Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.12.2014, 18:43   #1
Oliver-T
 
Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



Guten Abend,
ich habe mich gerade angemeldet und habe so wie viele andere das gleiche Problem, dass seit geraumer Zeit Werbebanner sich ungewollt öffnen und Wörte in Texten unterstrichen sind.
Ich verwende Firefox 34.0. Habe ADblockplus installiert.

Um nicht untätig zu sein habe ich mit ADWcleaner, Malware und dieversen anderen Programmen versucht das Problem zu beheben, aber leider ohne Erfolg. Nun bin ich an dem Punkt angelangt und weiß nicht mehr weiter und erhoffe mir durch Eure Unterstützung den "Mist" los zu werden.

Gruß Oliver-T

Alt 09.12.2014, 18:50   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.12.2014, 13:17   #3
Oliver-T
 
Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Broken Cue (ATTENTION: The logged in user is not administrator) on USER-PC on 09-12-2014 20:00:08
Running from C:\Users\Broken Cue\Desktop
Loaded Profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\faktura + auftrag\2014\Pcfk32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-10] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\RunOnce: [Adobe Speed Launcher] => 1418145287
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1388768884-318842917-2379483617-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-1388768884-318842917-2379483617-1010\Software\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-1388768884-318842917-2379483617-1003] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-1388768884-318842917-2379483617-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-1388768884-318842917-2379483617-1010] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-1388768884-318842917-2379483617-501] ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Broken Cue\AppData\Roaming\Mozilla\Firefox\Profiles\b2lbixkj.default-1413314260914
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Broken Cue\AppData\Roaming\Mozilla\Firefox\Profiles\b2lbixkj.default-1413314260914\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-09]
FF HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20]
CHR Extension: (Google Drive) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (YouTube) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20]
CHR Extension: (Google Search) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20]
CHR Extension: (Gmail) - C:\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-09] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [285208 2014-12-09] (Trend Micro Inc.)
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [106456 2014-12-06] (Corsica)
S3 cpuz134; \??\C:\Users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 20:00 - 2014-12-09 20:00 - 00012396 _____ () C:\Users\Broken Cue\Desktop\FRST.txt
2014-12-09 19:58 - 2014-12-09 19:59 - 02119680 _____ (Farbar) C:\Users\Broken Cue\Desktop\FRST64.exe
2014-12-09 18:22 - 2014-12-09 18:22 - 14107296 _____ (Microsoft Corporation) C:\Users\Broken Cue\Downloads\mseinstall.exe
2014-12-09 18:04 - 2014-12-09 18:04 - 00978153 _____ () C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip
2014-12-09 18:04 - 2014-12-09 18:04 - 00000334 _____ () C:\Users\Oliver\Downloads\Result.txt
2014-12-09 17:46 - 2014-12-09 18:04 - 00000000 ____D () C:\Users\Oliver\Downloads\TrendMicro AntiThreat Toolkit
2014-12-09 17:46 - 2014-12-09 17:46 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-12-09 08:36 - 2014-12-09 08:36 - 00000022 _____ () C:\Windows\S.dirmngr
2014-12-08 21:25 - 2014-12-08 21:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-08 20:13 - 2014-12-08 20:13 - 00638888 _____ (Oracle Corporation) C:\Users\Oliver\Downloads\jxpiinstall(1).exe
2014-12-08 18:55 - 2014-12-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-08 18:50 - 2014-12-08 18:53 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Nico Mak Computing
2014-12-07 21:33 - 2014-12-09 08:50 - 00000385 _____ () C:\AdwCleanerDebug.txt
2014-12-07 21:32 - 2014-12-07 21:33 - 02153472 _____ () C:\Users\Oliver\Downloads\adwcleaner_4.104.exe
2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\SUPERDelete
2014-12-07 16:52 - 2014-12-07 16:52 - 20630616 _____ (SUPERAntiSpyware) C:\Users\Oliver\Downloads\SUPERAntiSpyware.exe
2014-12-07 16:45 - 2014-12-07 16:46 - 00000000 ____D () C:\ProgramData\Kromtech
2014-12-07 16:45 - 2014-12-07 16:45 - 01148048 _____ (Kromtech) C:\Users\Oliver\Downloads\PCKeeper Installer.exe
2014-12-07 14:02 - 2014-12-07 14:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Admin_OT\AppData\Roaming\Google
2014-12-06 19:08 - 2014-12-09 19:08 - 00001356 _____ () C:\Windows\Tasks\QAKOG.job
2014-12-06 19:07 - 2014-12-09 19:07 - 00001706 _____ () C:\Windows\Tasks\LSHLRGPF.job
2014-12-06 19:07 - 2014-12-07 17:16 - 00000000 ____D () C:\Program Files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028
2014-12-06 19:05 - 2014-12-06 19:05 - 00002169 _____ () C:\Windows\patsearch.bin
2014-12-06 19:05 - 2014-12-06 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-06 19:05 - 2014-12-06 19:04 - 00106456 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer
2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-11-26 22:39 - 2014-11-26 22:39 - 00000353 _____ () C:\Users\Oliver\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-11-23 03:00 - 2014-11-23 03:03 - 927325765 _____ () C:\Users\Oliver\Downloads\Bilder-Gesamt BANDITO - SPORT - KATALOG 2013-2014-300dpi-RGB (alle Bilder in einer ZIP-DATEI).zip
2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-12 18:19 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 18:19 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 18:19 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 18:19 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 18:19 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 18:19 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 18:19 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 18:19 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 18:19 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 18:19 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 18:19 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 18:19 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 18:19 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 18:19 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 18:19 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 18:19 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 18:19 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 18:19 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 18:19 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 18:19 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 18:19 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 18:19 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 18:19 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 18:19 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 18:19 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 18:19 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 18:19 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 18:19 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 18:19 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 18:19 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 18:19 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 18:19 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 18:19 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 18:19 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 18:19 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 18:19 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 18:19 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 18:19 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 18:19 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 18:19 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 18:19 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 18:19 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 18:19 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 18:19 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 18:19 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 18:19 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 18:19 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 18:19 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 18:19 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 18:19 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 18:19 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 18:19 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 18:19 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 18:19 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 18:19 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 18:19 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 18:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 18:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 18:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 18:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 18:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 18:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 18:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 18:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 18:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 18:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 18:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 18:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 18:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 18:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 18:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 18:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 18:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 18:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 18:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 18:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 18:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 18:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 18:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 18:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 18:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 18:16 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 18:16 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 18:16 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 20:00 - 2014-07-31 20:03 - 00000000 ____D () C:\FRST
2014-12-09 19:41 - 2014-01-24 19:11 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\gnupg
2014-12-09 19:10 - 2013-03-23 01:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 18:22 - 2013-05-18 18:18 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-12-09 18:18 - 2013-02-10 00:30 - 00000000 ____D () C:\ProgramData\Lexware
2014-12-09 17:44 - 2013-02-10 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 17:43 - 2013-02-07 22:34 - 02034485 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 08:51 - 2014-05-11 17:28 - 00000000 ____D () C:\AdwCleaner
2014-12-09 08:44 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 08:44 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 08:38 - 2014-05-11 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-09 08:36 - 2013-02-07 22:53 - 00848894 _____ () C:\Windows\PFRO.log
2014-12-09 08:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 08:36 - 2009-07-14 05:51 - 00045249 _____ () C:\Windows\setupact.log
2014-12-09 08:32 - 2014-07-31 20:04 - 00024932 _____ () C:\Users\Oliver\Downloads\Addition.txt
2014-12-09 08:32 - 2014-07-31 20:03 - 00038741 _____ () C:\Users\Oliver\Downloads\FRST.txt
2014-12-09 07:58 - 2014-08-24 14:34 - 00000000 ____D () C:\Program Files\Google
2014-12-09 07:58 - 2013-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-08 20:29 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-08 20:14 - 2014-08-07 16:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-08 20:14 - 2014-08-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-08 20:14 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-08 19:04 - 2013-11-24 00:12 - 00000000 ____D () C:\Users\Gast1
2014-12-08 18:54 - 2014-05-11 17:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-08 17:47 - 2014-08-24 14:33 - 00000000 ____D () C:\ProgramData\Google
2014-12-07 22:04 - 2014-09-07 18:36 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Google
2014-12-07 21:35 - 2014-05-10 21:56 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-07 16:38 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-07 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-07 00:36 - 2014-05-11 17:36 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-07 00:36 - 2014-05-11 17:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-26 22:40 - 2013-06-20 15:14 - 00000921 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk
2014-11-26 22:10 - 2013-02-08 22:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2013-02-08 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 06:14 - 2014-05-11 17:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-05-11 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 20:51 - 2013-07-26 12:30 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\CoreFTP
2014-11-18 18:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-18 18:23 - 2013-07-04 22:18 - 00000000 ____D () C:\Users\Admin_OT
2014-11-16 13:13 - 2013-05-20 13:00 - 00319064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 03:15 - 2013-02-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-16 03:09 - 2013-08-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-16 03:03 - 2013-03-22 00:41 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-16 03:00 - 2014-04-15 16:54 - 00000000 ____D () C:\Users\Broken Cue\AppData\Roaming\gnupg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014
Ran by Broken Cue at 2014-12-09 20:00:46
Running from C:\Users\Broken Cue\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Office-Drive Manager (HKLM-x32\...\1&1 Office-Drive Manager) (Version: 2.0.687 - 1&1 Internet AG)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free Audio CD Burner version 2.0.27.605 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.27.605 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.16.1030 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.16.1030 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lexware faktura+auftrag 2014 (HKLM-x32\...\{4d54c3b8-5e73-4f9e-a810-07fc42ddb356}) (Version: 18.0.0.78 - Haufe-Lexware GmbH & Co.KG)
Lexware faktura+auftrag 2014 (x32 Version: 18.51.00.0174 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (x32 Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
LisNord (HKLM-x32\...\{23FD98D9-0896-4DAD-9751-CA1F4D5B2AED}) (Version: 1.2 - Norditalia Ricambi srl)
Macromedia Dreamweaver 8 (HKLM-x32\...\{44025BD7-AD10-4769-99AE-6378FD0303D6}) (Version: 8.0.0.2751 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{0F022A2E-7022-497D-90A5-0F46746D8275}) (Version: 1.7.270 - Ihr Firmenname)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM-x32\...\{95150000-0052-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Napster Rienf Repair (HKLM-x32\...\{7FF8A00B-5FA7-4BD4-A6B9-131CE0D1FC11}) (Version: 1.1.9 - NA)
Outlook Backup Assistant 7 (Testversion) (HKLM-x32\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 7.0 - Priotecs IT GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version:  - Tobit.Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer) (Version: 1.6 - Deutsche Post AG)
Versandhelfer (x32 Version: 1.6 - Deutsche Post AG) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
WinZip 17.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}) (Version: 17.0.10283 - WinZip Computing, S.L. )
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{926CFE9C-5C0C-4F37-B1FF-02639EFF4EC8}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\LSHLRGPF.job => ?
Task: C:\Windows\Tasks\QAKOG.job => ?

==================== Loaded Modules (whitelisted) =============

2013-05-20 12:57 - 2011-12-06 16:58 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-05-20 12:57 - 2011-12-06 16:58 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1388768884-318842917-2379483617-500 - Administrator - Disabled)
Admin_OT (S-1-5-21-1388768884-318842917-2379483617-1004 - Administrator - Enabled) => C:\Users\Admin_OT
Broken Cue (S-1-5-21-1388768884-318842917-2379483617-1009 - Limited - Enabled) => C:\Users\Broken Cue
Gast (S-1-5-21-1388768884-318842917-2379483617-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1388768884-318842917-2379483617-1002 - Limited - Enabled)
NiclasPascal (S-1-5-21-1388768884-318842917-2379483617-1010 - Limited - Enabled) => C:\Users\NiclasPascal
Oliver (S-1-5-21-1388768884-318842917-2379483617-1003 - Administrator - Enabled) => C:\Users\Oliver

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2014 05:43:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: User-PC)
Description: Produkt: Adobe Reader XI (11.0.09) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (12/09/2014 05:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AdobeARMservice erreicht.

Error: (12/09/2014 05:41:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/17/2014 09:24:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 256202 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (09/16/2014 08:09:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 194098 seconds with 2460 seconds of active time.  This session ended with a crash.

Error: (08/21/2014 08:14:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/20/2014 00:48:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/20/2014 00:47:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/20/2014 00:47:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/21/2014 07:21:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 251192 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (05/10/2014 10:30:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 132045 seconds with 1560 seconds of active time.  This session ended with a crash.

Error: (02/26/2014 00:27:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 868566 seconds with 16020 seconds of active time.  This session ended with a crash.

Error: (11/27/2013 10:07:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-07-28 17:25:33.613
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-28 17:25:33.613
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-28 17:25:33.613
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-28 17:25:33.603
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU G640 @ 2.80GHz
Percentage of memory in use: 76%
Total physical RAM: 3767.47 MB
Available physical RAM: 885.82 MB
Total Pagefile: 7533.13 MB
Available Pagefile: 3964.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:400.27 GB) NTFS
Drive f: (Externe Festplatte) (Fixed) (Total:233.76 GB) (Free:2.45 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Hallo,
die Logfiles habe ich gepostet. Ich hoffe, dass ist so richtig.

Gruß Oliver-T
__________________

Alt 11.12.2014, 08:25   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



Unsere Tools brauchen immer Adminrechte.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.12.2014, 16:44   #5
Oliver-T
 
Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



Hallo,
hier nun die ComboFix Log-Datei.

Code:
ATTFilter
ComboFix 14-12-10.03 - Admin_OT 11.12.2014  17:33:14.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3767.2261 [GMT 1:00]
ausgeführt von:: c:\users\Admin_OT\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\programdata\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\users\Admin_OT\AppData\Local\Adobe\ChromeInstaller.exe
c:\users\Admin_OT\AppData\Local\Adobe\gccheck.exe
c:\users\Admin_OT\AppData\Local\Adobe\GTB.exe
c:\users\Admin_OT\AppData\Local\Adobe\gtbcheck.exe
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Admin_OT\AppData\Local\nsqD036.tmp
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\Broken Cue\AppData\Local\assembly\tmp
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\background.html
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\chromeCoreFilesIndex.txt
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\crossriderManifest.json
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\manifest.xml
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins.json
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\1.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\102.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\104.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\123.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\13.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\14.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\155.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\17.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\177.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\182.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\183.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\184.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\19.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\195.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\207.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\21.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\22.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\220.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\223.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\226.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\246.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\263.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\267.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\28.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\4.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\47.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\64.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\7.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\72.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\78.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\80.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\9.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\93.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\97.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\background.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\extension.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\actions\1.png
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon128.png
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon16.png
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon48.png
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\chrome.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\cookie.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\message.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\monitor.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageAction.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageActionBG.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\background.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\app_api.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\bg_app_api.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\consts.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\cookie_store.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\crossriderAPI.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\delegate.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\events.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\extensionDataStore.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\installer.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logFile.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logging.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\onBGDocumentLoad.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\newPopup.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\popup.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\reports.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\storageWrapper.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\updateManager.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\util.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\xhr.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\main.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\platformVersion.js
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\manifest.json
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\popup.html
c:\users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences
c:\users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\chromeCoreFilesIndex.txt
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\crossriderManifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\manifest.xml
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\1.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\102.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\104.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\123.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\13.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\14.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\155.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\17.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\177.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\182.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\183.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\184.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\19.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\195.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\207.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\21.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\22.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\220.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\223.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\226.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\246.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\263.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\267.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\28.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\4.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\47.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\64.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\7.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\72.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\78.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\80.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\9.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\93.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\97.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\background.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\extension.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\actions\1.png
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon128.png
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon16.png
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon48.png
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\chrome.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\cookie.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\message.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\monitor.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageAction.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageActionBG.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\background.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\app_api.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\bg_app_api.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\consts.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\cookie_store.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\crossriderAPI.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\delegate.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\events.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\extensionDataStore.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\installer.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logFile.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logging.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\onBGDocumentLoad.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\newPopup.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\popup.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\reports.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\storageWrapper.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\updateManager.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\util.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\xhr.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\main.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\platformVersion.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\popup.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\NiclasPascal\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Oliver\AppData\Local\assembly\tmp
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\background.html
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\content.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\lsdb.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\manifest.json
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\background.html
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\content.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\lsdb.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\manifest.json
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\background.html
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\content.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\lsdb.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\manifest.json
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\background.html
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\content.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\lsdb.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\manifest.json
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\newtab.html
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\background.html
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\content.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\lsdb.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\manifest.json
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\background.html
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\chromeCoreFilesIndex.txt
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\crossriderManifest.json
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\manifest.xml
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins.json
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\1.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\102.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\104.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\123.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\13.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\14.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\155.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\17.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\177.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\182.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\183.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\184.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\19.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\195.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\207.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\21.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\22.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\220.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\223.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\226.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\246.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\263.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\267.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\28.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\4.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\47.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\64.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\7.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\72.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\78.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\80.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\9.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\93.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\97.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\background.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\userCode\extension.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\actions\1.png
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon128.png
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon16.png
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\icons\icon48.png
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\chrome.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\cookie.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\message.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\monitor.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageAction.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\api\pageActionBG.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\background.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\app_api.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\bg_app_api.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\consts.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\cookie_store.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\crossriderAPI.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\delegate.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\events.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\extensionDataStore.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\installer.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logFile.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\logging.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\onBGDocumentLoad.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\newPopup.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\popupResource\popup.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\reports.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\storageWrapper.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\updateManager.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\util.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\lib\xhr.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\main.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\js\platformVersion.js
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\manifest.json
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\popup.html
c:\users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences
c:\users\Oliver\AppData\Local\Google\Chrome\User Data\Default\preferences
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-11-11 bis 2014-12-11  ))))))))))))))))))))))))))))))
.
.
2014-12-11 16:39 . 2014-12-11 16:39	--------	d-----w-	c:\users\OliverT\AppData\Local\temp
2014-12-11 16:39 . 2014-12-11 16:39	--------	d-----w-	c:\users\Oliver\AppData\Local\temp
2014-12-11 15:50 . 2014-12-11 15:50	79064	----a-w-	c:\windows\system32\drivers\mifcmjj.sys
2014-12-10 21:31 . 2014-12-10 21:31	--------	d-sh--w-	c:\users\NiclasPascal\AppData\Local\EmieBrowserModeList
2014-12-10 21:30 . 2014-12-10 21:30	--------	d-----w-	c:\users\NiclasPascal\AppData\Roaming\Lexware
2014-12-10 21:30 . 2014-12-10 21:30	--------	d-----w-	c:\users\NiclasPascal\AppData\Local\Lexware
2014-12-10 21:03 . 2014-09-16 18:58	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7DC52B3-6B04-4117-95C4-F6E82DABC105}\gapaengine.dll
2014-12-10 21:01 . 2014-11-02 04:20	11632448	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB457E00-DC40-46E6-9D4C-C2F7C15AEBFE}\mpengine.dll
2014-12-09 16:46 . 2014-12-09 16:46	285208	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2014-12-08 20:25 . 2014-12-08 20:25	--------	d-----w-	c:\program files (x86)\ESET
2014-12-08 19:15 . 2014-12-08 19:15	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-12-08 17:55 . 2014-12-08 18:41	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-08 17:50 . 2014-12-08 17:53	--------	d-----w-	c:\users\Oliver\AppData\Roaming\Nico Mak Computing
2014-12-08 16:36 . 2014-11-02 04:20	11632448	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-07 21:03 . 2014-12-07 21:03	--------	d-sh--w-	c:\users\Oliver\AppData\Local\EmieBrowserModeList
2014-12-07 15:55 . 2014-12-07 15:55	--------	d-----w-	C:\SUPERDelete
2014-12-07 15:46 . 2014-12-07 15:46	--------	d-----w-	c:\users\Oliver\AppData\Local\Kromtech
2014-12-07 15:45 . 2014-12-07 15:46	--------	d-----w-	c:\programdata\Kromtech
2014-12-06 18:09 . 2014-12-06 18:09	--------	d-sh--w-	c:\users\Admin_OT\AppData\Local\EmieBrowserModeList
2014-12-06 18:07 . 2014-12-07 16:16	--------	d-----w-	c:\program files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028
2014-12-06 18:05 . 2014-12-06 18:05	2169	----a-w-	c:\windows\patsearch.bin
2014-11-26 21:40 . 2014-11-26 21:40	--------	d-----w-	c:\program files (x86)\Versandhelfer
2014-11-19 15:30 . 2014-11-11 03:08	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-19 15:30 . 2014-11-11 03:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-19 15:30 . 2014-11-11 02:44	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-19 15:30 . 2014-11-11 02:44	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-12 17:17 . 2014-08-21 06:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2014-11-12 17:16 . 2014-10-10 00:57	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-11-12 17:16 . 2014-10-18 02:05	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-11-12 17:16 . 2014-10-18 01:33	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 21:39 . 2014-05-11 16:37	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-10 21:11 . 2014-12-10 21:11	1768604	----a-w-	C:\USER-PC_2014.12.10-2159.58_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip
2014-12-10 20:56 . 2014-12-10 20:56	1751655	----a-w-	C:\USER-PC_2014.12.10-2145.15_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip
2014-12-09 17:04 . 2014-12-09 17:04	978153	----a-w-	C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip
2014-12-08 19:14 . 2014-08-07 15:52	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-08 17:54 . 2014-05-11 16:36	96472	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-26 21:10 . 2013-02-08 21:38	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 21:10 . 2013-02-08 21:38	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-21 05:14 . 2014-05-11 16:36	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-05-11 16:36	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-16 02:03 . 2013-03-21 23:41	103374192	----a-w-	c:\windows\system32\MRT.exe
2014-10-30 11:25 . 2013-02-08 21:43	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-09-16 18:58 . 2013-05-22 06:11	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
@="{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}"
[HKEY_CLASSES_ROOT\CLSID\{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
2012-09-24 15:47	868352	----a-w-	c:\program files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-07-19 133440]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-10 5015040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"LexwareInfoService"="c:\program files (x86)\Lexware\Update Manager\LxUpdateManager.exe" [2013-10-08 208424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware  (cleanup)"="c:\programdata\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" [2014-11-21 54072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2014-9-12 1427736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 cpuz134;cpuz134;c:\users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S1 ui11drdr;ui11drdr;c:\windows\system32\DRIVERS\ui11drdr.sys;c:\windows\SYSNATIVE\DRIVERS\ui11drdr.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Lexware_Update_Service;Lexware Update Service;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - tmcomm
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 21:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
@="{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}"
[HKEY_CLASSES_ROOT\CLSID\{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
2012-09-24 15:48	944128	----a-w-	c:\program files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-07 398656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin_OT\AppData\Roaming\Mozilla\Firefox\Profiles\6eovspcd.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-genesis_08301302 - c:\users\admin_ot\appdata\local\genesis_08301302\genesis_08301302.exe
Wow6432Node-HKCU-Run-PCKeeper2 - c:\program files\Kromtech\PCKeeper\PCKeeper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-DesktopDock - c:\program files (x86)\Desktop Dock\DesktopDockappuninstall.exe
AddRemove-genesis_08301302 - c:\users\admin_ot\appdata\local\genesis_08301302\genesis_08301302.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-11  17:41:02
ComboFix-quarantined-files.txt  2014-12-11 16:41
.
Vor Suchlauf: 12 Verzeichnis(se), 433.701.474.304 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 433.310.285.824 Bytes frei
.
- - End Of File - - 7865619A8125C01BE756FAF660B5A81A
A36C5E4F47E84449FF07ED3517B43A31
         


Gruß Oliver-T


Alt 12.12.2014, 16:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung

Alt 12.12.2014, 18:56   #7
Oliver-T
 
Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



Hallo,

dannn fangen wir mal an. Hier die MBAM.txt

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 12.12.2014
Suchlauf-Zeit: 18:46:53
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.12.05
Rootkit Datenbank: v2014.12.08.03
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Oliver

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 692952
Verstrichene Zeit: 31 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
ADWclenaer.txt

Code:
ATTFilter
# AdwCleaner v4.105 - Bericht erstellt am 12/12/2014 um 19:41:39
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Local]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Oliver - USER-PC
# Gestartet von : C:\Users\Oliver\Desktop\adwcleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Oliver\Documents\Updater

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Nico Mak Computing

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v


-\\ Comodo Dragon v


*************************

AdwCleaner[R19].txt - [3029 octets] - [07/12/2014 21:48:51]
AdwCleaner[R20].txt - [3821 octets] - [08/12/2014 17:15:43]
AdwCleaner[R21].txt - [3199 octets] - [08/12/2014 18:11:30]
AdwCleaner[R22].txt - [1077 octets] - [09/12/2014 07:54:33]
AdwCleaner[R23].txt - [2362 octets] - [09/12/2014 07:56:33]
AdwCleaner[R24].txt - [2562 octets] - [09/12/2014 08:34:44]
AdwCleaner[R25].txt - [1386 octets] - [09/12/2014 08:50:23]
AdwCleaner[R26].txt - [1771 octets] - [10/12/2014 22:15:50]
AdwCleaner[R27].txt - [1570 octets] - [10/12/2014 22:28:05]
AdwCleaner[R28].txt - [1797 octets] - [12/12/2014 19:39:35]
AdwCleaner[S17].txt - [3883 octets] - [08/12/2014 17:17:47]
AdwCleaner[S18].txt - [2974 octets] - [09/12/2014 07:57:47]
AdwCleaner[S19].txt - [2624 octets] - [09/12/2014 08:35:44]
AdwCleaner[S20].txt - [1772 octets] - [10/12/2014 22:17:44]
AdwCleaner[S21].txt - [1656 octets] - [12/12/2014 19:41:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S21].txt - [1717 octets] ##########
         
JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Oliver on 12.12.2014 at 19:46:27,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\jhlrbz5d.default-1418246659869\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.12.2014 at 19:49:07,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST-Log.txt


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by Oliver (administrator) on USER-PC on 12-12-2014 19:53:33
Running from C:\Users\Oliver\Desktop
Loaded Profile: Oliver (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Oliver\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-10] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1388768884-318842917-2379483617-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\jhlrbz5d.default-1418246659869
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-05]
CHR StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 19:49 - 2014-12-12 19:49 - 00000772 _____ () C:\Users\Oliver\Desktop\JRT.txt
2014-12-12 19:45 - 2014-12-12 19:45 - 00001202 _____ () C:\mbam.txt
2014-12-11 23:30 - 2014-12-12 19:42 - 00000022 _____ () C:\Windows\S.dirmngr
2014-12-11 23:09 - 2014-12-11 23:09 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps
2014-12-11 17:41 - 2014-12-11 17:41 - 00099544 _____ () C:\ComboFix.txt
2014-12-11 17:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 17:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 17:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 16:54 - 2014-12-11 17:41 - 00000000 ____D () C:\Qoobox
2014-12-11 16:54 - 2014-12-11 17:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-11 16:52 - 2014-12-11 16:52 - 05600944 ____R (Swearware) C:\Users\Admin_OT\Desktop\ComboFix.exe
2014-12-10 22:33 - 2014-12-10 22:33 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-10 22:31 - 2014-12-10 22:31 - 00000000 __SHD () C:\Users\NiclasPascal\AppData\Local\EmieBrowserModeList
2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\Lexware
2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Local\Lexware
2014-12-10 22:27 - 2014-12-10 22:27 - 02166272 _____ () C:\Users\Broken Cue\Downloads\adwcleaner_4.105.exe
2014-12-10 22:24 - 2014-12-10 22:24 - 00000000 ____D () C:\Users\Oliver\Desktop\Alte Firefox-Daten
2014-12-10 22:15 - 2014-12-10 22:15 - 02166272 _____ () C:\Users\Oliver\Desktop\adwcleaner_4.105.exe
2014-12-10 22:11 - 2014-12-10 22:11 - 01768604 _____ () C:\USER-PC_2014.12.10-2159.58_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip
2014-12-10 21:59 - 2014-12-10 22:11 - 00000000 ____D () C:\Users\Oliver\Desktop\TrendMicro AntiThreat Toolkit
2014-12-10 21:56 - 2014-12-10 21:56 - 01751655 _____ () C:\USER-PC_2014.12.10-2145.15_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip
2014-12-10 21:43 - 2014-12-10 21:44 - 05155400 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_collector_cli_x64.exe
2014-12-09 20:00 - 2014-12-09 20:11 - 00032377 _____ () C:\Users\Broken Cue\Desktop\FRST.txt
2014-12-09 20:00 - 2014-12-09 20:00 - 00019050 _____ () C:\Users\Broken Cue\Desktop\Addition.txt
2014-12-09 19:58 - 2014-12-09 19:59 - 02119680 _____ (Farbar) C:\Users\Broken Cue\Desktop\FRST64.exe
2014-12-09 18:22 - 2014-12-09 18:22 - 14107296 _____ (Microsoft Corporation) C:\Users\Broken Cue\Downloads\mseinstall.exe
2014-12-09 18:04 - 2014-12-09 18:04 - 00978153 _____ () C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip
2014-12-09 18:04 - 2014-12-09 18:04 - 00000334 _____ () C:\Users\Oliver\Downloads\Result.txt
2014-12-09 18:02 - 2014-12-09 18:02 - 00000330 _____ () C:\Users\Oliver\Desktop\Result.txt
2014-12-09 18:00 - 2014-12-09 18:01 - 09208192 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_far_gui_x64.exe
2014-12-09 17:46 - 2014-12-09 18:04 - 00000000 ____D () C:\Users\Oliver\Downloads\TrendMicro AntiThreat Toolkit
2014-12-09 17:46 - 2014-12-09 17:46 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-12-09 17:46 - 2014-12-09 17:46 - 00000036 _____ () C:\Users\Oliver\AppData\Local\housecall.guid.cache
2014-12-09 17:44 - 2014-12-09 17:45 - 25820464 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_ScanCleanOnline_gui_x64.exe
2014-12-09 08:57 - 2014-12-09 08:57 - 00000628 _____ () C:\Users\Admin_OT\Desktop\JRT.txt
2014-12-09 07:53 - 2014-12-09 07:53 - 00048162 _____ () C:\Users\Oliver\Desktop\ESET-Scanner.txt
2014-12-08 21:25 - 2014-12-08 21:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-08 20:35 - 2014-12-12 19:53 - 00010803 _____ () C:\Users\Oliver\Desktop\FRST.txt
2014-12-08 20:35 - 2014-12-08 20:36 - 00024059 _____ () C:\Users\Oliver\Desktop\Addition.txt
2014-12-08 20:13 - 2014-12-08 20:13 - 00638888 _____ (Oracle Corporation) C:\Users\Oliver\Downloads\jxpiinstall(1).exe
2014-12-08 19:59 - 2014-12-08 20:00 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe
2014-12-08 19:56 - 2014-12-08 19:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-08 19:54 - 2014-12-08 19:54 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe
2014-12-08 19:51 - 2014-12-08 19:52 - 01707646 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT(1).exe
2014-12-08 19:50 - 2014-12-08 19:50 - 02119680 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64(1).exe
2014-12-08 18:55 - 2014-12-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-08 18:54 - 2014-12-08 19:41 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar
2014-12-08 18:53 - 2014-12-08 18:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Oliver\Desktop\mbar-1.08.2.1001.exe
2014-12-08 18:50 - 2014-12-08 18:53 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Nico Mak Computing
2014-12-08 18:49 - 2014-12-08 18:49 - 00000000 ____D () C:\Users\Oliver\Desktop\wzmp_8
2014-12-08 18:19 - 2014-12-08 18:19 - 04917720 _____ (WinZip International LLC ) C:\Users\Oliver\Desktop\wzmp_8.exe
2014-12-07 22:03 - 2014-12-07 22:03 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieBrowserModeList
2014-12-07 21:33 - 2014-12-09 08:50 - 00000385 _____ () C:\AdwCleanerDebug.txt
2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\SUPERDelete
2014-12-07 16:52 - 2014-12-07 16:52 - 20630616 _____ (SUPERAntiSpyware) C:\Users\Oliver\Downloads\SUPERAntiSpyware.exe
2014-12-07 16:46 - 2014-12-07 16:46 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Kromtech
2014-12-07 16:45 - 2014-12-07 16:46 - 00000000 ____D () C:\ProgramData\Kromtech
2014-12-07 16:45 - 2014-12-07 16:45 - 01148048 _____ (Kromtech) C:\Users\Oliver\Downloads\PCKeeper Installer.exe
2014-12-07 14:02 - 2014-12-10 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Admin_OT\AppData\Roaming\Google
2014-12-06 19:09 - 2014-12-06 19:09 - 00000000 __SHD () C:\Users\Admin_OT\AppData\Local\EmieBrowserModeList
2014-12-06 19:07 - 2014-12-07 17:16 - 00000000 ____D () C:\Program Files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028
2014-12-06 19:05 - 2014-12-06 19:05 - 00002169 _____ () C:\Windows\patsearch.bin
2014-12-06 19:05 - 2014-12-06 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer
2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-11-26 22:39 - 2014-11-26 22:39 - 00000353 _____ () C:\Users\Oliver\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-11-23 03:00 - 2014-11-23 03:03 - 927325765 _____ () C:\Users\Oliver\Downloads\Bilder-Gesamt BANDITO - SPORT - KATALOG 2013-2014-300dpi-RGB (alle Bilder in einer ZIP-DATEI).zip
2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2014-11-12 18:19 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 18:19 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 18:19 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 18:19 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 18:19 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 18:19 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 18:19 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 18:19 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 18:19 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 18:19 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 18:19 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 18:19 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 18:19 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 18:19 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 18:19 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 18:19 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 18:19 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 18:19 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 18:19 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 18:19 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 18:19 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 18:19 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 18:19 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 18:19 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 18:19 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 18:19 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 18:19 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 18:19 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 18:19 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 18:19 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 18:19 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 18:19 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 18:19 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 18:19 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 18:19 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 18:19 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 18:19 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 18:19 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 18:19 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 18:19 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 18:19 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 18:19 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 18:19 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 18:19 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 18:19 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 18:19 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 18:19 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 18:19 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 18:19 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 18:19 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 18:19 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 18:19 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 18:19 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 18:19 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 18:19 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 18:19 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 18:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 18:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 18:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 18:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 18:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 18:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 18:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 18:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 18:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 18:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 18:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 18:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 18:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 18:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 18:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 18:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 18:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 18:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 18:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 18:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 18:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 18:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 18:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 18:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 18:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 18:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 18:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 18:16 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 18:16 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 18:16 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 19:53 - 2014-07-31 20:03 - 00000000 ____D () C:\FRST
2014-12-12 19:50 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-12 19:50 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-12 19:44 - 2014-05-11 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 19:42 - 2013-02-07 22:53 - 00850334 _____ () C:\Windows\PFRO.log
2014-12-12 19:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 19:42 - 2009-07-14 05:51 - 00045473 _____ () C:\Windows\setupact.log
2014-12-12 19:41 - 2014-05-11 17:28 - 00000000 ____D () C:\AdwCleaner
2014-12-12 19:41 - 2013-02-07 22:34 - 01513738 _____ () C:\Windows\WindowsUpdate.log
2014-12-12 19:12 - 2013-03-23 01:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-12 18:54 - 2014-01-24 19:11 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\gnupg
2014-12-11 17:51 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-12-11 17:50 - 2013-02-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 17:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-11 17:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-11 17:37 - 2014-04-15 10:12 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Adobe
2014-12-10 22:33 - 2014-05-10 21:56 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-10 22:30 - 2014-08-16 22:03 - 00000000 ____D () C:\Users\Broken Cue\Desktop\Alte Firefox-Daten
2014-12-09 18:22 - 2013-05-18 18:18 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-12-09 18:18 - 2013-02-10 00:30 - 00000000 ____D () C:\ProgramData\Lexware
2014-12-09 17:44 - 2013-02-10 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 08:32 - 2014-07-31 20:04 - 00024932 _____ () C:\Users\Oliver\Downloads\Addition.txt
2014-12-09 08:32 - 2014-07-31 20:03 - 00038741 _____ () C:\Users\Oliver\Downloads\FRST.txt
2014-12-09 07:58 - 2014-08-24 14:34 - 00000000 ____D () C:\Program Files\Google
2014-12-09 07:58 - 2013-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-09 07:57 - 2013-08-06 21:53 - 00001009 _____ () C:\Users\Admin_OT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-08 20:29 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-08 20:14 - 2014-08-07 16:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-08 20:14 - 2014-08-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-08 20:14 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-08 19:04 - 2013-11-24 00:12 - 00000000 ____D () C:\Users\Gast1
2014-12-08 18:54 - 2014-05-11 17:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-08 17:47 - 2014-08-24 14:33 - 00000000 ____D () C:\ProgramData\Google
2014-12-08 17:47 - 2013-11-02 18:17 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Google
2014-12-07 22:04 - 2014-09-07 18:36 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Google
2014-12-07 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-07 00:36 - 2014-05-11 17:36 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-07 00:36 - 2014-05-11 17:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-06 19:10 - 2013-11-23 13:54 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Google
2014-12-06 19:08 - 2014-08-30 14:05 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\com
2014-11-26 22:40 - 2013-06-20 15:14 - 00000921 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk
2014-11-26 22:10 - 2013-03-23 01:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 22:10 - 2013-02-08 22:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2013-02-08 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 06:14 - 2014-05-11 17:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-05-11 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 20:51 - 2013-07-26 12:30 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\CoreFTP
2014-11-18 18:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-18 18:23 - 2013-07-04 22:18 - 00000000 ____D () C:\Users\Admin_OT
2014-11-16 13:13 - 2013-05-20 13:00 - 00319064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 03:09 - 2013-08-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-16 03:03 - 2013-03-22 00:41 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-16 03:00 - 2014-04-15 16:54 - 00000000 ____D () C:\Users\Broken Cue\AppData\Roaming\gnupg

Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\temp\Quarantine.exe
C:\Users\Oliver\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 00:59

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Danke und Gruß
Oliver-T

Alt 13.12.2014, 16:06   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.12.2014, 21:42   #9
Oliver-T
 
Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



ESET.txt

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=216673ff8d3aa4489761df57b70010d1
# engine=21539
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-13 08:46:51
# local_time=2014-12-13 09:46:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7806271 59816927 0 0
# scanned=196743
# found=289
# cleaned=0
# scan_time=6889
sh=FAD22902E5E04BBD7548327E2F3669F3C4398EBA ft=1 fh=dc410bb0cf0df48e vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat\utils.exe.vir"
sh=C0CCC40BC759B407EAD343B0ED12894110984993 ft=1 fh=8ebe33363066074f vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll.vir"
sh=D2144E71BF294132D1B7CC6492137C800C2C4FBF ft=1 fh=3d6507ec3da88c55 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll.vir"
sh=86027C5A385E760601227D577CB3DC04FDF86070 ft=1 fh=0acb381ba3a86d74 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe.vir"
sh=8C2A40A90B2CD1CAA9BFF7E01399E40ED1DE1A0F ft=1 fh=83d2feaca1f3367f vn="Variante von Win32/Toolbar.SearchSuite.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe.vir"
sh=2DA4F830FEA8A2B651772FE0BB5A0F5174639EA1 ft=1 fh=86e1957bfb53b657 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\del_DM_DLL_nsiFDC0.dll.vir"
sh=F1F86700107D394FA2F9D359D352F8B87418618D ft=1 fh=8dea19f4e1c9b63b vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\del_DM_LL_nsiFDC0.dll.vir"
sh=65B406AF190B54B24F2D27945FC70C97C83357F8 ft=1 fh=d48040a09a2c0de9 vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\del_mg_nsiFDC0.dll.vir"
sh=4A077D1F5225C3C471121A789B53284C54B9BF13 ft=1 fh=f83bed8e1453805f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Helper.dll.vir"
sh=89FFEEDDB91905484BF4667EC05D67A5F4DF9AFC ft=1 fh=039b71e88beea6eb vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll.vir"
sh=8704699BFA24190D5C53D29395398C6B45FB85E7 ft=1 fh=b7b4b5f1eb2b6829 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Internet Explorer Settings.exe.vir"
sh=4EA1860F1F4553D0832DF02ED6D5A082FBB77227 ft=1 fh=c8b13d8079499b24 vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll.vir"
sh=9B87DC35BD4A0EF3F773DB566C87B32F3DD725BB ft=1 fh=73cbf311b0224d02 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll.vir"
sh=AD9634E690E8F790596D5E701A86FA1A094B01D7 ft=1 fh=0b7874b4927cc04f vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll.vir"
sh=320458DEE246216A9BE6940D1F7FAB2F87D28FCD ft=1 fh=d569d2f13dc21f85 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\del_DM_LL_nsiFDC0.dll.vir"
sh=9CE2AE46A53F9BFC856AC9B9563BCA5BAE2AC410 ft=1 fh=0e2dc8d81ead77a8 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll.vir"
sh=23FA4B3CB839DF6BF7D255D46A68A7950342F018 ft=1 fh=0d13be051cd43283 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe.vir"
sh=9D94858047468964D3ED7CB03C37595C75C42B04 ft=1 fh=53301a82afab3b33 vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll.vir"
sh=3D6B73A46C07118B2E841D58314B34B55ED976C2 ft=1 fh=ef180aa54ca6a16d vn="Variante von Win32/SProtector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir"
sh=3BCCF906A196D5100A6B78C73457B8C27C587058 ft=1 fh=8e6c2dd3375ae8f1 vn="Variante von Win32/SProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir"
sh=30285CFB31450D66315EA5CFBF9C6AA8103D85FB ft=1 fh=4f8559a9423b21b3 vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll.vir"
sh=0DAFA42039405F8D49A6790180194076BD57C833 ft=1 fh=c71c001147036410 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SNT\rB6.dll.vir"
sh=61CB4B5228E6253863391EF3346C2F9920DBC554 ft=1 fh=c71c00112b13579c vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SNT\rB6.x64.dll.vir"
sh=CF9209557CC4828F1A8536F5AF66358A81393A75 ft=1 fh=b354853738a44732 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicApp.dll.vir"
sh=277966AAC8DD994109B77162DB82849EF1FC8D62 ft=1 fh=f7e7b232febc88cd vn="Variante von Win32/Toolbar.Montiera.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicEng.dll.vir"
sh=431CA401E93A36C4FB726D12B16B4CC058A2C770 ft=1 fh=7cd1c9f2502352b3 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonicsrv.exe.vir"
sh=09AD2A1BCD218E1EA91FC53F55CB6A61770E1144 ft=1 fh=0234086e10d7e544 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll.vir"
sh=54002848ADA82AC181EAC551104FA02E8CBE4585 ft=1 fh=bfddd9982b578fa9 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\uninstall.exe.vir"
sh=54CBEECF2F4AB81622D6708E8A849E3663853F4D ft=1 fh=a481e6d08e557a48 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll.vir"
sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=524ED1264811258D64BA2BE8B48005C6D1935713 ft=1 fh=19b60c262a337e59 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=01C9B3D0E073B824021B29F1FD957A8643DF6931 ft=1 fh=9d9cb38b273b86fe vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=F34BB16FA7EEF85B106A7C3A3FDEEE95ECF18001 ft=1 fh=7bd5299d4d87abc5 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FB15CD6ADCD9BDFBF68D5DF5EAEA02BF329F8D4F ft=1 fh=dfa2b1c2f56e7303 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=B733C40B96BCA6CC139230D0F7C4E51CEC12CF35 ft=1 fh=08ea3c71e6c55c1b vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=D6F9F256C03B81C01D6CFF28D2D966F59F786AC3 ft=1 fh=3a3e287aa52ff7e5 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=D09F832544B921CD7C61A7DB193F29EF6638AD88 ft=1 fh=58a116a27a6d5dbb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir"
sh=C6E3F8034D197C34D61701AC146694B6DBEC36CD ft=1 fh=7f9fa2fc68c7b7f4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll.vir"
sh=FC883B83DA2A9ED93AC2A4CEC9936268A6B264C2 ft=1 fh=80a06d85550fdea2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgArchive.dll.vir"
sh=F3001B5F58A6C6AB8DD7E6E63CB89D20F74EF228 ft=1 fh=f50ea5fcbc656251 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommon.dll.vir"
sh=2CF3C9FBCBEBAA6D75DE43CCC487D62954538F81 ft=1 fh=446d6a4df1e456fa vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll.vir"
sh=60FCD298549E0383DFACBE66420DC922D6BAAF84 ft=1 fh=73f28a50980afe65 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgconfig.dll.vir"
sh=531A5D492B39076AA7990DD76F41B762258B86A7 ft=1 fh=a45064434f491236 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll.vir"
sh=AE57E26160449200540B1FD8E839F1BD5A30327A ft=1 fh=c29c62a52f555ace vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mghooking.dll.vir"
sh=B6E78443D25AF8B978DC24D515DF7B2F673629CC ft=1 fh=ece232c764d65d89 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll.vir"
sh=42B14A7D72C6EDAF5140A2C7B95149B92473853C ft=1 fh=6f2c94e91302d1a2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir"
sh=B28C9BCA89A124EBD2EAAF5073370E7E0E87DB4E ft=1 fh=c56c5ff3b0e7703d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mglogger.dll.vir"
sh=87FF2D9A36B50B5A7DF4D08F87B92BEA86D7DAB7 ft=1 fh=71dc135578fffed6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll.vir"
sh=C86CF9524D11A2392A491EA15ED12D2CA890F249 ft=1 fh=ae21d71fff630a17 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll.vir"
sh=055E7A147AB9DCB141FDF58A0D3CCD825AE8B361 ft=1 fh=ac8cec2f7886b930 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir"
sh=73987118D6F1799B0B29DB00BF7248B20347BB46 ft=1 fh=d25a2527398bc729 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll.vir"
sh=C786E62AB09C10B6277F3E9CFC34207FE56E1FFA ft=1 fh=6c27d70c5686a2b1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll.vir"
sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll.vir"
sh=093FB06E67DB8C5562A823E389853340405B8724 ft=1 fh=1b5e6676818f2ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll.vir"
sh=A679EB39BB32DD88C09E150B0E5F7BAED12467A6 ft=1 fh=0ba701bbd4ac4b73 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll.vir"
sh=9B45902B8B791A84EC6F7D1AD2E8099410D1A467 ft=1 fh=3191d44e293b78d5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir"
sh=AE3254BDF03A347110068EF29CB15C7B554491F0 ft=1 fh=30381f993c8268c2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\SweetIM.exe.vir"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir"
sh=C6831E788B4644AE0DCDF1789375F03E4093B40B ft=1 fh=a421b64af9dc746c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir"
sh=DC70060EA7FA69C5257BB203A6119AC70C3B7AF1 ft=1 fh=9f16fd1670e70b2d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir"
sh=3CDC489B1C3FFC13FF36251CC0700FC1139162CF ft=1 fh=5217c8f320444881 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir"
sh=DBBF5161FC045E081A067405FB664E4BBFA501E2 ft=1 fh=34cce9dbbc63a63f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir"
sh=5F47592891B6E6B173D048D0549500E10BB59DAC ft=1 fh=80e755e9c1ac2530 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir"
sh=2A3C9F2EC019E18F86C58B6FB93BF360F4741D2B ft=1 fh=f6b0e12c07608859 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir"
sh=5A6AF07692A4E73F72AF0EC2FD7E2033C162B554 ft=1 fh=e5925887eea09ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir"
sh=CBED6C3BC6165D2EC2D39BFE751DCDC7BAEFAEA4 ft=1 fh=f61f701680e5ab8e vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir"
sh=4559152B91101CD5ABDEEEFF31C54DB43352613D ft=1 fh=0729c631acba2034 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir"
sh=9236A60C410DE21A4ADCCD07F08EE7749B441909 ft=1 fh=68ff4b48c9f4a7c5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir"
sh=0977698142F186068A7EA31D511C915EA4A652F7 ft=1 fh=33afa6b46a191757 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir"
sh=0DAFA42039405F8D49A6790180194076BD57C833 ft=1 fh=c71c001147036410 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vauudiux\l5Jk.dll.vir"
sh=61CB4B5228E6253863391EF3346C2F9920DBC554 ft=1 fh=c71c00112b13579c vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vauudiux\l5Jk.x64.dll.vir"
sh=0DAFA42039405F8D49A6790180194076BD57C833 ft=1 fh=c71c001147036410 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\wD_jAmq.dll.vir"
sh=61CB4B5228E6253863391EF3346C2F9920DBC554 ft=1 fh=c71c00112b13579c vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\wD_jAmq.x64.dll.vir"
sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CCoupoNpEoAk\qVkzW.exe.vir"
sh=A0D52DCF369EF5A26EDD02F381A30BC06D6159F1 ft=1 fh=c71c00110a80296a vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Fast And Safe\FastAndSafe_x64.dll.vir"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"
sh=03386BF857DDE1D9BD64FAA427780C99A652DB31 ft=1 fh=c71c0011c41d1188 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SNT\ftAa.exe.vir"
sh=03386BF857DDE1D9BD64FAA427780C99A652DB31 ft=1 fh=c71c0011c41d1188 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Vauudiux\dku8c.exe.vir"
sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wiebsaveor\Zka0iO.exe.vir"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"
sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"
sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"
sh=9A189D6EAB28C6F9C20AEEFA3E7134916E38C65B ft=1 fh=c71c0011b919b825 vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=03386BF857DDE1D9BD64FAA427780C99A652DB31 ft=1 fh=c71c0011c41d1188 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\YoutubeAdblocker\AjD0tyaq.exe.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1D0A1572D7AF9A149EB45C0F86B486B9AE8FAF4B ft=1 fh=9a57284d8243f9b8 vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=D4D5EE463CAAA52833E9BB3F879158817F7E1EC6 ft=1 fh=ad9618ff530d45b3 vn="Variante von Win32/Skintrim.MI Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Genesis\Genesis.exe.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=97C98A20388FD894B92FD8325545966CA945BCFB ft=1 fh=6121d07ea56d1649 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Roaming\OpenCandy\EE166B84399549519917AAA6B9FBB839\Setupsft_chr_p1v7.exe.vir"
sh=85FD7FDBEC0C13AA7CD5273125CCA4759AF7CCA1 ft=1 fh=818fd8d1e5da884c vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin_OT\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=C93720F9A743CB34DB813D0CFAB76DB0D95D144D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Roaming\Mozilla\Firefox\Profiles\gtyr1dld.default\Extensions\39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com\extensionData\plugins\91.js.vir"
sh=F178C38848BDD54B93CCE8260C97038114EA2515 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Broken Cue\AppData\Roaming\Mozilla\Firefox\Profiles\gtyr1dld.default\Extensions\staged\39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com\extensionData\plugins\91.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=8CE29B8AB884C4365F82A7A8AFB62B296781C051 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast1\AppData\Roaming\Mozilla\Firefox\Profiles\tgwx4cju.default\Extensions\a0046b9b-fdb9-497f-a4b1-2a108ad6007a@5cdf80b7-0420-4bb7-b3c0-e188e6f4fb8a.com\extensionData\plugins\91.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast2\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=6FC64C28956F5D941FFE08D3D7CACF6B616B4D3D ft=1 fh=7c17f4a215ad88f0 vn="Win32/AdWare.CycloneAd.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\pgcchelper\pgcchelper.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\torch\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\torch\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\torch\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\torch\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\torch\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=614160DEF072B9AD4213165AE9E808D6F8619C6C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\d6ovhb3j.default\Extensions\ahzyiytuj@aoiapva.co.uk\content\bg.js.vir"
sh=219B127C20B6B999A65DEF7CA0ED60C2D57E6691 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\d6ovhb3j.default\Extensions\zvwybvg@auemxl.edu\content\bg.js.vir"
sh=336F3BCB48ECB1F5B206A8B1BCBD184D6AA9E8B4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\ewi1n1o0.default-1403639340520\Extensions\39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com\extensionData\plugins\91.js.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\2380FA7369A341358520EE6E44D2296B\DeltaTB.exe.vir"
sh=92962813AB03375D06DEEC70F8B145DFD7444489 ft=1 fh=be60b5ebbf004ae2 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\30A948F607E140A08204D129DFA17664\speedupmypcDE.exe.vir"
sh=5B9F5D94F47E920E0768B8C097713AAC8092EDEB ft=1 fh=2a9c4b4e1e4f886e vn="Variante von Win32/DealPly.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\wse_astromenda\UpdateProc\UpdateTask.exe.vir"
sh=99414731D83EBD1177112CFE7E3D849C4DC156F5 ft=1 fh=fbdf85939d27573c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=F39CDDB2BA3D32F7C139C1D0B4151334AABDB322 ft=1 fh=290aa484568ed9e5 vn="Variante von Win64/BrowseFox.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys.vir"
sh=D96EE33410477EB0078681B5F03EA011E6EC2AA0 ft=1 fh=716f6450e5e50596 vn="Variante von Win64/BrowseFox.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w64.sys.vir"
sh=106E1261CC5B1FA6F7006910A3CDC10ACAE52E6D ft=1 fh=ef62475443475fff vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Free FLV Converter\Helper.dll"
sh=27D5724BA3C3D14065184558A434A0E78E742EDB ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{7AB5685C-83CF-4BD1-A93A-CBEDA1564AAA}\Custom.dll"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=6527D773A16878E428D8DE50D51F28FEA7AAD655 ft=1 fh=abbd31e330edcbad vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\nsqD036.tmp.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome\User Data\default\extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome\User Data\default\extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1B935276B14854E7E698D195CE39DCEF2E7F69A0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1B935276B14854E7E698D195CE39DCEF2E7F69A0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1A892473B4A1C8553EEBDB71196BC2DB3EB77A35 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkddnpfdffelhkcefcicpopamhjnhffm\2.2\dMBYX6L.js.vir"
sh=C58686B250E1A8AD24A9924B193E37B3BD9520ED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\178\nIH.js.vir"
sh=F977610809D291AC30D3420CE0B94D984E3CC149 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmogaeceiflookajoadfhddkljfknhm\1.0\QGwme0jAI.js.vir"
sh=363F0F073CF26EF8752B06924036C390117C1707 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idddhoodponmeiaocijcbgpndghenian\2.1\yJo16.js.vir"
sh=334598603F05110FA019D1EBD6F61D0B295E85EA ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ncpfnnhhealjhlabihmoodbaafjnddhl\1.3\xiJZWV.js.vir"
sh=1B935276B14854E7E698D195CE39DCEF2E7F69A0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.83_0\extensionData\plugins\91.js.vir"
sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin_OT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js"
sh=27D5724BA3C3D14065184558A434A0E78E742EDB ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{7AB5685C-83CF-4BD1-A93A-CBEDA1564AAA}\Custom.dll"
sh=55436CB2943A4D25CBC3B9367C413CD364C85050 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hniiadklfgdhjcmmkpggffjngihaaoip\1.26.31_0\extensionData\plugins\91.js"
sh=B474C19AF67A3EA0369B9E000D40D1375F2A67BE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm\1.26.80_0\extensionData\plugins\91.js"
sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Broken Cue\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js"
sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NiclasPascal\AppData\Roaming\LSHLRGPF"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NiclasPascal\AppData\Roaming\QAKOG"
sh=55436CB2943A4D25CBC3B9367C413CD364C85050 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hniiadklfgdhjcmmkpggffjngihaaoip\1.26.31_0\extensionData\plugins\91.js"
sh=B474C19AF67A3EA0369B9E000D40D1375F2A67BE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm\1.26.80_0\extensionData\plugins\91.js"
sh=B0AFD26B7B84EAFAAB66F2E84C93D4970EAD9CD8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.441_0\main.js"
sh=B7A1757508588C3F277B97F877A74350068370AD ft=1 fh=49b56f64fa90416e vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Desktop\wzmp_8.exe"
sh=B8295405FD13046577AB28A5152FD1AD343E0AB7 ft=1 fh=c71c001110b3f691 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Oliver\Downloads\COMPUTER_BILD-Download-Manager_fuer_cdbxp_setup_4.5.3.4643.exe"
sh=A8B9FDF9235176B686E94146EA769821C5492374 ft=1 fh=c71c001110b3f691 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Oliver\Downloads\COMPUTER_BILD-Download-Manager_fuer_FreeAudioCDBurner.exe"
sh=A6A9207E483D8FFC9E5FD3B77033B983E4BC5671 ft=1 fh=c71c0011bde365a0 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\FreeAudioCDBurner(1).exe"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\MyPhoneExplorer_1.8.5.exe"
sh=B1F7740AC46A1750FC10DC4768D89DFCAD77E85C ft=1 fh=37bbe5db5c9182cf vn="Win32/Toolbar.Babylon.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\ReimageRepair.exe"
sh=B501C94EB2644AF094FE2008D214793AE243DAD9 ft=1 fh=1c5ab5e72fdaa7fe vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\Windows-KB890830-V5.14 - CHIP-Installer.exe"
sh=33D5A5EED31629F3541DD8196065DCF6AB674F81 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\490d67f8.msi"
         
Checkup.txt

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 15.0.0.246  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST.txt


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Oliver (administrator) on USER-PC on 13-12-2014 22:38:12
Running from C:\Users\Oliver\Desktop
Loaded Profiles: Oliver & Broken Cue (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
() C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\faktura + auftrag\2014\Pcfk32.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WzPreviewer32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-10] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\RunOnce: [Adobe Speed Launcher] => 1418488634
HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\RunOnce: [Adobe Speed Launcher] => 1418468260
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1388768884-318842917-2379483617-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1388768884-318842917-2379483617-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\jhlrbz5d.default-1418246659869
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome: 
=======
CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-05]
CHR StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 22:38 - 2014-12-13 22:38 - 02119168 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64.exe
2014-12-13 22:38 - 2014-12-13 22:38 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion
2014-12-13 22:34 - 2014-12-13 22:34 - 00072706 _____ () C:\Users\Oliver\Desktop\ESET.txt
2014-12-13 19:51 - 2014-12-13 19:51 - 00852490 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe
2014-12-13 19:49 - 2014-12-13 19:49 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe
2014-12-12 19:49 - 2014-12-12 19:49 - 00000772 _____ () C:\Users\Oliver\Desktop\JRT.txt
2014-12-12 19:45 - 2014-12-12 19:45 - 00001202 _____ () C:\mbam.txt
2014-12-11 23:30 - 2014-12-12 19:42 - 00000022 _____ () C:\Windows\S.dirmngr
2014-12-11 23:09 - 2014-12-11 23:09 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps
2014-12-11 17:41 - 2014-12-11 17:41 - 00099544 _____ () C:\ComboFix.txt
2014-12-11 17:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 17:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 17:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 16:54 - 2014-12-11 17:41 - 00000000 ____D () C:\Qoobox
2014-12-11 16:54 - 2014-12-11 17:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-11 16:52 - 2014-12-11 16:52 - 05600944 ____R (Swearware) C:\Users\Admin_OT\Desktop\ComboFix.exe
2014-12-10 22:33 - 2014-12-10 22:33 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-10 22:31 - 2014-12-10 22:31 - 00000000 __SHD () C:\Users\NiclasPascal\AppData\Local\EmieBrowserModeList
2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\Lexware
2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Local\Lexware
2014-12-10 22:27 - 2014-12-10 22:27 - 02166272 _____ () C:\Users\Broken Cue\Downloads\adwcleaner_4.105.exe
2014-12-10 22:24 - 2014-12-10 22:24 - 00000000 ____D () C:\Users\Oliver\Desktop\Alte Firefox-Daten
2014-12-10 22:15 - 2014-12-10 22:15 - 02166272 _____ () C:\Users\Oliver\Desktop\adwcleaner_4.105.exe
2014-12-10 22:11 - 2014-12-10 22:11 - 01768604 _____ () C:\USER-PC_2014.12.10-2159.58_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip
2014-12-10 21:59 - 2014-12-10 22:11 - 00000000 ____D () C:\Users\Oliver\Desktop\TrendMicro AntiThreat Toolkit
2014-12-10 21:56 - 2014-12-10 21:56 - 01751655 _____ () C:\USER-PC_2014.12.10-2145.15_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip
2014-12-10 21:43 - 2014-12-10 21:44 - 05155400 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_collector_cli_x64.exe
2014-12-09 20:00 - 2014-12-09 20:11 - 00032377 _____ () C:\Users\Broken Cue\Desktop\FRST.txt
2014-12-09 20:00 - 2014-12-09 20:00 - 00019050 _____ () C:\Users\Broken Cue\Desktop\Addition.txt
2014-12-09 19:58 - 2014-12-09 19:59 - 02119680 _____ (Farbar) C:\Users\Broken Cue\Desktop\FRST64.exe
2014-12-09 18:22 - 2014-12-09 18:22 - 14107296 _____ (Microsoft Corporation) C:\Users\Broken Cue\Downloads\mseinstall.exe
2014-12-09 18:04 - 2014-12-09 18:04 - 00978153 _____ () C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip
2014-12-09 18:04 - 2014-12-09 18:04 - 00000334 _____ () C:\Users\Oliver\Downloads\Result.txt
2014-12-09 18:02 - 2014-12-09 18:02 - 00000330 _____ () C:\Users\Oliver\Desktop\Result.txt
2014-12-09 18:00 - 2014-12-09 18:01 - 09208192 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_far_gui_x64.exe
2014-12-09 17:46 - 2014-12-09 18:04 - 00000000 ____D () C:\Users\Oliver\Downloads\TrendMicro AntiThreat Toolkit
2014-12-09 17:46 - 2014-12-09 17:46 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-12-09 17:46 - 2014-12-09 17:46 - 00000036 _____ () C:\Users\Oliver\AppData\Local\housecall.guid.cache
2014-12-09 17:44 - 2014-12-09 17:45 - 25820464 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_ScanCleanOnline_gui_x64.exe
2014-12-09 08:57 - 2014-12-09 08:57 - 00000628 _____ () C:\Users\Admin_OT\Desktop\JRT.txt
2014-12-09 07:53 - 2014-12-09 07:53 - 00048162 _____ () C:\Users\Oliver\Desktop\ESET-Scanner.txt
2014-12-08 21:25 - 2014-12-08 21:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-08 20:35 - 2014-12-13 22:38 - 00013198 _____ () C:\Users\Oliver\Desktop\FRST.txt
2014-12-08 20:35 - 2014-12-08 20:36 - 00024059 _____ () C:\Users\Oliver\Desktop\Addition.txt
2014-12-08 20:13 - 2014-12-08 20:13 - 00638888 _____ (Oracle Corporation) C:\Users\Oliver\Downloads\jxpiinstall(1).exe
2014-12-08 19:59 - 2014-12-08 20:00 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe
2014-12-08 19:56 - 2014-12-08 19:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-08 19:51 - 2014-12-08 19:52 - 01707646 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT(1).exe
2014-12-08 18:55 - 2014-12-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-08 18:54 - 2014-12-08 19:41 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar
2014-12-08 18:53 - 2014-12-08 18:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Oliver\Desktop\mbar-1.08.2.1001.exe
2014-12-08 18:50 - 2014-12-08 18:53 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Nico Mak Computing
2014-12-08 18:49 - 2014-12-08 18:49 - 00000000 ____D () C:\Users\Oliver\Desktop\wzmp_8
2014-12-08 18:19 - 2014-12-08 18:19 - 04917720 _____ (WinZip International LLC ) C:\Users\Oliver\Desktop\wzmp_8.exe
2014-12-07 22:03 - 2014-12-07 22:03 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieBrowserModeList
2014-12-07 21:33 - 2014-12-09 08:50 - 00000385 _____ () C:\AdwCleanerDebug.txt
2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\SUPERDelete
2014-12-07 16:52 - 2014-12-07 16:52 - 20630616 _____ (SUPERAntiSpyware) C:\Users\Oliver\Downloads\SUPERAntiSpyware.exe
2014-12-07 16:46 - 2014-12-07 16:46 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Kromtech
2014-12-07 16:45 - 2014-12-07 16:46 - 00000000 ____D () C:\ProgramData\Kromtech
2014-12-07 16:45 - 2014-12-07 16:45 - 01148048 _____ (Kromtech) C:\Users\Oliver\Downloads\PCKeeper Installer.exe
2014-12-07 14:02 - 2014-12-10 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Admin_OT\AppData\Roaming\Google
2014-12-06 19:09 - 2014-12-06 19:09 - 00000000 __SHD () C:\Users\Admin_OT\AppData\Local\EmieBrowserModeList
2014-12-06 19:07 - 2014-12-07 17:16 - 00000000 ____D () C:\Program Files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028
2014-12-06 19:05 - 2014-12-06 19:05 - 00002169 _____ () C:\Windows\patsearch.bin
2014-12-06 19:05 - 2014-12-06 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer
2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-11-26 22:39 - 2014-11-26 22:39 - 00000353 _____ () C:\Users\Oliver\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-11-23 03:00 - 2014-11-23 03:03 - 927325765 _____ () C:\Users\Oliver\Downloads\Bilder-Gesamt BANDITO - SPORT - KATALOG 2013-2014-300dpi-RGB (alle Bilder in einer ZIP-DATEI).zip
2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 22:38 - 2014-07-31 20:03 - 00000000 ____D () C:\FRST
2014-12-13 22:36 - 2013-02-07 22:34 - 01184265 _____ () C:\Windows\WindowsUpdate.log
2014-12-13 22:10 - 2013-03-23 01:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 21:45 - 2014-01-24 19:11 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\gnupg
2014-12-13 19:54 - 2014-05-11 17:28 - 00000000 ____D () C:\AdwCleaner
2014-12-13 15:21 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-13 15:21 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-13 13:10 - 2013-03-23 01:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-13 13:10 - 2013-02-08 22:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 13:10 - 2013-02-08 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-13 11:57 - 2013-02-10 00:30 - 00000000 ____D () C:\ProgramData\Lexware
2014-12-12 19:44 - 2014-05-11 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 19:42 - 2013-02-07 22:53 - 00850334 _____ () C:\Windows\PFRO.log
2014-12-12 19:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 19:42 - 2009-07-14 05:51 - 00045473 _____ () C:\Windows\setupact.log
2014-12-11 17:51 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-12-11 17:50 - 2013-02-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 17:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-11 17:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-11 17:37 - 2014-04-15 10:12 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Adobe
2014-12-10 22:33 - 2014-05-10 21:56 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-10 22:30 - 2014-08-16 22:03 - 00000000 ____D () C:\Users\Broken Cue\Desktop\Alte Firefox-Daten
2014-12-09 18:22 - 2013-05-18 18:18 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-12-09 17:44 - 2013-02-10 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 08:32 - 2014-07-31 20:04 - 00024932 _____ () C:\Users\Oliver\Downloads\Addition.txt
2014-12-09 08:32 - 2014-07-31 20:03 - 00038741 _____ () C:\Users\Oliver\Downloads\FRST.txt
2014-12-09 07:58 - 2014-08-24 14:34 - 00000000 ____D () C:\Program Files\Google
2014-12-09 07:58 - 2013-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-09 07:57 - 2013-08-06 21:53 - 00001009 _____ () C:\Users\Admin_OT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-08 20:29 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-08 20:14 - 2014-08-07 16:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-08 20:14 - 2014-08-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-08 20:14 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-08 19:04 - 2013-11-24 00:12 - 00000000 ____D () C:\Users\Gast1
2014-12-08 18:54 - 2014-05-11 17:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-08 17:47 - 2014-08-24 14:33 - 00000000 ____D () C:\ProgramData\Google
2014-12-08 17:47 - 2013-11-02 18:17 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Google
2014-12-07 22:04 - 2014-09-07 18:36 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Google
2014-12-07 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-07 00:36 - 2014-05-11 17:36 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-07 00:36 - 2014-05-11 17:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-06 19:10 - 2013-11-23 13:54 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Google
2014-12-06 19:08 - 2014-08-30 14:05 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\com
2014-11-26 22:40 - 2013-06-20 15:14 - 00000921 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk
2014-11-21 06:14 - 2014-05-11 17:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-05-11 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 20:51 - 2013-07-26 12:30 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\CoreFTP
2014-11-18 18:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-18 18:23 - 2013-07-04 22:18 - 00000000 ____D () C:\Users\Admin_OT
2014-11-16 13:13 - 2013-05-20 13:00 - 00319064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 03:09 - 2013-08-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-16 03:03 - 2013-03-22 00:41 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-16 03:00 - 2014-04-15 16:54 - 00000000 ____D () C:\Users\Broken Cue\AppData\Roaming\gnupg

Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\temp\IntResource.dll
C:\Users\Oliver\AppData\Local\temp\Quarantine.exe
C:\Users\Oliver\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 00:59

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Danke für die klasse Unterstützung.
Die wild erschienen Werbefenster sind nicht mehr der Fall und es sieht so aus als wenn wieder alles in Ordnung ist. Ich habe aber die Vermutung, dass noch irgendetwas vorhanden ist. Wenn ich den ADCleaner laufen lasse findet der nach einiger Zeit wieder etwas.
Mit welchen Tools kann ich mich schützen? Microsoft Essentials oder mit was?

Gruß Oliver-T

Alt 14.12.2014, 15:32   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



Ich empfehle immer Emsisoft


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\InstallMate
C:\Users\Gast\AppData\Local\Google\Chrome SxS
C:\Users\NiclasPascal\AppData\Roaming\LSHLRGPF
C:\Users\NiclasPascal\AppData\Roaming\QAKOG
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Download Ordner leeren.


Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de


Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.12.2014, 18:53   #11
Oliver-T
 
Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



FixLog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014
Ran by Oliver at 2014-12-14 19:38:46 Run:1
Running from C:\Users\Oliver\Desktop
Loaded Profiles: Oliver & Broken Cue & NiclasPascal (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\InstallMate
C:\Users\Gast\AppData\Local\Google\Chrome SxS
C:\Users\NiclasPascal\AppData\Roaming\LSHLRGPF
C:\Users\NiclasPascal\AppData\Roaming\QAKOG
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175
Emptytemp:
         
*****************

C:\ProgramData\InstallMate => Moved successfully.
C:\Users\Gast\AppData\Local\Google\Chrome SxS => Moved successfully.
C:\Users\NiclasPascal\AppData\Roaming\LSHLRGPF => Moved successfully.
C:\Users\NiclasPascal\AppData\Roaming\QAKOG => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 405.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         
Chrome hatte ich nicht installiert und brauchte daher nicht gelöscht werden. Zudem habe ich es in der der Übersicht von Revo Uninstaller nicht gefunden.

Ein frisches FRST Log


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014
Ran by Oliver (administrator) on USER-PC on 14-12-2014 19:50:47
Running from C:\Users\Oliver\Desktop
Loaded Profile: Oliver (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-10] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\RunOnce: [Adobe Speed Launcher] => 1418582462
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1388768884-318842917-2379483617-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\wnady7oq.default-1418582923771
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-05]
CHR StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 19:44 - 2014-12-14 19:44 - 00001264 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk
2014-12-14 19:44 - 2014-12-14 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-14 19:43 - 2014-12-14 19:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oliver\Desktop\revosetup95.exe
2014-12-14 19:40 - 2014-12-14 19:40 - 00000022 _____ () C:\Windows\S.dirmngr
2014-12-14 15:50 - 2014-12-14 15:50 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\MyPhoneExplorer
2014-12-13 22:38 - 2014-12-14 19:38 - 02119680 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64.exe
2014-12-13 22:38 - 2014-12-14 19:38 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion
2014-12-13 22:34 - 2014-12-13 22:34 - 00072706 _____ () C:\Users\Oliver\Desktop\ESET.txt
2014-12-13 19:51 - 2014-12-13 19:51 - 00852490 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe
2014-12-13 19:49 - 2014-12-13 19:49 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe
2014-12-12 19:49 - 2014-12-12 19:49 - 00000772 _____ () C:\Users\Oliver\Desktop\JRT.txt
2014-12-12 19:45 - 2014-12-12 19:45 - 00001202 _____ () C:\mbam.txt
2014-12-11 23:12 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 23:12 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 23:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 23:12 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 23:12 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 23:12 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 23:12 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 23:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 23:12 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 23:12 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 23:12 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 23:12 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 23:12 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 23:12 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 23:12 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 23:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 23:12 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 23:12 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 23:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 23:12 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 23:12 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 23:12 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 23:12 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 23:12 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 23:12 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 23:12 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 23:12 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 23:12 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 23:12 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 23:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 23:12 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 23:12 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 23:12 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 23:12 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 23:12 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 23:12 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 23:12 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 23:12 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 23:12 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 23:12 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 23:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 23:12 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 23:12 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 23:12 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 23:12 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 23:12 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 23:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 23:12 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 23:12 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 23:12 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 23:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 23:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 23:12 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 23:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 23:12 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 23:12 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 23:12 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 23:12 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 23:09 - 2014-12-11 23:09 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps
2014-12-11 17:41 - 2014-12-11 17:41 - 00099544 _____ () C:\ComboFix.txt
2014-12-11 17:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 17:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 17:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 16:54 - 2014-12-11 17:41 - 00000000 ____D () C:\Qoobox
2014-12-11 16:54 - 2014-12-11 17:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-11 16:52 - 2014-12-11 16:52 - 05600944 ____R (Swearware) C:\Users\Admin_OT\Desktop\ComboFix.exe
2014-12-10 22:33 - 2014-12-10 22:33 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-10 22:31 - 2014-12-10 22:31 - 00000000 __SHD () C:\Users\NiclasPascal\AppData\Local\EmieBrowserModeList
2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\Lexware
2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Local\Lexware
2014-12-10 22:27 - 2014-12-10 22:27 - 02166272 _____ () C:\Users\Broken Cue\Downloads\adwcleaner_4.105.exe
2014-12-10 22:24 - 2014-12-14 19:48 - 00000000 ____D () C:\Users\Oliver\Desktop\Alte Firefox-Daten
2014-12-10 22:15 - 2014-12-10 22:15 - 02166272 _____ () C:\Users\Oliver\Desktop\adwcleaner_4.105.exe
2014-12-10 22:11 - 2014-12-10 22:11 - 01768604 _____ () C:\USER-PC_2014.12.10-2159.58_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip
2014-12-10 21:59 - 2014-12-10 22:11 - 00000000 ____D () C:\Users\Oliver\Desktop\TrendMicro AntiThreat Toolkit
2014-12-10 21:56 - 2014-12-10 21:56 - 01751655 _____ () C:\USER-PC_2014.12.10-2145.15_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip
2014-12-10 21:43 - 2014-12-10 21:44 - 05155400 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_collector_cli_x64.exe
2014-12-09 20:00 - 2014-12-09 20:11 - 00032377 _____ () C:\Users\Broken Cue\Desktop\FRST.txt
2014-12-09 20:00 - 2014-12-09 20:00 - 00019050 _____ () C:\Users\Broken Cue\Desktop\Addition.txt
2014-12-09 19:58 - 2014-12-09 19:59 - 02119680 _____ (Farbar) C:\Users\Broken Cue\Desktop\FRST64.exe
2014-12-09 18:22 - 2014-12-09 18:22 - 14107296 _____ (Microsoft Corporation) C:\Users\Broken Cue\Downloads\mseinstall.exe
2014-12-09 18:04 - 2014-12-09 18:04 - 00978153 _____ () C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip
2014-12-09 18:04 - 2014-12-09 18:04 - 00000334 _____ () C:\Users\Oliver\Downloads\Result.txt
2014-12-09 18:02 - 2014-12-09 18:02 - 00000330 _____ () C:\Users\Oliver\Desktop\Result.txt
2014-12-09 18:00 - 2014-12-09 18:01 - 09208192 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_far_gui_x64.exe
2014-12-09 17:46 - 2014-12-09 18:04 - 00000000 ____D () C:\Users\Oliver\Downloads\TrendMicro AntiThreat Toolkit
2014-12-09 17:46 - 2014-12-09 17:46 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-12-09 17:46 - 2014-12-09 17:46 - 00000036 _____ () C:\Users\Oliver\AppData\Local\housecall.guid.cache
2014-12-09 17:44 - 2014-12-09 17:45 - 25820464 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_ScanCleanOnline_gui_x64.exe
2014-12-09 08:57 - 2014-12-09 08:57 - 00000628 _____ () C:\Users\Admin_OT\Desktop\JRT.txt
2014-12-09 07:53 - 2014-12-09 07:53 - 00048162 _____ () C:\Users\Oliver\Desktop\ESET-Scanner.txt
2014-12-08 20:35 - 2014-12-14 19:50 - 00011374 _____ () C:\Users\Oliver\Desktop\FRST.txt
2014-12-08 20:35 - 2014-12-08 20:36 - 00024059 _____ () C:\Users\Oliver\Desktop\Addition.txt
2014-12-08 20:13 - 2014-12-08 20:13 - 00638888 _____ (Oracle Corporation) C:\Users\Oliver\Downloads\jxpiinstall(1).exe
2014-12-08 19:59 - 2014-12-08 20:00 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe
2014-12-08 19:56 - 2014-12-08 19:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-08 19:51 - 2014-12-08 19:52 - 01707646 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT(1).exe
2014-12-08 18:55 - 2014-12-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-08 18:54 - 2014-12-08 19:41 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar
2014-12-08 18:53 - 2014-12-08 18:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Oliver\Desktop\mbar-1.08.2.1001.exe
2014-12-08 18:50 - 2014-12-08 18:53 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Nico Mak Computing
2014-12-08 18:49 - 2014-12-08 18:49 - 00000000 ____D () C:\Users\Oliver\Desktop\wzmp_8
2014-12-08 18:19 - 2014-12-08 18:19 - 04917720 _____ (WinZip International LLC ) C:\Users\Oliver\Desktop\wzmp_8.exe
2014-12-07 22:03 - 2014-12-07 22:03 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieBrowserModeList
2014-12-07 21:33 - 2014-12-09 08:50 - 00000385 _____ () C:\AdwCleanerDebug.txt
2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\SUPERDelete
2014-12-07 16:52 - 2014-12-07 16:52 - 20630616 _____ (SUPERAntiSpyware) C:\Users\Oliver\Downloads\SUPERAntiSpyware.exe
2014-12-07 16:46 - 2014-12-07 16:46 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Kromtech
2014-12-07 16:45 - 2014-12-07 16:46 - 00000000 ____D () C:\ProgramData\Kromtech
2014-12-07 16:45 - 2014-12-07 16:45 - 01148048 _____ (Kromtech) C:\Users\Oliver\Downloads\PCKeeper Installer.exe
2014-12-07 14:02 - 2014-12-10 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Admin_OT\AppData\Roaming\Google
2014-12-06 19:09 - 2014-12-06 19:09 - 00000000 __SHD () C:\Users\Admin_OT\AppData\Local\EmieBrowserModeList
2014-12-06 19:07 - 2014-12-07 17:16 - 00000000 ____D () C:\Program Files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028
2014-12-06 19:05 - 2014-12-06 19:05 - 00002169 _____ () C:\Windows\patsearch.bin
2014-12-06 19:05 - 2014-12-06 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer
2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-11-26 22:39 - 2014-11-26 22:39 - 00000353 _____ () C:\Users\Oliver\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-11-23 03:00 - 2014-11-23 03:03 - 927325765 _____ () C:\Users\Oliver\Downloads\Bilder-Gesamt BANDITO - SPORT - KATALOG 2013-2014-300dpi-RGB (alle Bilder in einer ZIP-DATEI).zip
2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 19:50 - 2014-07-31 20:03 - 00000000 ____D () C:\FRST
2014-12-14 19:48 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 19:48 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 19:40 - 2013-02-07 22:53 - 00856120 _____ () C:\Windows\PFRO.log
2014-12-14 19:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 19:40 - 2009-07-14 05:51 - 00045641 _____ () C:\Windows\setupact.log
2014-12-14 19:39 - 2013-02-07 22:34 - 01405368 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 19:38 - 2014-05-10 14:43 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-12-14 19:10 - 2013-03-23 01:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 18:42 - 2014-01-24 19:11 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\gnupg
2014-12-14 14:03 - 2013-05-20 16:45 - 00000000 ____D () C:\Users\Oliver\Documents\Add-in Express
2014-12-14 14:03 - 2013-05-20 13:01 - 00000000 ____D () C:\Users\Oliver
2014-12-14 13:44 - 2013-02-10 00:30 - 00000000 ____D () C:\ProgramData\Lexware
2014-12-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-14 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-14 03:06 - 2013-02-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-14 03:02 - 2013-08-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 03:02 - 2013-03-22 00:41 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 19:54 - 2014-05-11 17:28 - 00000000 ____D () C:\AdwCleaner
2014-12-13 13:10 - 2013-03-23 01:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-13 13:10 - 2013-02-08 22:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 13:10 - 2013-02-08 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 19:44 - 2014-05-11 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 17:51 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-12-11 17:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-11 17:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-11 17:37 - 2014-04-15 10:12 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Adobe
2014-12-10 22:33 - 2014-05-10 21:56 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-10 22:30 - 2014-08-16 22:03 - 00000000 ____D () C:\Users\Broken Cue\Desktop\Alte Firefox-Daten
2014-12-09 18:22 - 2013-05-18 18:18 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-12-09 17:44 - 2013-02-10 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 08:32 - 2014-07-31 20:04 - 00024932 _____ () C:\Users\Oliver\Downloads\Addition.txt
2014-12-09 08:32 - 2014-07-31 20:03 - 00038741 _____ () C:\Users\Oliver\Downloads\FRST.txt
2014-12-09 07:58 - 2014-08-24 14:34 - 00000000 ____D () C:\Program Files\Google
2014-12-09 07:58 - 2013-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-09 07:57 - 2013-08-06 21:53 - 00001009 _____ () C:\Users\Admin_OT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-08 20:29 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-08 20:14 - 2014-08-07 16:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-08 20:14 - 2014-08-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-08 20:14 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-08 19:04 - 2013-11-24 00:12 - 00000000 ____D () C:\Users\Gast1
2014-12-08 18:54 - 2014-05-11 17:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-08 17:47 - 2014-08-24 14:33 - 00000000 ____D () C:\ProgramData\Google
2014-12-08 17:47 - 2013-11-02 18:17 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Google
2014-12-07 22:04 - 2014-09-07 18:36 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Google
2014-12-07 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-07 00:36 - 2014-05-11 17:36 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-07 00:36 - 2014-05-11 17:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-06 19:10 - 2013-11-23 13:54 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Google
2014-12-06 19:08 - 2014-08-30 14:05 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\com
2014-11-26 22:40 - 2013-06-20 15:14 - 00000921 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk
2014-11-21 06:14 - 2014-05-11 17:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-05-11 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 20:51 - 2013-07-26 12:30 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\CoreFTP
2014-11-18 18:23 - 2013-07-04 22:18 - 00000000 ____D () C:\Users\Admin_OT
2014-11-16 13:13 - 2013-05-20 13:00 - 00319064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 03:00 - 2014-04-15 16:54 - 00000000 ____D () C:\Users\Broken Cue\AppData\Roaming\gnupg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 00:59

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Alt 15.12.2014, 18:15   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Nochmal frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.12.2014, 21:16   #13
Oliver-T
 
Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



Hier die Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Oliver at 2014-12-15 22:11:45 Run:2
Running from C:\Users\Oliver\Desktop
Loaded Profiles: Oliver & Broken Cue (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49175;https=127.0.0.1:49175
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

==== End of Fixlog ====
         
FRST Log


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Oliver (administrator) on USER-PC on 15-12-2014 22:14:34
Running from C:\Users\Oliver\Desktop
Loaded Profiles: Oliver & Broken Cue (Available profiles: Oliver & Admin_OT & Broken Cue & NiclasPascal & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
() C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
() C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\faktura + auftrag\2014\Pcfk32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-10] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4954576 2014-12-01] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-1388768884-318842917-2379483617-1003\...\RunOnce: [Adobe Speed Launcher] => 1418582462
HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\RunOnce: [Adobe Speed Launcher] => 1418589010
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1388768884-318842917-2379483617-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1388768884-318842917-2379483617-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\wnady7oq.default-1418582923771
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\wnady7oq.default-1418582923771\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-14]
FF HKU\S-1-5-21-1388768884-318842917-2379483617-1009\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome: 
=======
CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-05]
CHR StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Oliver\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 21:34 - 2014-12-14 21:34 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-12-14 19:59 - 2014-12-14 19:59 - 00001091 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-12-14 19:59 - 2014-12-14 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-12-14 19:58 - 2014-12-15 21:54 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-12-14 19:55 - 2014-12-14 19:57 - 168803768 _____ (Emsisoft Ltd ) C:\Users\Oliver\Downloads\EmsisoftAntiMalwareSetup.exe
2014-12-14 19:44 - 2014-12-14 19:44 - 00001264 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk
2014-12-14 19:44 - 2014-12-14 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-14 19:43 - 2014-12-14 19:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oliver\Desktop\revosetup95.exe
2014-12-14 19:40 - 2014-12-14 19:40 - 00000022 _____ () C:\Windows\S.dirmngr
2014-12-14 15:50 - 2014-12-14 15:50 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\MyPhoneExplorer
2014-12-13 22:38 - 2014-12-15 22:11 - 02119168 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64.exe
2014-12-13 22:38 - 2014-12-15 22:11 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion
2014-12-13 22:34 - 2014-12-13 22:34 - 00072706 _____ () C:\Users\Oliver\Desktop\ESET.txt
2014-12-13 19:51 - 2014-12-13 19:51 - 00852490 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe
2014-12-13 19:49 - 2014-12-13 19:49 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe
2014-12-12 19:49 - 2014-12-12 19:49 - 00000772 _____ () C:\Users\Oliver\Desktop\JRT.txt
2014-12-12 19:45 - 2014-12-12 19:45 - 00001202 _____ () C:\mbam.txt
2014-12-11 23:12 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 23:12 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 23:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 23:12 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 23:12 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 23:12 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 23:12 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 23:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 23:12 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 23:12 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 23:12 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 23:12 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 23:12 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 23:12 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 23:12 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 23:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 23:12 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 23:12 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 23:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 23:12 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 23:12 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 23:12 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 23:12 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 23:12 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 23:12 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 23:12 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 23:12 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 23:12 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 23:12 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 23:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 23:12 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 23:12 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 23:12 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 23:12 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 23:12 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 23:12 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 23:12 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 23:12 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 23:12 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 23:12 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 23:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 23:12 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 23:12 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 23:12 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 23:12 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 23:12 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 23:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 23:12 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 23:12 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 23:12 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 23:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 23:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 23:12 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 23:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 23:12 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 23:12 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 23:12 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 23:12 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 23:09 - 2014-12-15 22:11 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps
2014-12-11 17:41 - 2014-12-11 17:41 - 00099544 _____ () C:\ComboFix.txt
2014-12-11 17:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 17:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 17:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 17:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 16:54 - 2014-12-11 17:41 - 00000000 ____D () C:\Qoobox
2014-12-11 16:54 - 2014-12-11 17:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-11 16:52 - 2014-12-11 16:52 - 05600944 ____R (Swearware) C:\Users\Admin_OT\Desktop\ComboFix.exe
2014-12-10 22:33 - 2014-12-10 22:33 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-10 22:31 - 2014-12-10 22:31 - 00000000 __SHD () C:\Users\NiclasPascal\AppData\Local\EmieBrowserModeList
2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Roaming\Lexware
2014-12-10 22:30 - 2014-12-10 22:30 - 00000000 ____D () C:\Users\NiclasPascal\AppData\Local\Lexware
2014-12-10 22:27 - 2014-12-10 22:27 - 02166272 _____ () C:\Users\Broken Cue\Downloads\adwcleaner_4.105.exe
2014-12-10 22:24 - 2014-12-14 19:48 - 00000000 ____D () C:\Users\Oliver\Desktop\Alte Firefox-Daten
2014-12-10 22:15 - 2014-12-10 22:15 - 02166272 _____ () C:\Users\Oliver\Desktop\adwcleaner_4.105.exe
2014-12-10 22:11 - 2014-12-10 22:11 - 01768604 _____ () C:\USER-PC_2014.12.10-2159.58_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip
2014-12-10 21:59 - 2014-12-10 22:11 - 00000000 ____D () C:\Users\Oliver\Desktop\TrendMicro AntiThreat Toolkit
2014-12-10 21:56 - 2014-12-10 21:56 - 01751655 _____ () C:\USER-PC_2014.12.10-2145.15_3F3182EE-00F5-006A-0000-00336C8F7C2B_10568.zip
2014-12-10 21:43 - 2014-12-10 21:44 - 05155400 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_collector_cli_x64.exe
2014-12-09 20:00 - 2014-12-09 20:11 - 00032377 _____ () C:\Users\Broken Cue\Desktop\FRST.txt
2014-12-09 20:00 - 2014-12-09 20:00 - 00019050 _____ () C:\Users\Broken Cue\Desktop\Addition.txt
2014-12-09 19:58 - 2014-12-09 19:59 - 02119680 _____ (Farbar) C:\Users\Broken Cue\Desktop\FRST64.exe
2014-12-09 18:22 - 2014-12-09 18:22 - 14107296 _____ (Microsoft Corporation) C:\Users\Broken Cue\Downloads\mseinstall.exe
2014-12-09 18:04 - 2014-12-09 18:04 - 00978153 _____ () C:\USER-PC_2014.12.09-1746.25_3F3182EE-00F5-006A-0000-00336C8F7C2B_17905.zip
2014-12-09 18:04 - 2014-12-09 18:04 - 00000334 _____ () C:\Users\Oliver\Downloads\Result.txt
2014-12-09 18:02 - 2014-12-09 18:02 - 00000330 _____ () C:\Users\Oliver\Desktop\Result.txt
2014-12-09 18:00 - 2014-12-09 18:01 - 09208192 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_far_gui_x64.exe
2014-12-09 17:46 - 2014-12-09 18:04 - 00000000 ____D () C:\Users\Oliver\Downloads\TrendMicro AntiThreat Toolkit
2014-12-09 17:46 - 2014-12-09 17:46 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-12-09 17:46 - 2014-12-09 17:46 - 00000036 _____ () C:\Users\Oliver\AppData\Local\housecall.guid.cache
2014-12-09 17:44 - 2014-12-09 17:45 - 25820464 _____ (Trend Micro Inc.) C:\Users\Oliver\Desktop\attk_ScanCleanOnline_gui_x64.exe
2014-12-09 08:57 - 2014-12-09 08:57 - 00000628 _____ () C:\Users\Admin_OT\Desktop\JRT.txt
2014-12-09 07:53 - 2014-12-09 07:53 - 00048162 _____ () C:\Users\Oliver\Desktop\ESET-Scanner.txt
2014-12-08 20:35 - 2014-12-15 22:14 - 00013841 _____ () C:\Users\Oliver\Desktop\FRST.txt
2014-12-08 20:35 - 2014-12-08 20:36 - 00024059 _____ () C:\Users\Oliver\Desktop\Addition.txt
2014-12-08 20:13 - 2014-12-08 20:13 - 00638888 _____ (Oracle Corporation) C:\Users\Oliver\Downloads\jxpiinstall(1).exe
2014-12-08 19:59 - 2014-12-08 20:00 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe
2014-12-08 19:56 - 2014-12-08 19:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-08 19:51 - 2014-12-08 19:52 - 01707646 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT(1).exe
2014-12-08 18:55 - 2014-12-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-08 18:54 - 2014-12-08 19:41 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar
2014-12-08 18:53 - 2014-12-08 18:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Oliver\Desktop\mbar-1.08.2.1001.exe
2014-12-08 18:50 - 2014-12-08 18:53 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Nico Mak Computing
2014-12-08 18:49 - 2014-12-08 18:49 - 00000000 ____D () C:\Users\Oliver\Desktop\wzmp_8
2014-12-08 18:19 - 2014-12-08 18:19 - 04917720 _____ (WinZip International LLC ) C:\Users\Oliver\Desktop\wzmp_8.exe
2014-12-07 22:03 - 2014-12-07 22:03 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieBrowserModeList
2014-12-07 21:33 - 2014-12-09 08:50 - 00000385 _____ () C:\AdwCleanerDebug.txt
2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\SUPERDelete
2014-12-07 16:52 - 2014-12-07 16:52 - 20630616 _____ (SUPERAntiSpyware) C:\Users\Oliver\Downloads\SUPERAntiSpyware.exe
2014-12-07 16:46 - 2014-12-07 16:46 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Kromtech
2014-12-07 16:45 - 2014-12-07 16:46 - 00000000 ____D () C:\ProgramData\Kromtech
2014-12-07 16:45 - 2014-12-07 16:45 - 01148048 _____ (Kromtech) C:\Users\Oliver\Downloads\PCKeeper Installer.exe
2014-12-07 14:02 - 2014-12-10 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-06 19:10 - 2014-12-06 19:10 - 00000000 ____D () C:\Users\Admin_OT\AppData\Roaming\Google
2014-12-06 19:09 - 2014-12-06 19:09 - 00000000 __SHD () C:\Users\Admin_OT\AppData\Local\EmieBrowserModeList
2014-12-06 19:07 - 2014-12-07 17:16 - 00000000 ____D () C:\Program Files (x86)\12ad90c3-6e95-41ff-9132-78dd06d77028
2014-12-06 19:05 - 2014-12-06 19:05 - 00002169 _____ () C:\Windows\patsearch.bin
2014-12-06 19:05 - 2014-12-06 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer
2014-11-26 22:40 - 2014-11-26 22:40 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-11-26 22:39 - 2014-11-26 22:39 - 00000353 _____ () C:\Users\Oliver\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-11-23 03:00 - 2014-11-23 03:03 - 927325765 _____ () C:\Users\Oliver\Downloads\Bilder-Gesamt BANDITO - SPORT - KATALOG 2013-2014-300dpi-RGB (alle Bilder in einer ZIP-DATEI).zip
2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 22:14 - 2014-07-31 20:03 - 00000000 ____D () C:\FRST
2014-12-15 22:10 - 2013-03-23 01:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 22:06 - 2013-02-07 22:34 - 01520296 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 21:53 - 2014-01-24 19:11 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\gnupg
2014-12-14 19:48 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 19:48 - 2013-05-20 13:03 - 00006816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 19:40 - 2013-02-07 22:53 - 00856120 _____ () C:\Windows\PFRO.log
2014-12-14 19:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 19:40 - 2009-07-14 05:51 - 00045641 _____ () C:\Windows\setupact.log
2014-12-14 19:38 - 2014-05-10 14:43 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-12-14 14:03 - 2013-05-20 16:45 - 00000000 ____D () C:\Users\Oliver\Documents\Add-in Express
2014-12-14 14:03 - 2013-05-20 13:01 - 00000000 ____D () C:\Users\Oliver
2014-12-14 13:44 - 2013-02-10 00:30 - 00000000 ____D () C:\ProgramData\Lexware
2014-12-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-14 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-14 03:06 - 2013-08-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 03:06 - 2013-02-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-14 03:02 - 2013-03-22 00:41 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 13:10 - 2013-03-23 01:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-13 13:10 - 2013-02-08 22:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 13:10 - 2013-02-08 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 19:44 - 2014-05-11 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 17:51 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-12-11 17:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-11 17:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-11 17:37 - 2014-04-15 10:12 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Adobe
2014-12-10 22:33 - 2014-05-10 21:56 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-10 22:30 - 2014-08-16 22:03 - 00000000 ____D () C:\Users\Broken Cue\Desktop\Alte Firefox-Daten
2014-12-09 18:22 - 2013-05-18 18:18 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-12-09 17:44 - 2013-02-10 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 08:32 - 2014-07-31 20:04 - 00024932 _____ () C:\Users\Oliver\Downloads\Addition.txt
2014-12-09 08:32 - 2014-07-31 20:03 - 00038741 _____ () C:\Users\Oliver\Downloads\FRST.txt
2014-12-09 07:58 - 2014-08-24 14:34 - 00000000 ____D () C:\Program Files\Google
2014-12-09 07:58 - 2013-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-09 07:57 - 2013-08-06 21:53 - 00001009 _____ () C:\Users\Admin_OT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-08 20:29 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-08 20:14 - 2014-08-07 16:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-08 20:14 - 2014-08-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-08 20:14 - 2013-09-12 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-08 19:04 - 2013-11-24 00:12 - 00000000 ____D () C:\Users\Gast1
2014-12-08 18:54 - 2014-05-11 17:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-08 17:47 - 2014-08-24 14:33 - 00000000 ____D () C:\ProgramData\Google
2014-12-08 17:47 - 2013-11-02 18:17 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Google
2014-12-07 22:04 - 2014-09-07 18:36 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Google
2014-12-07 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-07 00:36 - 2014-05-11 17:36 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-07 00:36 - 2014-05-11 17:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-06 19:10 - 2013-11-23 13:54 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\Google
2014-12-06 19:08 - 2014-08-30 14:05 - 00000000 ____D () C:\Users\Admin_OT\AppData\Local\com
2014-11-26 22:40 - 2013-06-20 15:14 - 00000921 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk
2014-11-21 06:14 - 2014-05-11 17:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-05-11 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 20:51 - 2013-07-26 12:30 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\CoreFTP
2014-11-18 18:23 - 2013-07-04 22:18 - 00000000 ____D () C:\Users\Admin_OT
2014-11-16 13:13 - 2013-05-20 13:00 - 00319064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 03:00 - 2014-04-15 16:54 - 00000000 ____D () C:\Users\Broken Cue\AppData\Roaming\gnupg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 00:59

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Es erscheinen aktuell keine Werbefenster mehr.

Alt 16.12.2014, 20:09   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Standard

Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung
abend, andere, anderen, angemeldet, beheben, doppel, doppelte, firefox, gemeldet, guten, installier, malware, nicht mehr, problem, programme, programmen, punkt, texte, ungewollt, unterstützung, versucht, werbebanner, werbefenster, öffnen, öffnet



Ähnliche Themen: Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung


  1. Firefox öffnet laufend Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 20.04.2015 (16)
  2. Doppelte Unterstreichung und farbige Markierung
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (5)
  3. Werbefenster öffnet sich im Firefox
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (27)
  4. firefox öffnet werbefenster, hoher download
    Plagegeister aller Art und deren Bekämpfung - 16.03.2011 (22)
  5. Firefox öffnet selbstständig Werbefenster
    Log-Analyse und Auswertung - 11.04.2010 (2)
  6. Firefox öffnet ungewollt Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 18.02.2010 (3)
  7. IE öffnet Werbefenster (Firefox Benutzer), Virus msb.exe & b.exe etc.
    Log-Analyse und Auswertung - 27.10.2009 (3)
  8. Firefox öffnet ständig Werbefenster!
    Plagegeister aller Art und deren Bekämpfung - 03.07.2009 (22)
  9. Firefox öffnet Wahllos Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 01.04.2009 (23)
  10. Firefox öffnet unaufgefordert Werbefenster
    Log-Analyse und Auswertung - 19.03.2009 (14)
  11. Firefox öffnet Werbefenster die 4711ste
    Log-Analyse und Auswertung - 12.03.2009 (7)
  12. Firefox öffnet Werbefenster !!
    Plagegeister aller Art und deren Bekämpfung - 22.02.2009 (8)
  13. Firefox öffnet Werbefenster
    Log-Analyse und Auswertung - 11.01.2009 (0)
  14. Firefox öffnet auch bei mir Werbefenster
    Log-Analyse und Auswertung - 08.01.2009 (1)
  15. Firefox öffnet unaufgefordert Werbefenster
    Log-Analyse und Auswertung - 28.09.2008 (16)
  16. IE / Firefox öffnet von alleine Werbefenster
    Log-Analyse und Auswertung - 06.07.2008 (4)
  17. FireFox öffnet Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 24.05.2008 (20)

Zum Thema Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung - Guten Abend, ich habe mich gerade angemeldet und habe so wie viele andere das gleiche Problem, dass seit geraumer Zeit Werbebanner sich ungewollt öffnen und Wörte in Texten unterstrichen sind. - Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung...
Archiv
Du betrachtest: Firefox öffnet Werbefenster, Doppelte Unterstreichung und farbige Markierung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.