas\Documents\Downloads\Setup.exe, , [12350e97c4b7dc5a6f2a5231778ddb25], PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\nskA0A.exe, , [a2a5fbaa532844f2e76994f728d9de22], PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\~nsu.tmp\Au_.exe, , [58ef5d48c1bacb6b69e7226943bec63a], PUP.Optional.Conduit.A, C:\Windows\Temp\nsiA08C.exe, , [aa9db6efa0db4aecdf71c0cbcd349769], PUP.Optional.Conduit.A, C:\Windows\Temp\nsiE0F5.exe, , [90b7b9eca9d2270fbe923259b74a3fc1], PUP.Optional.Conduit.A, C:\Windows\Temp\nsuA33C.exe, , [7dca94111269999d7ad6c8c3c53cf50b], PUP.Optional.Conduit.A, C:\Windows\Temp\nsyE065.exe, , [a99ed1d4f2897db95cf4860553ae946c], PUP.Optional.MySearchDial.A, C:\Windows\System32\Tasks\MySearchDial, , [98af485d4a31e74fb3dc4b888f73ae52], PUP.Optional.ViewPassword.A, C:\Windows\System32\Tasks\View Password Update, , [1c2b1c89f982db5b79a3a0341de57b85], PUP.Optional.ViewPassword.A, C:\Windows\System32\Tasks\View Password_wd, , [ec5b822392e935011606b91b57ab2ed2], PUP.Optional.MySearchDial.A, C:\Windows\Tasks\MySearchDial.job, , [b6912a7b23583afc0a43b223a75bf808], PUP.Optional.Wajam.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage, , [05426342b8c3a09636a34d9b44be1ae6], PUP.Optional.FindRight.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi, , [96b1267ff2893ff70cea33b8857d26da], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\searchplugins\Mysearchdial.xml, , [4bfcc6df116acf677cdd95574fb34fb1], PUP.Optional.MediaPlayerEnhance.A, C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job, , [1c2b079e4b3062d4832aa0516c96dd23], PUP.Optional.MediaPlayerEnhance.A, C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job, , [63e4c8dd4b3082b4505d6d84b2509f61], PUP.Optional.MediaPlayerEnhance.A, C:\Windows\Tasks\MediaPlayerEnhance-enabler.job, , [75d2b9ece69502345459e809fa083dc3], PUP.Optional.MediaPlayerEnhance.A, C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job, , [4403e9bcfc7fa393b1fc688937cbc23e], PUP.Optional.MediaPlayerEnhance.A, C:\Windows\Tasks\MediaPlayerEnhance-updater.job, , [60e744618deede58d2db658c07fbda26], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\67.json, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\uninstallDlg.xml, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\UninstallManager.exe, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\images\bg1.png, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\images\button1.png, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\images\checked.png, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\images\close.png, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\images\min.png, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\images\Thumbs.db, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Awesomehp.A, C:\Users\Andreas\AppData\Roaming\awesomehp\images\unchecked.png, , [e56271346516cf67ce92876c89793dc3], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe, , [72d5d2d36c0f05312c6fcb49c0446a96], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Updater\update.exe, , [5dea7a2b1b6092a4976a3d6de9197e82], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\mysearchdial\icons_2.2.15.1631\62.ico, , [a1a633727902072fbb679e0c13ef7987], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\mysearchdial\icons_2.2.15.1631\80.ico, , [a1a633727902072fbb679e0c13ef7987], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\mysearchdial\UpdateProc\config.dat, , [a1a633727902072fbb679e0c13ef7987], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\mysearchdial\UpdateProc\info.dat, , [a1a633727902072fbb679e0c13ef7987], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\mysearchdial\UpdateProc\STTL.DAT, , [a1a633727902072fbb679e0c13ef7987], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT, , [a1a633727902072fbb679e0c13ef7987], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe, , [a1a633727902072fbb679e0c13ef7987], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, , [c384168f4833290d786f515baa584fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\background.html, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\chromeCoreFilesIndex.txt, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\crossriderManifest.json, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\manifest.json, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\popup.html, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\manifest.xml, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins.json, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\102_dealply_m.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\103_intext_5_m.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\104_jollywallet_m.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\13_CrossriderAppUtils.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\14_CrossriderUtils.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\155_ibario_pops_m.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\177_crossriderDashboard.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\17_jQuery.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\182_openUrl.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\183_tabsWrapper.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\184_noproblemppc_m.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\190_pops_5_m.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\191_ciuvo_m.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\19_CHAppAPIWrapper.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\1_base.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\207_dbWrapper.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\21_debug.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\22_resources.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\28_initializer.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\47_resources_background.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\4_jquery_1_7_1.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\64_appApiMessage.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\72_appApiValidation.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\78_CrossriderInfo.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\80_CHPopupAppAPI.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\91_monetizationLoader.js.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\93_superfish_no_coupons_m.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\97_resourceApiWrapper.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\userCode\background.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\userCode\extension.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\icons\icon128.png, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\icons\icon16.png, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\icons\icon48.png, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\icons\actions\1.png, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\background.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\main.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\platformVersion.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\api\chrome.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\api\cookie.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\api\message.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\api\monitor.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\api\pageAction.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\api\pageActionBG.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\app_api.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\bg_app_api.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\consts.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\cookie_store.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\crossriderAPI.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\delegate.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\events.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\extensionDataStore.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\installer.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\logFile.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\logging.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\onBGDocumentLoad.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\reports.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\storageWrapper.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\updateManager.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\util.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\xhr.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\popupResource\newPopup.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\js\lib\popupResource\popup.js, , [014665401863cc6a58050aa343bf41bf], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome.manifest, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\install.rdf, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\04d542d84d2a7706a5bbdbe2f23ee719.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\086faaa9095206e331d890ee911a6b14.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\15cdae76e619f0e15c96f307e56476cd.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\1e923434bb15ac7d2e0b59ea3617b4a4.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\26f78072773f5c510d09f76007d27e46.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\background.html, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\browser.xul, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\df8dc48947b2afaeb5c8b4599f63d69e.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\dialog.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\ffCoreFilesIndex.txt, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\options.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\options.xul, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\search_dialog.xul, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\12040f818b5aa57008a12a0315b724da.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\292954d439db29ca5af9ed2e5cf79553.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\389e6592eedd39c3b476bfb9592957f5.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\38e7287477b25cd0a727a1c0d5d4a8d7.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\39dfdeaa0f7ab61c3ab528953da7b20b.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\51fb8d02dfecd9810f77a756dab286f4.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\62b8170674c1eecc74217d0edf16a88f.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\6894b8180c3f002e00aac9d69bf4b218.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\74578d89f9794a833a004372a47d02e6.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\9c69143d1bc9cf5182d63b78010b5dd0.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\b4f3ef04906833ebe31707f48c7b10f7.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\dbe9fa9312a83ef288a8b9a11b782816.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\e0528c29b4b76ae454dd32b4f90ba489.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\e8e0cdca4f69cd59cebcda4a5a068d28.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\fd11bb413f009baa0c43c492f32ab469.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\fffb91a09ad9dbab07d39f341e3c9ce0.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\155caef788f51e57a48f5475610ae2ee.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\196bb277a53dc2d2b7096784f8e4b824.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\1973d3913b744136a90f98fed74839dd.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\2cc0f0d222b6a06e9c40286335576742.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\4cd532c6eae476e1474f7f5acb1415e6.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\5bb41f07ea6db06a89b6ad9bdbe0bc17.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\784eae0c29c457cbec2431127f937568.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\7ce04b2947b7cf4902e3bc3a3b9f7d41.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\80795ac513f8eefefcbf19e6a2ab9f62.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\8cc628b090aea6fc6ad5c8d86d3703a2.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\9499d57ef8c213406c9c1b83617ac602.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\958c372f646c76600bba2ca85d1d3020.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\9cc5ae6e2667e5e74bad6b1b6a4feb56.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\ac919b8c0894777ad7d894b167cc68ca.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\bd49ee42f2ab163745fef83fabf9abcb.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\c112b30db420a802f30d41c470324f0b.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\c6ace4201b6fca12d6d42ab706e93417.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\d2e41b4a66355d5142b395b942c9ea6b.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\f3fb888062cffd23efaf3fc752b4adda.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\fb52286059e1259beb4ca89fbeb82ff1.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\installer.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults\preferences\prefs.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\manifest.xml, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins.json, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\223.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\1.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\102.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\104.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\13.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\14.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\16.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\17.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\177.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\180.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\182.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\183.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\184.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\191.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\195.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\207.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\21.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\211.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\22.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\220.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\221.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\226.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\230.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\233.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\242.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\244.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\246.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\260.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\262.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\263.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\268.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\273.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\28.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\281.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\284.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\286.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\287.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\288.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\289.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\291.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\4.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\47.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\64.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\7.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\72.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\78.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\9.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\93.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\98.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode\background.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode\extension.js, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale\en-US\translations.dtd, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button1.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button2.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button3.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button4.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button5.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\crossrider_statusbar.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon128.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon16.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon24.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon48.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\panelarrow-up.png, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\popup.html, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\skin.css, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\update.css, , [ac9b4a5bc9b21521298ffeb10ef44fb1], PUP.Optional.SystemSpeedup, C:\Users\Andreas\AppData\Roaming\systweak\ssd\SSDPTstub.exe, , [77d0f4b191ea11252fed279c8f7312ee], PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage" : "hxxp://start.mysearchdial.com/?f=1&a=cmi0301ff&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtD0DyE0BtByEtDzy0B0EtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1654670423&ir=",), ,[bc8b2c792e4d74c26fb4edfc3ec6d12f] PUP.Optional.CrossRider.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14479ab4fc2376126ad4ef0c0d240891");), ,[b0974d5886f5e4523c439b4dc24223dd] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), ,[ef58d7ce8cef092d266bfbee61a304fc] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.aflt", "orgnl");), ,[3116c7de7dfe52e4078a4a9f659fa25e] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), ,[54f3adf86d0ef73fa5ec41a8f90bef11] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.autoRvrt", "false");), ,[054241647cffa393eba66782ed17c739] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.dfltLng", "de");), ,[6add65400477e254d6bbc2276c988878] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.excTlbr", false);), ,[20273f667dfe290dff9208e181830ff1] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), ,[f84f51540f6c61d55b3635b47391966a] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.id", "28f809be0000000000000024210d4b24");), ,[71d603a29be0c86ed2bf589132d223dd] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlDay", "16280");), ,[59eec0e5a9d247ef1180cb1e8381be42] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlRef", "sst");), ,[0a3df5b092e93600771affeae123a25e] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.newTab", false);), ,[4ff85a4b81faf541b2df2fbab054d22e] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.prdct", "buenosearch");), ,[54f3c5e094e77fb7702137b2ca3af907] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), ,[0b3cdbca700b51e59bf62fbad52fa45c] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.rvrt", "false");), ,[89bedfc69cdf87afafe2a1483cc8f808] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.smplGrp", "none");), ,[291e564fb6c5b086bcd5da0f778d8977] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_def&mntrId=28F80024210D4B24&affID=117662&tl=11314_&tsp=5323");), ,[f453c3e217649f97464b5792ba4a29d7] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrId", "base");), ,[8abd683d5328a3935f32a2471aeac937] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_def&mntrId=28F80024210D4B24&affID=117662&tl=11314_&tsp=5323");), ,[f84f8223fd7e45f1fe93e50418ec33cd] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), ,[0b3c70350a71ac8a7a178762699b4cb4] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.710:46:22");), ,[c97e8c19c1bab97da4ed737632d209f7] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), ,[c97e4b5a4536999d7a170ddc4fb50af6] PUP.Optional.BuenoSearch.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_def&mntrId=28F80024210D4B24&affID=117662&tl=11314_&tsp=5323");), ,[b88f3f666e0dd75fddb53dab2fd5619f] PUP.Optional.BuenoSearch.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_def&mntrId=28F80024210D4B24&affID=117662&tl=11314_&tsp=5323");), ,[36115d488af195a1f89a737522e27789] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.id", "28f809be0000000000000024210d4b24");), ,[80c71d887cffdf577c14eaffd82c44bc] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), ,[2c1b82232853fe388a06eaffd82c6997] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlDay", "16280");), ,[df68a7fe1b60999d553b09e0de2638c8] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), ,[c186d0d5d2a9fa3c2b6516d39c6812ee] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), ,[57f06b3aaad175c1414f7d6c7f8533cd] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.710:46:22");), ,[65e2fca9205bcc6aff91b93030d49e62] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), ,[192e0d98b5c656e078188663d034926e] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.prdct", "buenosearch");), ,[3314f7aeee8d51e500904d9c7c880ef2] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.aflt", "orgnl");), ,[470050559ae1f93dfa96648524e0a35d] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.smplGrp", "none");), ,[49fe0d98255658de8d03db0ef60e916f] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrId", "base");), ,[78cffca987f41422c8c841a8b4502bd5] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlRef", "sst");), ,[a3a4a500df9ce3530d833dac887c0df3] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.dfltLng", "de");), ,[65e2bce9d1aa330398f88465986cf010] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.excTlbr", false);), ,[2c1b8520c6b51b1b1d7321c8b3519868] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), ,[2324cadb0a71aa8c89071acf4bb9e51b] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), ,[21267b2ad0ab8bab325e4d9c59ab60a0] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.autoRvrt", "false");), ,[83c4663f3d3e2214c1cf905964a0916f] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.rvrt", "false");), ,[1730e2c3413a0531ace4f0f94eb6cb35] PUP.Optional.BuenoSearch, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.newTab", false);), ,[0542b0f50a71dd593a5628c123e1c739] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=cmi0301ff&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtD0DyE0BtByEtDzy0B0EtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1654670423&ir=");), ,[f354099c5a2104324577a64228dc9e62] PUP.Optional.MySearch.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.aflt", "cmi0301ff");), ,[84c36a3bbac1aa8cb8c6e404a163a957] PUP.Optional.MySearch.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.instlRef", "");), ,[2d1a4263b7c43afc384601e78d77cf31] PUP.Optional.MySearch.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cr", "1654670423");), ,[b790ebbae99272c4a8d616d2b054a858] PUP.Optional.MySearch.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtByEtBtCtD0DyE0BtByEtDzy0B0EtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");), ,[1f285451f388dd59acd237b19e6654ac] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true);), ,[78cf9b0a86f5c670097e4f9915efc43c] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=cmi0301ff&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtD0DyE0BtByEtDzy0B0EtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1654670423&ir=");), ,[2a1dccd93942ef474740ab3dfa0ad729] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true);), ,[e95e94117dfed462a6e106e2d034ea16] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), ,[85c2f0b56813c670fa8dce1aa1635ba5] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true);), ,[0c3b7a2b502b2115c1c604e4b64e3cc4] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false);), ,[e0671293de9ddd5946413cacc83c12ee] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=cmi0301ff&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtD0DyE0BtByEtDzy0B0EtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1654670423&ir=");), ,[f94eaef74d2e3006aed9e800f50ffe02] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=cmi0301ff&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtD0DyE0BtByEtDzy0B0EtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1654670423&ir=&q=");), ,[b295267fed8e91a576113eaa3bc99967] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "0024210D4B2409BE");), ,[cd7a7e27cfac999db8cf15d314f0de22] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16129");), ,[de69dacb9ddea6907c0ba543da2a8080] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");), ,[1b2c9f0625563df9f295ac3ca3616997] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");), ,[e760921349324de9483f4c9c34d0f50b] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:41:34");), ,[3611e5c00576d0668ef930b81aeab947] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), ,[8dbae3c2ccafba7c8502519715eff50b] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), ,[1136a9fc90eba591dbac36b2778d54ac] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "cmi0301ff");), ,[90b71f86c7b45fd70d7ae50371937b85] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), ,[2a1d594c94e7cf67fb8c5b8d6b9935cb] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base");), ,[9cab465fc0bb0432acdbf7f1d52ff709] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "");), ,[f255c7dea6d552e4f295f2f6c73d8c74] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", "");), ,[59ee2f76c7b4e4526324866251b3e818] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), ,[5aed93124932ab8b582f63854fb5a35d] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false);), ,[380f85202853e551325523c508fcd52b] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.hmpg", true);), ,[c0875f46ccafb581d5b20eda1be9916f] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "1654670423");), ,[4cfbb0f5225986b013747f699074db25] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByEtBtCtD0DyE0BtByEtDzy0B0EtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");), ,[cb7c772e097243f3bec9aa3e28dca65a] PUP.Optional.MySearchDial.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ahbs6lvk.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.AL", 2);), ,[2a1d5154cbb05dd933546385fe06a858] Physical Sectors: 0 (No malicious items detected) (end) |
|
29.07.2014, 14:51
| #2 |
| Ruhe in Frieden † 2019     | Log auswertung von Vieren verseuchtem Rechner Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Fragen Was heisst das genau, dass der Rechner spinnt.  Schritt 2 Funde von Malwarebytes in die Quarantäne verschieben Schritt 3 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
29.07.2014, 14:59
| #3 |
| | Log auswertung von Vieren verseuchtem Rechner nunja es ist recht schwer zu erklären....
__________________der rechner ist extrem langsam und schwerfällig. Firefox braucht extrem lange und öffnet ungefragt Seite. Hier die beiden geforderten Files : FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Andreas (administrator) on ANDREAS-ANDREAS on 29-07-2014 15:55:53
Running from C:\Users\Andreas\Downloads
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\NETFXRepair.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-658410979-1812693143-141536986-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=cmi0301ff&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtD0DyE0BtByEtDzy0B0EtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1654670423&ir="
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Wajam) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-20]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Google-Suche) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (Google Mail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-29] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 15:55 - 2014-07-29 15:56 - 00008799 _____ () C:\Users\Andreas\Downloads\FRST.txt
2014-07-29 15:55 - 2014-07-29 15:55 - 01084416 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2014-07-29 15:55 - 2014-07-29 15:55 - 00000000 ___DC () C:\FRST
2014-07-29 15:17 - 2014-07-29 15:48 - 00058968 _____ () C:\Windows\PFRO.log
2014-07-29 15:17 - 2014-07-29 15:48 - 00011838 _____ () C:\Windows\setupact.log
2014-07-29 15:17 - 2014-07-29 15:17 - 00296048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-29 15:17 - 2014-07-29 15:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 15:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-29 15:14 - 2014-07-29 15:47 - 00000000 ___DC () C:\AdwCleaner
2014-07-29 15:09 - 2014-07-29 15:09 - 01365551 _____ () C:\Users\Andreas\Desktop\adwcleaner_3.301.exe
2014-07-29 15:06 - 2014-07-29 15:06 - 00095315 ____C () C:\scan 1 andreas.txt
2014-07-29 14:56 - 2014-07-29 14:56 - 00001103 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-29 14:56 - 2014-07-29 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-29 14:56 - 2014-07-29 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-07-29 14:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-29 14:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-29 14:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-29 14:54 - 2014-07-29 14:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-29 14:46 - 2014-07-29 14:46 - 00064848 _____ () C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-29 13:47 - 2014-07-29 13:47 - 00003296 ____N () C:\bootsqm.dat
2014-07-29 11:52 - 2014-07-29 15:53 - 00282072 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 11:52 - 2014-07-29 15:48 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 11:52 - 2014-07-29 14:57 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 11:00 - 2014-07-29 11:00 - 00000016 _____ () C:\Users\Andreas\AppData\Roaming\mbam.context.scan
2014-07-29 10:25 - 2014-07-29 10:25 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Microsoft Corporation
2014-07-29 10:18 - 2014-07-29 15:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 21:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-29 15:56 - 2014-07-29 15:55 - 00008799 _____ () C:\Users\Andreas\Downloads\FRST.txt
2014-07-29 15:55 - 2014-07-29 15:55 - 01084416 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2014-07-29 15:55 - 2014-07-29 15:55 - 00000000 ___DC () C:\FRST
2014-07-29 15:53 - 2014-07-29 11:52 - 00282072 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 15:52 - 2010-11-20 23:01 - 01472006 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-29 15:48 - 2014-07-29 15:17 - 00058968 _____ () C:\Windows\PFRO.log
2014-07-29 15:48 - 2014-07-29 15:17 - 00011838 _____ () C:\Windows\setupact.log
2014-07-29 15:48 - 2014-07-29 11:52 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 15:48 - 2014-02-28 18:37 - 00000978 _____ () C:\Windows\Tasks\Installer for avg_safeguard.job
2014-07-29 15:48 - 2014-02-28 18:37 - 00000264 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-07-29 15:48 - 2014-02-28 16:42 - 00000286 _____ () C:\Windows\Tasks\FF Watcher {3883C2A8-C5E8-4C37-AF7F-C70E95D6B517}.job
2014-07-29 15:48 - 2013-02-07 16:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-29 15:48 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 15:47 - 2014-07-29 15:14 - 00000000 ___DC () C:\AdwCleaner
2014-07-29 15:28 - 2014-07-29 10:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-07-29 15:26 - 2009-07-14 06:34 - 00025904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-29 15:26 - 2009-07-14 06:34 - 00025904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-29 15:22 - 2014-02-28 16:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-29 15:17 - 2014-07-29 15:17 - 00296048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-29 15:17 - 2014-07-29 15:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 15:17 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2014-07-29 15:15 - 2014-02-17 18:24 - 00000000 ____D () C:\Users\Andreas
2014-07-29 15:09 - 2014-07-29 15:09 - 01365551 _____ () C:\Users\Andreas\Desktop\adwcleaner_3.301.exe
2014-07-29 15:06 - 2014-07-29 15:06 - 00095315 ____C () C:\scan 1 andreas.txt
2014-07-29 15:00 - 2014-02-28 18:37 - 00000270 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-07-29 14:57 - 2014-07-29 11:52 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 14:56 - 2014-07-29 14:56 - 00001103 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-29 14:56 - 2014-07-29 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-29 14:56 - 2014-07-29 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-07-29 14:56 - 2014-02-22 16:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-29 14:54 - 2014-07-29 14:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-29 14:50 - 2014-02-22 16:20 - 00000000 ____D () C:\Windows\pss
2014-07-29 14:46 - 2014-07-29 14:46 - 00064848 _____ () C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-29 14:35 - 2014-02-28 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
2014-07-29 14:20 - 2014-03-15 11:40 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DesktopIconGoodgame
2014-07-29 14:20 - 2014-02-19 10:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-29 14:20 - 2014-02-17 18:24 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-29 14:20 - 2014-02-15 12:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 14:20 - 2013-02-04 12:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 14:20 - 2010-11-21 02:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-29 14:20 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-29 14:20 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-07-29 14:20 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-29 14:20 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\IME
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-29 14:19 - 2013-02-04 14:31 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-29 14:19 - 2010-11-21 02:47 - 00000000 ____D () C:\Windows\ShellNew
2014-07-29 14:19 - 2010-11-21 02:38 - 00000000 ____D () C:\Windows\system32\winrm
2014-07-29 14:19 - 2010-11-21 02:38 - 00000000 ____D () C:\Windows\system32\WCN
2014-07-29 14:19 - 2010-11-21 02:38 - 00000000 ____D () C:\Windows\system32\slmgr
2014-07-29 14:19 - 2010-11-21 02:38 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-07-29 14:19 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-07-29 14:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-29 14:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\com
2014-07-29 14:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-07-29 13:47 - 2014-07-29 13:47 - 00003296 ____N () C:\bootsqm.dat
2014-07-29 11:53 - 2013-05-07 13:00 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-29 11:53 - 2013-02-08 18:24 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-29 11:53 - 2013-02-08 18:24 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-29 11:48 - 2014-03-15 11:40 - 00000318 _____ () C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2014-07-29 11:34 - 2014-02-22 16:44 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-29 11:34 - 2014-02-22 16:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-29 11:00 - 2014-07-29 11:00 - 00000016 _____ () C:\Users\Andreas\AppData\Roaming\mbam.context.scan
2014-07-29 10:58 - 2013-08-19 08:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-29 10:25 - 2014-07-29 10:25 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Microsoft Corporation
2014-07-23 10:52 - 2013-02-04 11:52 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-03-15 16:17
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-07-2014
Ran by Andreas at 2014-07-29 15:56:54
Running from C:\Users\Andreas\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Digimax Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.5 - Samsung)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-03-2014 12:30:04 Microsoft .NET Framework 4.5.1 wird entfernt
06-03-2014 18:51:55 Windows Update
13-03-2014 05:39:46 Windows Update
13-03-2014 05:44:48 Windows Update
15-03-2014 14:24:45 Sprachpaketdeinstallation
29-07-2014 08:06:56 Windows Update
29-07-2014 08:21:53 Windows 7 Upgrade Advisor wird installiert
29-07-2014 08:50:29 Windows Update
29-07-2014 10:00:14 Windows 7 Upgrade Advisor wird entfernt
29-07-2014 12:06:46 Wiederherstellungsvorgang
29-07-2014 12:27:31 AA11
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05575408-8F7F-4649-B2EC-0F96B67F0F88} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {143ECA48-B93B-46B3-AB64-808C02E72830} - System32\Tasks\{B33E041C-712D-45AC-A5A5-2CFD006071E4} => Firefox.exe
Task: {14C5DBDF-BDF3-4FF8-A244-A35F6004AF84} - System32\Tasks\Driver Mender-RTMUpdater => C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe
Task: {1D56870D-5FF0-4FCF-8BD9-C46D466F1EC3} - System32\Tasks\{DECC6BB3-679E-4837-AAEA-D56C990B22B7} => Firefox.exe
Task: {234EB2CF-8609-44CB-A85C-77381CF6E710} - System32\Tasks\{3D94478A-9D1F-49E0-82E5-5A6A45310589} => Firefox.exe
Task: {2A726288-E30F-49CD-AC66-1B4B1194772B} - System32\Tasks\Digital Sites => C:\Users\Andreas\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3199C58E-282D-4846-A5D3-E19FA49908DE} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {3679E954-61EF-4E40-BCF5-DFEA3E5423FE} - System32\Tasks\{D7681A96-84C4-476F-B321-E87E3FA40410} => Firefox.exe
Task: {3FE47803-A2DA-4722-B113-D8EA1D87BDED} - System32\Tasks\{AA5F401C-DF34-476A-9ED0-E5DAAFED1CCC} => C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\setup.exe [2005-08-23] (Macrovision Corporation)
Task: {46A8C904-EC5E-419A-B95F-818BDF39E1F2} - \View Password Update No Task File <==== ATTENTION
Task: {4DC22769-B239-4C1C-B6EA-9D9D1FCC7285} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4EB8D646-B6DE-4524-9654-E156A9DE25C0} - System32\Tasks\{40732FFF-3A76-4BA4-B80F-A3C0E990209B} => C:\Users\Andreas\crashreporter.exe
Task: {5C00D94A-CAE7-4CF1-A700-EEBFB87D0C12} - System32\Tasks\Driver Mender-RTMRules => C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe
Task: {65E46572-2F23-4CE7-BA06-9AB1C2689D00} - System32\Tasks\APSnotifierCA => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: {679BCD39-A78B-4F92-B418-01E4D378F77D} - System32\Tasks\Installer for avg_safeguard => C:\Program Files\Uniblue\SpeedUpMyPC\thirdpartyinstaller.exe
Task: {77A001D0-0192-4FFC-87FF-8813DA5A1EE3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {78E57191-1B70-4379-9ABA-3491E18D8268} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29] (Adobe Systems Incorporated)
Task: {90BD9508-3D21-4F66-9987-1FCC97252EB7} - System32\Tasks\{6F698AB3-5F15-4865-B367-8CDEB446D1BC} => Firefox.exe
Task: {9B842790-424B-4D69-885B-38FEF9CFC35A} - System32\Tasks\{2688964A-B113-40E3-96CB-3EC0E91BD2FC} => Firefox.exe
Task: {9D4BDD2A-2160-47AD-8B70-8521161BD734} - System32\Tasks\{4C60DEB6-40B2-4855-86CD-1D4702EE82C3} => C:\Users\Andreas\Downloads\startxxl_setup.exe
Task: {A0BBECB0-9089-42DF-BC11-2D6343FF11FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {AC262EA6-1E9B-476C-B918-2D4C7FE61470} - System32\Tasks\FF Watcher {3883C2A8-C5E8-4C37-AF7F-C70E95D6B517} => C:\Program Files\V-bates\PrefHelper.exe
Task: {C88E0B45-3DC9-4EA4-A8B1-E0E1F25DDE58} - System32\Tasks\{888B3477-561B-4B9B-BE25-46013AA47EE1} => Firefox.exe
Task: {C8F60146-0C92-4653-9EA4-75A214D0B168} - \View Password_wd No Task File <==== ATTENTION
Task: {D1107516-D0BD-4A30-982D-BC7C68C54B89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {D2637B84-D7B2-4535-BAB5-123C818AE692} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {D5688526-17B2-4892-BCB2-57190DD35E66} - System32\Tasks\Driver Mender-RTMScan => C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe
Task: {D6E7BF6A-DCA1-48F8-973E-014DAAE262EF} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {EC9331D7-2637-4245-A5A0-537CE9381109} - System32\Tasks\{891F5779-62A4-4F95-AF6A-02B125AAC031} => C:\Program Files\Samsung\Digimax Master\DigimaxMaster.exe [2005-08-19] (STOIK Imaging (www.stoik.com))
Task: {F0DB23A9-ACC2-4186-A8C1-60720BB8E58E} - System32\Tasks\Hoolapp For Android => C:\Users\Andreas\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F1CD482E-CAD6-46B9-B2B9-0AF16EF10189} - System32\Tasks\{7D63FF04-9F15-426A-B2C9-E0BBB9B6F6FB} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe [2014-07-29] (Avira Operations GmbH & Co. KG)
Task: {F589F41D-08D5-4D72-870C-96A15133C4EE} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {F80DA596-E3D0-4CFD-B649-571B4F6E2508} - System32\Tasks\Hoolapp Init => C:\Users\Andreas\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {3883C2A8-C5E8-4C37-AF7F-C70E95D6B517}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Installer for avg_safeguard.job => C:\Users\Andreas\AppData\Local\Temp\Uniblue\Offers\AVG_Safeguard.exe
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe
==================== Loaded Modules (whitelisted) =============
2014-02-15 12:28 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-29 11:34 - 2014-07-29 11:34 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/29/2014 03:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvcplui.exe, Version: 7.5.760.0, Zeitstempel: 0x5267756b
Name des fehlerhaften Moduls: NVCPL.DLL, Version: 8.17.13.3165, Zeitstempel: 0x52676e9a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001d2dd3
ID des fehlerhaften Prozesses: 0xb8c
Startzeit der fehlerhaften Anwendung: 0xnvcplui.exe0
Pfad der fehlerhaften Anwendung: nvcplui.exe1
Pfad des fehlerhaften Moduls: nvcplui.exe2
Berichtskennung: nvcplui.exe3
Error: (07/29/2014 03:49:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 03:48:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79791
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.16521, Zeitstempel: 0x5311622b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0031095a
ID des fehlerhaften Prozesses: 0x8b0
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3
Error: (07/29/2014 03:45:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 03:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79791
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.16521, Zeitstempel: 0x5311622b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0031095a
ID des fehlerhaften Prozesses: 0x914
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3
Error: (07/29/2014 03:19:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79791
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.16521, Zeitstempel: 0x5311622b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0031095a
ID des fehlerhaften Prozesses: 0xde0
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3
Error: (07/29/2014 03:18:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/29/2014 03:53:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 03:53:02 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 03:45:40 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 03:45:40 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 03:26:12 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 03:24:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 03:19:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 03:19:09 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 03:17:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Registry Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/29/2014 03:17:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (07/29/2014 03:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvcplui.exe7.5.760.05267756bNVCPL.DLL8.17.13.316552676e9ac0000005001d2dd3b8c01cfab34474bab5aC:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLL8867faee-1727-11e4-b555-0024210d4b24
Error: (07/29/2014 03:49:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 03:48:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.1.7601.175144ce79791mshtml.dll11.0.9600.165215311622bc00000050031095a8b001cfab33cd334aaaC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\mshtml.dll15081730-1727-11e4-b555-0024210d4b24
Error: (07/29/2014 03:45:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 03:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.1.7601.175144ce79791mshtml.dll11.0.9600.165215311622bc00000050031095a91401cfab332c802a74C:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\mshtml.dll7600c6ef-1726-11e4-8a45-0024210d4b24
Error: (07/29/2014 03:19:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.1.7601.175144ce79791mshtml.dll11.0.9600.165215311622bc00000050031095ade001cfab2fc1268b18C:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\mshtml.dll01f2af99-1723-11e4-84fe-0024210d4b24
Error: (07/29/2014 03:18:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3327.3 MB
Available physical RAM: 2080.07 MB
Total Pagefile: 6652.9 MB
Available Pagefile: 5248.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:112.1 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 19611960)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
29.07.2014, 15:17
| #4 |
| Ruhe in Frieden † 2019 | Log auswertung von Vieren verseuchtem Rechner Hallo, Funde von Malwarebytes hast du quarantiniert? Probleme immer noch in dem Ausmass vorhanden? Auch nach diesen Schritten? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {2A726288-E30F-49CD-AC66-1B4B1194772B} - System32\Tasks\Digital Sites => C:\Users\Andreas\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {46A8C904-EC5E-419A-B95F-818BDF39E1F2} - \View Password Update No Task File <==== ATTENTION
Task: {65E46572-2F23-4CE7-BA06-9AB1C2689D00} - System32\Tasks\APSnotifierCA => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: {679BCD39-A78B-4F92-B418-01E4D378F77D} - System32\Tasks\Installer for avg_safeguard => C:\Program Files\Uniblue\SpeedUpMyPC
Task: {C8F60146-0C92-4653-9EA4-75A214D0B168} - \View Password_wd No Task File <==== ATTENTION
Task: {D6E7BF6A-DCA1-48F8-973E-014DAAE262EF} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {F0DB23A9-ACC2-4186-A8C1-60720BB8E58E} - System32\Tasks\Hoolapp For Android => C:\Users\Andreas\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F80DA596-E3D0-4CFD-B649-571B4F6E2508} - System32\Tasks\Hoolapp Init => C:\Users\Andreas\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {3883C2A8-C5E8-4C37-AF7F-C70E95D6B517}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Andreas\AppData\Roaming\DIGITA~1
C:\Users\Andreas\AppData\Roaming\HOOLAPP
C:\Program Files\AnyProtectEx
C:\Program Files\Uniblue\SpeedUpMyPC
C:\Program Files\V-bates
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2
Schritt 3
Schritt 4 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 5 Starte noch einmal FRST.
|
|
29.07.2014, 17:17
| #5 |
| | Log auswertung von Vieren verseuchtem Rechner Schritt 1 : Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014
Ran by Andreas at 2014-07-29 17:28:38 Run:1
Running from C:\Users\Andreas\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {2A726288-E30F-49CD-AC66-1B4B1194772B} - System32\Tasks\Digital Sites => C:\Users\Andreas\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {46A8C904-EC5E-419A-B95F-818BDF39E1F2} - \View Password Update No Task File <==== ATTENTION
Task: {65E46572-2F23-4CE7-BA06-9AB1C2689D00} - System32\Tasks\APSnotifierCA => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: {679BCD39-A78B-4F92-B418-01E4D378F77D} - System32\Tasks\Installer for avg_safeguard => C:\Program Files\Uniblue\SpeedUpMyPC
Task: {C8F60146-0C92-4653-9EA4-75A214D0B168} - \View Password_wd No Task File <==== ATTENTION
Task: {D6E7BF6A-DCA1-48F8-973E-014DAAE262EF} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {F0DB23A9-ACC2-4186-A8C1-60720BB8E58E} - System32\Tasks\Hoolapp For Android => C:\Users\Andreas\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F80DA596-E3D0-4CFD-B649-571B4F6E2508} - System32\Tasks\Hoolapp Init => C:\Users\Andreas\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {3883C2A8-C5E8-4C37-AF7F-C70E95D6B517}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Andreas\AppData\Roaming\DIGITA~1
C:\Users\Andreas\AppData\Roaming\HOOLAPP
C:\Program Files\AnyProtectEx
C:\Program Files\Uniblue\SpeedUpMyPC
C:\Program Files\V-bates
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A726288-E30F-49CD-AC66-1B4B1194772B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A726288-E30F-49CD-AC66-1B4B1194772B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Digital Sites => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46A8C904-EC5E-419A-B95F-818BDF39E1F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46A8C904-EC5E-419A-B95F-818BDF39E1F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\View Password Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65E46572-2F23-4CE7-BA06-9AB1C2689D00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65E46572-2F23-4CE7-BA06-9AB1C2689D00}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierCA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierCA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{679BCD39-A78B-4F92-B418-01E4D378F77D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{679BCD39-A78B-4F92-B418-01E4D378F77D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Installer for avg_safeguard => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer for avg_safeguard" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8F60146-0C92-4653-9EA4-75A214D0B168}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8F60146-0C92-4653-9EA4-75A214D0B168}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\View Password_wd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6E7BF6A-DCA1-48F8-973E-014DAAE262EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6E7BF6A-DCA1-48F8-973E-014DAAE262EF}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0DB23A9-ACC2-4186-A8C1-60720BB8E58E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0DB23A9-ACC2-4186-A8C1-60720BB8E58E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Hoolapp For Android => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hoolapp For Android" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F80DA596-E3D0-4CFD-B649-571B4F6E2508}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F80DA596-E3D0-4CFD-B649-571B4F6E2508}" => Key deleted successfully.
C:\Windows\System32\Tasks\Hoolapp Init => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hoolapp Init" => Key deleted successfully.
C:\Windows\Tasks\APSnotifierCA.job => Moved successfully.
C:\Windows\Tasks\FF Watcher {3883C2A8-C5E8-4C37-AF7F-C70E95D6B517}.job => Moved successfully.
C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => Moved successfully.
C:\Windows\Tasks\SpeedUpMyPC Startup.job => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"C:\Users\Andreas\AppData\Roaming\DIGITA~1" => File/Directory not found.
"C:\Users\Andreas\AppData\Roaming\HOOLAPP" => File/Directory not found.
"C:\Program Files\AnyProtectEx" => File/Directory not found.
"C:\Program Files\Uniblue\SpeedUpMyPC" => File/Directory not found.
"C:\Program Files\V-bates" => File/Directory not found.
C:\ProgramData\TEMP => ":AD022376" ADS removed successfully.
C:\ProgramData\TEMP => ":D346F792" ADS removed successfully.
The system needed a reboot.
==== End of Fixlog ====
Und ja nach dem durchlauf von Malwarebyte ist es schon etwas besser geworden Eset Log : Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=38313638e11d114095975148ce5db719
# engine=19403
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-29 04:10:37
# local_time=2014-07-29 06:10:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 13804 272073527 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 3792 158281428 0 0
# scanned=120291
# found=64
# cleaned=55
# scan_time=1594
sh=D9DF0722882055C5C11AFD602D505B2E7EA9AFC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\184_noproblemppc_m.js"
sh=9E450F6FAC72A5A25FD4EDECE0CF5D3885230235 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\190_pops_5_m.js"
sh=39D85F60370A7E5065A9BDC9D83216476D768A60 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\191_ciuvo_m.js"
sh=DE138BFD2293B4197712198C41377CE6A89E6200 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js"
sh=E0F8250FB3FFBCB394862C11971C43A7B3B6BD17 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js"
sh=51B69240412C38D55D476580B9FF4C60AF5E6520 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\91_monetizationLoader.js.js"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=29FA80AA89AE9A0D31AAB4DDA01DB4D5249714E2 ft=1 fh=e40de78b88129b3b vn="Win32/Toolbar.Babylon.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\Documents\Downloads\ReimageRepairNU(1).exe"
sh=29FA80AA89AE9A0D31AAB4DDA01DB4D5249714E2 ft=1 fh=e40de78b88129b3b vn="Win32/Toolbar.Babylon.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\Documents\Downloads\ReimageRepairNU.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\102_dealply_m.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\103_intext_5_m.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\104_jollywallet_m.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\155_ibario_pops_m.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\190_pops_5_m.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\191_ciuvo_m.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\195_icm_convertmedia_m.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=37FF9AF0A4A175AFF14252C3FFA6CCC03A24ACBD ft=1 fh=ff3435be19cccc9e vn="Variante von Win32/SpeedingUpMyPC.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-658410979-1812693143-141536986-1000\$R70YWBB\PCSpeedMaximizer.exe"
sh=ED127CEE7B51FD3595F1B96EEE927BD0048E25DE ft=1 fh=c71c0011d84a3b1d vn="Win32/VOPackage.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=914D15706173AB7645578A8C349AE76C5D0B5FAC ft=1 fh=b50502970a70b1af vn="Variante von Win32/DealPly.O evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Roaming\HoolappforAndroid\UpdateProc\UpdateTask.exe.vir"
sh=D6A5DC7A4B717224CC176094F60D61086E4733DC ft=1 fh=b7e2079953f7b9d4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=D493FF871C74B06FB61AE00D09ADDC28B5422F80 ft=1 fh=a6346613b831fe49 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=4C5B9BDB2083C372DFF084BAEFE4A34E773C3335 ft=1 fh=65740079bac0d1d2 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=8C20259C7435390185EA2E2CA9E0B8F06ADE36AB ft=1 fh=62fc332d4a4d02fc vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=12B7DD7ED27BA706CC32A3EA2BDD2E4E16A22E11 ft=1 fh=9bbbc70f0dbb4fe4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=BEAF3026FE73CCDF7E3981D93E5207A0E5057BD2 ft=1 fh=44ac08ee4120e3f7 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=7DC19763FCFB8BE9846DD4405485A92AA3E50163 ft=1 fh=f4eca9bc8299d3bc vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=D6A5DC7A4B717224CC176094F60D61086E4733DC ft=1 fh=b7e2079953f7b9d4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\SearchProtect\Main\bin\CltMngSvc.exe"
sh=0235B5E13704F2A1B3BC3D137D79ADDA89FE1B86 ft=1 fh=361f43e80eb2f2cf vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\SearchProtect\Main\bin\SPTool.dll"
sh=BB3752D2131C964718E918AEB456F2A20F9C3D56 ft=1 fh=a8d087ddbacdd236 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\SearchProtect\Main\bin\uninstall.exe"
sh=D493FF871C74B06FB61AE00D09ADDC28B5422F80 ft=1 fh=a6346613b831fe49 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=4C5B9BDB2083C372DFF084BAEFE4A34E773C3335 ft=1 fh=65740079bac0d1d2 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=8C20259C7435390185EA2E2CA9E0B8F06ADE36AB ft=1 fh=62fc332d4a4d02fc vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll"
sh=12B7DD7ED27BA706CC32A3EA2BDD2E4E16A22E11 ft=1 fh=9bbbc70f0dbb4fe4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=BEAF3026FE73CCDF7E3981D93E5207A0E5057BD2 ft=1 fh=44ac08ee4120e3f7 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
sh=7DC19763FCFB8BE9846DD4405485A92AA3E50163 ft=1 fh=f4eca9bc8299d3bc vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\SearchProtect\UI\bin\cltmngui.exe"
sh=77A9F493AE007BCC735C3B4E97B7D59D577CA314 ft=1 fh=74f22bd25b68e7d6 vn="Win32/Wajam.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\Wajam\IE\priam_bho.dll"
sh=B0C4AA365CEFDEE85126CC99CC5F82EA1ABFD664 ft=1 fh=495f2201d59c5c4d vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files\Wajam\Updater\update.exe"
sh=022E90DB179A5F276A8F1BEECD17EA2A28C399B4 ft=1 fh=8ceacbb55952b415 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Local\Temp\SPSetup.exe"
sh=0789E6B89190E82F71143B5DBBC82911124BD264 ft=1 fh=18859c319bd5cf50 vn="Win32/TrojanDownloader.Adload.NMV Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Local\Temp\b3316e3e-ad9a-4afc-b392-627a8f0fe6a1\setup.exe"
sh=9A701BC5ABC4B544A9225B75AC9E2FC32B1BD270 ft=1 fh=a3bb290ef52e8ea4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Local\Temp\is-LV5A8.tmp\SpeedUpMyPC-standalone-setup.exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Local\Temp\LILE802.tmp\sp-downloader.exe"
sh=D1937AEB8ADBC5C7EB69C1AEFEEA4DEC6A1A90B5 ft=1 fh=e6c02fe7d3021daa vn="Win32/Wajam.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Local\Temp\LILE822.tmp\wajam_download.exe"
sh=3DF8834DC58EA3C422FE69723F9EEDE102573DE2 ft=1 fh=ba1110ad7877fba8 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\AppData\Local\Temp\nscF331\SpSetup.exe"
sh=040365167140B734CD9182B293D95CF08F1172BD ft=1 fh=11cd9798218bacb7 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\Downloads\Firefox - CHIP-Downloader (2).exe"
sh=040365167140B734CD9182B293D95CF08F1172BD ft=1 fh=11cd9798218bacb7 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\Downloads\Firefox - CHIP-Downloader.exe"
sh=0D499A87703A4CE2523237B8CE87B4ECCCE989F6 ft=1 fh=505f1889c8c6a53a vn="Variante von Win32/Bundlore.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\Downloads\setup.exe"
sh=44DCDF5C1A7DAEA6F0E0427783013330FBDB412D ft=1 fh=0abd448507b7a1c6 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Andreas\Downloads\speedupmypc_1432249_.exe"
sh=AD267E2E8139715472CE09E8B04655C7F2936120 ft=1 fh=aedbad045736b4f7 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Local\Temp\nse5DF0.tmp\SPtool.dll"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.15_0\extensionData\plugins\102_dealply_m.js"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.15_0\extensionData\plugins\103_intext_5_m.js"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.15_0\extensionData\plugins\155_ibario_pops_m.js"
sh=39D85F60370A7E5065A9BDC9D83216476D768A60 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.15_0\extensionData\plugins\191_ciuvo_m.js"
sh=7CD82C8AAFF59D7A1E7625012490985C70AD0157 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.15_0\extensionData\plugins\223_imonomy_m.js"
sh=DE138BFD2293B4197712198C41377CE6A89E6200 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.15_0\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js"
sh=51B69240412C38D55D476580B9FF4C60AF5E6520 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.15_0\extensionData\plugins\91_monetizationLoader.js.js"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.15_0\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\102_dealply_m.js"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\103_intext_5_m.js"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\104_jollywallet_m.js"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\extensionData\plugins\155_ibario_pops_m.js"
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-07-2014
Ran by Andreas at 2014-07-29 18:14:03
Running from C:\Users\Andreas\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Digimax Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.5 - Samsung)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-03-2014 12:30:04 Microsoft .NET Framework 4.5.1 wird entfernt
06-03-2014 18:51:55 Windows Update
13-03-2014 05:39:46 Windows Update
13-03-2014 05:44:48 Windows Update
15-03-2014 14:24:45 Sprachpaketdeinstallation
29-07-2014 08:06:56 Windows Update
29-07-2014 08:21:53 Windows 7 Upgrade Advisor wird installiert
29-07-2014 08:50:29 Windows Update
29-07-2014 10:00:14 Windows 7 Upgrade Advisor wird entfernt
29-07-2014 12:06:46 Wiederherstellungsvorgang
29-07-2014 12:27:31 AA11
29-07-2014 15:02:43 Sprachpaketdeinstallation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05575408-8F7F-4649-B2EC-0F96B67F0F88} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {143ECA48-B93B-46B3-AB64-808C02E72830} - System32\Tasks\{B33E041C-712D-45AC-A5A5-2CFD006071E4} => Firefox.exe
Task: {14C5DBDF-BDF3-4FF8-A244-A35F6004AF84} - System32\Tasks\Driver Mender-RTMUpdater => C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe
Task: {1D56870D-5FF0-4FCF-8BD9-C46D466F1EC3} - System32\Tasks\{DECC6BB3-679E-4837-AAEA-D56C990B22B7} => Firefox.exe
Task: {234EB2CF-8609-44CB-A85C-77381CF6E710} - System32\Tasks\{3D94478A-9D1F-49E0-82E5-5A6A45310589} => Firefox.exe
Task: {3199C58E-282D-4846-A5D3-E19FA49908DE} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {3679E954-61EF-4E40-BCF5-DFEA3E5423FE} - System32\Tasks\{D7681A96-84C4-476F-B321-E87E3FA40410} => Firefox.exe
Task: {3FE47803-A2DA-4722-B113-D8EA1D87BDED} - System32\Tasks\{AA5F401C-DF34-476A-9ED0-E5DAAFED1CCC} => C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\setup.exe [2005-08-23] (Macrovision Corporation)
Task: {4DC22769-B239-4C1C-B6EA-9D9D1FCC7285} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4EB8D646-B6DE-4524-9654-E156A9DE25C0} - System32\Tasks\{40732FFF-3A76-4BA4-B80F-A3C0E990209B} => C:\Users\Andreas\crashreporter.exe
Task: {5C00D94A-CAE7-4CF1-A700-EEBFB87D0C12} - System32\Tasks\Driver Mender-RTMRules => C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe
Task: {77A001D0-0192-4FFC-87FF-8813DA5A1EE3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {78E57191-1B70-4379-9ABA-3491E18D8268} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29] (Adobe Systems Incorporated)
Task: {90BD9508-3D21-4F66-9987-1FCC97252EB7} - System32\Tasks\{6F698AB3-5F15-4865-B367-8CDEB446D1BC} => Firefox.exe
Task: {9B842790-424B-4D69-885B-38FEF9CFC35A} - System32\Tasks\{2688964A-B113-40E3-96CB-3EC0E91BD2FC} => Firefox.exe
Task: {9D4BDD2A-2160-47AD-8B70-8521161BD734} - System32\Tasks\{4C60DEB6-40B2-4855-86CD-1D4702EE82C3} => C:\Users\Andreas\Downloads\startxxl_setup.exe
Task: {A0BBECB0-9089-42DF-BC11-2D6343FF11FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {AC262EA6-1E9B-476C-B918-2D4C7FE61470} - System32\Tasks\FF Watcher {3883C2A8-C5E8-4C37-AF7F-C70E95D6B517} => C:\Program Files\V-bates\PrefHelper.exe
Task: {C88E0B45-3DC9-4EA4-A8B1-E0E1F25DDE58} - System32\Tasks\{888B3477-561B-4B9B-BE25-46013AA47EE1} => Firefox.exe
Task: {D1107516-D0BD-4A30-982D-BC7C68C54B89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {D2637B84-D7B2-4535-BAB5-123C818AE692} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {D5688526-17B2-4892-BCB2-57190DD35E66} - System32\Tasks\Driver Mender-RTMScan => C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe
Task: {EC9331D7-2637-4245-A5A0-537CE9381109} - System32\Tasks\{891F5779-62A4-4F95-AF6A-02B125AAC031} => C:\Program Files\Samsung\Digimax Master\DigimaxMaster.exe [2005-08-19] (STOIK Imaging (www.stoik.com))
Task: {F1CD482E-CAD6-46B9-B2B9-0AF16EF10189} - System32\Tasks\{7D63FF04-9F15-426A-B2C9-E0BBB9B6F6FB} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe [2014-07-29] (Avira Operations GmbH & Co. KG)
Task: {F589F41D-08D5-4D72-870C-96A15133C4EE} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Installer for avg_safeguard.job => C:\Users\Andreas\AppData\Local\Temp\Uniblue\Offers\AVG_Safeguard.exe
Task: C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe
==================== Loaded Modules (whitelisted) =============
2014-02-15 12:28 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-29 11:34 - 2014-07-29 11:34 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/29/2014 05:37:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 05:36:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79791
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.16521, Zeitstempel: 0x5311622b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0031095a
ID des fehlerhaften Prozesses: 0x8e0
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3
Error: (07/29/2014 03:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvcplui.exe, Version: 7.5.760.0, Zeitstempel: 0x5267756b
Name des fehlerhaften Moduls: NVCPL.DLL, Version: 8.17.13.3165, Zeitstempel: 0x52676e9a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001d2dd3
ID des fehlerhaften Prozesses: 0xb8c
Startzeit der fehlerhaften Anwendung: 0xnvcplui.exe0
Pfad der fehlerhaften Anwendung: nvcplui.exe1
Pfad des fehlerhaften Moduls: nvcplui.exe2
Berichtskennung: nvcplui.exe3
Error: (07/29/2014 03:49:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 03:48:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79791
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.16521, Zeitstempel: 0x5311622b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0031095a
ID des fehlerhaften Prozesses: 0x8b0
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3
Error: (07/29/2014 03:45:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 03:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79791
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.16521, Zeitstempel: 0x5311622b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0031095a
ID des fehlerhaften Prozesses: 0x914
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3
Error: (07/29/2014 03:19:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79791
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.16521, Zeitstempel: 0x5311622b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0031095a
ID des fehlerhaften Prozesses: 0xde0
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3
Error: (07/29/2014 03:18:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/29/2014 06:11:04 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 06:09:46 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 05:56:23 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 05:56:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 05:56:10 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 05:56:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 05:56:07 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 05:56:03 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 05:56:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (07/29/2014 05:55:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Microsoft Office Sessions:
=========================
Error: (07/29/2014 05:37:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 05:36:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.1.7601.175144ce79791mshtml.dll11.0.9600.165215311622bc00000050031095a8e001cfab42d1cd6988C:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\mshtml.dll19ae9441-1736-11e4-a2b8-0024210d4b24
Error: (07/29/2014 03:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvcplui.exe7.5.760.05267756bNVCPL.DLL8.17.13.316552676e9ac0000005001d2dd3b8c01cfab34474bab5aC:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLL8867faee-1727-11e4-b555-0024210d4b24
Error: (07/29/2014 03:49:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 03:48:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.1.7601.175144ce79791mshtml.dll11.0.9600.165215311622bc00000050031095a8b001cfab33cd334aaaC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\mshtml.dll15081730-1727-11e4-b555-0024210d4b24
Error: (07/29/2014 03:45:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 03:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.1.7601.175144ce79791mshtml.dll11.0.9600.165215311622bc00000050031095a91401cfab332c802a74C:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\mshtml.dll7600c6ef-1726-11e4-8a45-0024210d4b24
Error: (07/29/2014 03:19:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.1.7601.175144ce79791mshtml.dll11.0.9600.165215311622bc00000050031095ade001cfab2fc1268b18C:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\mshtml.dll01f2af99-1723-11e4-84fe-0024210d4b24
Error: (07/29/2014 03:18:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 3327.3 MB
Available physical RAM: 2150.58 MB
Total Pagefile: 6652.9 MB
Available Pagefile: 5443.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:107.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 19611960)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Andreas (administrator) on ANDREAS-ANDREAS on 29-07-2014 18:13:17
Running from C:\Users\Andreas\Downloads
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-658410979-1812693143-141536986-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8fzjfara.default-1393608120458
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=cmi0301ff&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtD0DyE0BtByEtDzy0B0EtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1654670423&ir="
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Wajam) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-20]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Google-Suche) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (Google Mail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-29] (Avira Operations GmbH & Co. KG)
S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 17:42 - 2014-07-29 17:42 - 02347384 _____ (ESET) C:\Users\Andreas\Downloads\esetsmartinstaller_deu.exe
2014-07-29 17:42 - 2014-07-29 17:42 - 00000000 ____D () C:\Program Files\ESET
2014-07-29 17:34 - 2014-07-29 17:34 - 00003296 ____N () C:\bootsqm.dat
2014-07-29 17:26 - 2014-07-29 17:26 - 00013297 _____ () C:\Users\Andreas\Desktop\FRST - Verknüpfung.lnk
2014-07-29 16:19 - 2014-07-29 16:19 - 00001976 _____ () C:\Users\Andreas\Desktop\Fixlist.txt
2014-07-29 15:56 - 2014-07-29 15:57 - 00019557 _____ () C:\Users\Andreas\Downloads\Addition.txt
2014-07-29 15:55 - 2014-07-29 18:13 - 00008703 _____ () C:\Users\Andreas\Downloads\FRST.txt
2014-07-29 15:55 - 2014-07-29 18:13 - 00000000 ___DC () C:\FRST
2014-07-29 15:55 - 2014-07-29 15:55 - 01084416 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2014-07-29 15:17 - 2014-07-29 17:36 - 00015784 _____ () C:\Windows\setupact.log
2014-07-29 15:17 - 2014-07-29 15:48 - 00058968 _____ () C:\Windows\PFRO.log
2014-07-29 15:17 - 2014-07-29 15:17 - 00296048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-29 15:17 - 2014-07-29 15:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 15:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-29 15:14 - 2014-07-29 15:47 - 00000000 ___DC () C:\AdwCleaner
2014-07-29 15:09 - 2014-07-29 15:09 - 01365551 _____ () C:\Users\Andreas\Desktop\adwcleaner_3.301.exe
2014-07-29 15:06 - 2014-07-29 15:06 - 00095315 ____C () C:\scan 1 andreas.txt
2014-07-29 14:56 - 2014-07-29 14:56 - 00001103 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-29 14:56 - 2014-07-29 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-29 14:56 - 2014-07-29 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-07-29 14:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-29 14:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-29 14:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-29 14:54 - 2014-07-29 14:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-29 14:46 - 2014-07-29 14:46 - 00064848 _____ () C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-29 11:52 - 2014-07-29 17:57 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 11:52 - 2014-07-29 17:40 - 00288578 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 11:52 - 2014-07-29 17:36 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 11:00 - 2014-07-29 11:00 - 00000016 _____ () C:\Users\Andreas\AppData\Roaming\mbam.context.scan
2014-07-29 10:25 - 2014-07-29 10:25 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Microsoft Corporation
2014-07-29 10:18 - 2014-07-29 15:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 21:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-29 18:13 - 2014-07-29 15:55 - 00008703 _____ () C:\Users\Andreas\Downloads\FRST.txt
2014-07-29 18:13 - 2014-07-29 15:55 - 00000000 ___DC () C:\FRST
2014-07-29 17:57 - 2014-07-29 11:52 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 17:44 - 2009-07-14 06:34 - 00025904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-29 17:44 - 2009-07-14 06:34 - 00025904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-29 17:42 - 2014-07-29 17:42 - 02347384 _____ (ESET) C:\Users\Andreas\Downloads\esetsmartinstaller_deu.exe
2014-07-29 17:42 - 2014-07-29 17:42 - 00000000 ____D () C:\Program Files\ESET
2014-07-29 17:40 - 2014-07-29 11:52 - 00288578 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 17:40 - 2010-11-20 23:01 - 01472006 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-29 17:36 - 2014-07-29 15:17 - 00015784 _____ () C:\Windows\setupact.log
2014-07-29 17:36 - 2014-07-29 11:52 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 17:36 - 2014-02-25 11:34 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-29 17:36 - 2013-02-07 16:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-29 17:36 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 17:34 - 2014-07-29 17:34 - 00003296 ____N () C:\bootsqm.dat
2014-07-29 17:28 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-29 17:26 - 2014-07-29 17:26 - 00013297 _____ () C:\Users\Andreas\Desktop\FRST - Verknüpfung.lnk
2014-07-29 17:22 - 2014-02-28 16:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-29 17:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-29 16:19 - 2014-07-29 16:19 - 00001976 _____ () C:\Users\Andreas\Desktop\Fixlist.txt
2014-07-29 15:57 - 2014-07-29 15:56 - 00019557 _____ () C:\Users\Andreas\Downloads\Addition.txt
2014-07-29 15:55 - 2014-07-29 15:55 - 01084416 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2014-07-29 15:48 - 2014-07-29 15:17 - 00058968 _____ () C:\Windows\PFRO.log
2014-07-29 15:48 - 2014-02-28 18:37 - 00000978 _____ () C:\Windows\Tasks\Installer for avg_safeguard.job
2014-07-29 15:47 - 2014-07-29 15:14 - 00000000 ___DC () C:\AdwCleaner
2014-07-29 15:28 - 2014-07-29 10:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-07-29 15:17 - 2014-07-29 15:17 - 00296048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-29 15:17 - 2014-07-29 15:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 15:17 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2014-07-29 15:15 - 2014-02-17 18:24 - 00000000 ____D () C:\Users\Andreas
2014-07-29 15:09 - 2014-07-29 15:09 - 01365551 _____ () C:\Users\Andreas\Desktop\adwcleaner_3.301.exe
2014-07-29 15:06 - 2014-07-29 15:06 - 00095315 ____C () C:\scan 1 andreas.txt
2014-07-29 14:56 - 2014-07-29 14:56 - 00001103 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-29 14:56 - 2014-07-29 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-29 14:56 - 2014-07-29 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-07-29 14:56 - 2014-02-22 16:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-29 14:54 - 2014-07-29 14:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-29 14:50 - 2014-02-22 16:20 - 00000000 ____D () C:\Windows\pss
2014-07-29 14:46 - 2014-07-29 14:46 - 00064848 _____ () C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-29 14:35 - 2014-02-28 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
2014-07-29 14:20 - 2014-03-15 11:40 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DesktopIconGoodgame
2014-07-29 14:20 - 2014-02-19 10:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-29 14:20 - 2014-02-17 18:24 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-29 14:20 - 2014-02-17 18:24 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-29 14:20 - 2014-02-15 12:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 14:20 - 2013-02-04 12:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 14:20 - 2010-11-21 02:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-29 14:20 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-29 14:20 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-07-29 14:20 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-29 14:20 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\IME
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-07-29 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-29 14:19 - 2013-02-04 14:31 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-29 14:19 - 2010-11-21 02:47 - 00000000 ____D () C:\Windows\ShellNew
2014-07-29 14:19 - 2010-11-21 02:38 - 00000000 ____D () C:\Windows\system32\winrm
2014-07-29 14:19 - 2010-11-21 02:38 - 00000000 ____D () C:\Windows\system32\WCN
2014-07-29 14:19 - 2010-11-21 02:38 - 00000000 ____D () C:\Windows\system32\slmgr
2014-07-29 14:19 - 2010-11-21 02:38 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-07-29 14:19 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-07-29 14:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-29 14:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\com
2014-07-29 14:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-07-29 11:53 - 2013-05-07 13:00 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-29 11:53 - 2013-02-08 18:24 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-29 11:53 - 2013-02-08 18:24 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-29 11:48 - 2014-03-15 11:40 - 00000318 _____ () C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2014-07-29 11:34 - 2014-02-22 16:44 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-29 11:34 - 2014-02-22 16:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-29 11:00 - 2014-07-29 11:00 - 00000016 _____ () C:\Users\Andreas\AppData\Roaming\mbam.context.scan
2014-07-29 10:58 - 2013-08-19 08:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-29 10:25 - 2014-07-29 10:25 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Microsoft Corporation
2014-07-23 10:52 - 2013-02-04 11:52 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-29 16:55
==================== End Of Log ============================
--- --- --- |
|
29.07.2014, 21:58
| #6 |
| Ruhe in Frieden † 2019 | Log auswertung von Vieren verseuchtem Rechner Hallo, auch wenn du chrome nicht verwendest, befindet sich darin Adware und sollte dann auch entfernt werden  Starten immer noch ungewollte Seiten im Firefox? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {143ECA48-B93B-46B3-AB64-808C02E72830} - System32\Tasks\{B33E041C-712D-45AC-A5A5-2CFD006071E4} => Firefox.exe
Task: {1D56870D-5FF0-4FCF-8BD9-C46D466F1EC3} - System32\Tasks\{DECC6BB3-679E-4837-AAEA-D56C990B22B7} => Firefox.exe
Task: {234EB2CF-8609-44CB-A85C-77381CF6E710} - System32\Tasks\{3D94478A-9D1F-49E0-82E5-5A6A45310589} => Firefox.exe
Task: {3679E954-61EF-4E40-BCF5-DFEA3E5423FE} - System32\Tasks\{D7681A96-84C4-476F-B321-E87E3FA40410} => Firefox.exe
Task: {90BD9508-3D21-4F66-9987-1FCC97252EB7} - System32\Tasks\{6F698AB3-5F15-4865-B367-8CDEB446D1BC} => Firefox.exe
Task: {9B842790-424B-4D69-885B-38FEF9CFC35A} - System32\Tasks\{2688964A-B113-40E3-96CB-3EC0E91BD2FC} => Firefox.exe
Task: {C88E0B45-3DC9-4EA4-A8B1-E0E1F25DDE58} - System32\Tasks\{888B3477-561B-4B9B-BE25-46013AA47EE1} => Firefox.exe
Task: {F589F41D-08D5-4D72-870C-96A15133C4EE} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\Uniblue
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> Log auswertung von Vieren verseuchtem Rechner |
|
31.07.2014, 12:58
| #7 |
| | Log auswertung von Vieren verseuchtem RechnerCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-07-2014 01
Ran by Andreas at 2014-07-31 13:58:19 Run:2
Running from C:\Users\Andreas\Downloads\FRST-OlderVersion
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {143ECA48-B93B-46B3-AB64-808C02E72830} - System32\Tasks\{B33E041C-712D-45AC-A5A5-2CFD006071E4} => Firefox.exe
Task: {1D56870D-5FF0-4FCF-8BD9-C46D466F1EC3} - System32\Tasks\{DECC6BB3-679E-4837-AAEA-D56C990B22B7} => Firefox.exe
Task: {234EB2CF-8609-44CB-A85C-77381CF6E710} - System32\Tasks\{3D94478A-9D1F-49E0-82E5-5A6A45310589} => Firefox.exe
Task: {3679E954-61EF-4E40-BCF5-DFEA3E5423FE} - System32\Tasks\{D7681A96-84C4-476F-B321-E87E3FA40410} => Firefox.exe
Task: {90BD9508-3D21-4F66-9987-1FCC97252EB7} - System32\Tasks\{6F698AB3-5F15-4865-B367-8CDEB446D1BC} => Firefox.exe
Task: {9B842790-424B-4D69-885B-38FEF9CFC35A} - System32\Tasks\{2688964A-B113-40E3-96CB-3EC0E91BD2FC} => Firefox.exe
Task: {C88E0B45-3DC9-4EA4-A8B1-E0E1F25DDE58} - System32\Tasks\{888B3477-561B-4B9B-BE25-46013AA47EE1} => Firefox.exe
Task: {F589F41D-08D5-4D72-870C-96A15133C4EE} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\Uniblue
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{143ECA48-B93B-46B3-AB64-808C02E72830}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{143ECA48-B93B-46B3-AB64-808C02E72830}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B33E041C-712D-45AC-A5A5-2CFD006071E4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B33E041C-712D-45AC-A5A5-2CFD006071E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D56870D-5FF0-4FCF-8BD9-C46D466F1EC3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D56870D-5FF0-4FCF-8BD9-C46D466F1EC3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{DECC6BB3-679E-4837-AAEA-D56C990B22B7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DECC6BB3-679E-4837-AAEA-D56C990B22B7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{234EB2CF-8609-44CB-A85C-77381CF6E710}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{234EB2CF-8609-44CB-A85C-77381CF6E710}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3D94478A-9D1F-49E0-82E5-5A6A45310589} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D94478A-9D1F-49E0-82E5-5A6A45310589}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3679E954-61EF-4E40-BCF5-DFEA3E5423FE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3679E954-61EF-4E40-BCF5-DFEA3E5423FE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D7681A96-84C4-476F-B321-E87E3FA40410} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7681A96-84C4-476F-B321-E87E3FA40410}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90BD9508-3D21-4F66-9987-1FCC97252EB7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90BD9508-3D21-4F66-9987-1FCC97252EB7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6F698AB3-5F15-4865-B367-8CDEB446D1BC} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6F698AB3-5F15-4865-B367-8CDEB446D1BC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B842790-424B-4D69-885B-38FEF9CFC35A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B842790-424B-4D69-885B-38FEF9CFC35A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2688964A-B113-40E3-96CB-3EC0E91BD2FC} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2688964A-B113-40E3-96CB-3EC0E91BD2FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C88E0B45-3DC9-4EA4-A8B1-E0E1F25DDE58}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C88E0B45-3DC9-4EA4-A8B1-E0E1F25DDE58}" => Key deleted successfully.
C:\Windows\System32\Tasks\{888B3477-561B-4B9B-BE25-46013AA47EE1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{888B3477-561B-4B9B-BE25-46013AA47EE1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F589F41D-08D5-4D72-870C-96A15133C4EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F589F41D-08D5-4D72-870C-96A15133C4EE}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpeedUpMyPC Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup" => Key deleted successfully.
"C:\Program Files\Uniblue" => File/Directory not found.
==== End of Fixlog ====
|
|
Linear-Darstellung
