Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7: Schwarzbildschirm nach Start des Computers

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.02.2015, 00:11   #1
Nailimixam
 
Win 7: Schwarzbildschirm nach Start des Computers - Icon30

Win 7: Schwarzbildschirm nach Start des Computers



Hallo zusammen,
Mein PC lässt sich seit ein paar Monaten nach dem Start und der Kennworteingabe nicht mehr richtig steuern, da, anstatt dem Desktop nur noch ein Blackscreen zusehen ist...
Als Fehlermeldung erscheint dann: Windows Explorer funktioniert nicht mehr!
Task Manager lässt sich allerdings weiterhin problemlos öffnen und auch davor schien alles ok zu sein.
Außerdem erscheint eine Nachicht, in der steht, dass der Log des Absturzberichtes gespeichert worden sei.
Hier ist er:
Code:
ATTFilter
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
CRITICAL:root:Bootstrap - unhandled error
Traceback (most recent call last):
  File "framework\bootstrap.pyo", line 55, in bootstrap_exe
  File "framework\bootstrap.pyo", line 20, in bootstrap_common
IOError: [Errno 2] No such file or directory: 'nul'
         
Außerdem ist mein PC schon sehr lange mit Werbung verseucht, sodass man, selbst im abgesicherten Modus, nicht mehr richtig im Internet arbeiten kann

Was soll ich tun?

Hier sind die Dateien:
FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015
Ran by Emily (administrator) on EMILY-PC on 06-02-2015 22:33:44
Running from C:\Users\Emily\Desktop
Loaded Profiles: Emily (Available profiles: UpdatusUser & Emily)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-04-28] (Apple Computer, Inc.)
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe [1683456 2013-01-16] (Bandoo Media Inc)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1719944 2013-04-01] (Ask)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [96303304 2014-08-15] (Microsoft Corporation)
HKLM\...\Run: [tvjbmonitor] => C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [53248 2006-12-26] ()
HKLM\...\Run: [fst_de_122] => [X]
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Google Update] => "C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Yontoo Desktop] => C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-02-02] (Yontoo LLC)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [AqjiJzed] => regsvr32.exe "C:\ProgramData\AqjiJzed\AqjiJzed.dat"
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Agenlywuybugfyv] => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe [309950 2011-11-13] (Meskisift Corporatien)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-16] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-08-22] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files\searchprotect\searchprotect\bin\spvc32loader.dll [187328 2014-08-06] (Client Connect LTD)
AppInit_DLLs:  c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll => c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll File Not Found
AppInit_DLLs:  c:\progra~1\suppor~1\suppor~1.dll => c:\Program Files\Supporter\Supporter.dll [4312064 2014-08-12] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.calcitapp.info/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1402691963&from=wpm0612&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=1E6B00262DC151E5&affID=119357&tsp=5019
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402691963&from=wpm0612&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0100161247274674&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=58&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DB5647D9A3684441AA70332AE49C6722 URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0100161247274674&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=58&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1E6B00262DC151E5&affID=119357&tsp=5019
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {4EEBDE03-4A52-43BC-A88B-B93E1A516942} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647959&src=kw&q={searchTerms}&locale=&apn_ptnrs=^8Q&apn_dtid=^YYYYYY^YY^DE&apn_uid=cabddbfa-b761-46ae-9501-77a247c4e860&apn_sauid=A0B9820A-406E-4682-A081-17EC3CD212F6
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox
BHO: Plus-HD-1.3 -> {11111111-1111-1111-1111-110311121157} -> C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-bho.dll (Plus HD)
BHO: Browsers Apps -> {11111111-1111-1111-1111-110611171187} -> C:\Program Files\Browsers Apps\Browsers Apps-bho.dll (app)
BHO: Speed Analysis 2 -> {18DBB6CE-3148-4FEC-B481-103CB3290427} -> C:\Program Files\Speed Analysis 2\ScriptHost.dll (SpeedAnalysis.com)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: RegULArDeeaals -> {A63F6A27-6960-FFE7-5313-A90C10BAD43D} -> C:\ProgramData\RegULArDeeaals\2Ki.dll ()
BHO: Zula Games -> {A9337080-7CBF-4E3E-80C1-3867BEDD88E0} -> C:\Program Files\Zula Games\ScriptHost.dll (ZulaGames.com)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO: DataMngr -> {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -> C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
BHO: VirtualDJ Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
BHO: cosstminn -> {F0957C89-1479-61BB-1BCF-C64ED7C8EDC8} -> C:\Program Files\cosstminn\Znza9uVUEX.dll ()
BHO: Search-Results Toolbar -> {f34c9277-6577-4dff-b2d7-7d58092f272f} -> C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
BHO: PricePeep -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
BHO: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files\Yontoo\YontooIEClient.dll No File
BHO: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM - Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM - VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\.DEFAULT -> VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384535333&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869

FireFox:
========
FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB
FF DefaultSearchEngine: Trovi search
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/O1DPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml
FF Extension: Re-markit - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 [2013-11-15]
FF Extension: Plus-HD-1.3 - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com [2014-08-12]
FF Extension: Fast Start - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\faststartff@gmail.com [2014-08-04]
FF Extension: Delta Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\ffxtlbr@delta.com [2013-09-25]
FF Extension: Browsers App - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\herman.thorne45@outlook.com [2014-08-04]
FF Extension: RegulaRDeaals - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\ii.obkb@m-dlr.com [2014-08-19]
FF Extension: cosstminn - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com [2014-08-12]
FF Extension: No Name - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com [2013-11-15]
FF Extension: shortcut - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\shortcutff@gmail.com [2014-08-04]
FF Extension: VirtualDJ Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\toolbar@ask.com [2013-05-05]
FF Extension: Plus-HD-1.3c - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com [2014-08-22]
FF Extension: Search-Results Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2013-02-01]
FF Extension: Iminent - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\firefoxmini@go.im.xpi [2014-08-12]
FF Extension: superfish - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\jid1-tce47bzfSrBDXQ@jetpack.xpi [2014-08-15]
FF Extension: PricePeep - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com.xpi [2013-11-05]
FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\shortcutff@gmail.com
FF HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Re-\x6d\x61rkit) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel [2013-11-15]
CHR Extension: (cosstminn) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh [2014-08-12]
CHR Extension: (No Name) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg [2014-08-04]
CHR Extension: (Plus-HD-1.3) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl [2013-11-15]
CHR Extension: (No Name) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2013-09-28]
CHR HKLM\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Emily\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx [2013-06-11]
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Emily\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-25]
CHR HKLM\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\Emily\AppData\Roaming\zulagames\zulagames.crx [2013-07-01]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 40030ae4; c:\Program Files\Supporter\SupporterSvc.dll [174416 2014-08-12] () [File not signed]
S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-28] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-28] (BonanzaDeals)
S2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-04] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-04] (globalUpdate) [File not signed]
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [761968 2014-06-12] (Cherished Technololgy LIMITED)
S2 NewVideoPlayerUpdaterService; C:\Program Files\NewPlayer\NewVideoPlayerUpdaterService.exe [11776 2014-08-12] () [File not signed]
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
S2 scores; C:\Windows\score.exe [4816384 2014-07-30] () [File not signed]
S2 servervo; C:\Users\Emily\AppData\Roaming\VOPackage\VOsrv.exe [73728 2014-08-04] () [File not signed] <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [540304 2014-06-11] (Cherished Technololgy LIMITED)
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
S2 Yontoo Desktop Updater; C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-02-02] (Yontoo LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech                  )
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2010-07-26] (NVIDIA Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S1 cbbjpzjo; \??\C:\Windows\system32\drivers\cbbjpzjo.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 22:33 - 2015-02-06 22:34 - 00026227 _____ () C:\Users\Emily\Desktop\FRST.txt
2015-02-06 22:33 - 2015-02-06 22:33 - 00000000 ____D () C:\FRST
2015-02-06 22:32 - 2015-02-06 22:33 - 00000000 ___RD () C:\Users\Emily\Desktop\Emilys Programme
2015-02-06 22:31 - 2015-02-06 22:31 - 01123328 _____ (Farbar) C:\Users\Emily\Desktop\FRST.exe
2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 _____ () C:\Users\Emily\defogger_reenable
2015-02-06 22:01 - 2015-02-06 22:01 - 00000000 ____D () C:\Program Files\WaIntEnhance
2015-02-06 21:19 - 2015-02-06 22:58 - 00000000 ____D () C:\689882de6eaabdefc8
2015-02-06 20:07 - 2015-02-06 20:07 - 00000000 ____D () C:\ProgramData\Systweak
2015-02-06 19:58 - 2015-02-06 22:32 - 00000000 ____D () C:\Users\Emily\Desktop\AntiVirus Programme
2015-02-06 19:54 - 2015-02-06 19:54 - 00000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:52 - 2015-02-06 19:52 - 00006576 ____N () C:\bootsqm.dat
2015-02-06 19:51 - 2015-02-06 19:51 - 00000000 __SHD () C:\found.000
2015-02-06 19:46 - 2015-02-06 19:46 - 00000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}
2015-02-06 19:45 - 2015-02-06 19:45 - 00000000 ____D () C:\Users\Emily\AppData\Local\SearchProtect
2015-02-05 19:40 - 2015-02-05 19:40 - 00000000 ____D () C:\Program Files\VS Revo Group

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 22:58 - 2014-09-05 14:58 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\InetStat
2015-02-06 22:58 - 2014-08-22 20:56 - 00000000 ____D () C:\Windows\system32\SPReview
2015-02-06 22:58 - 2014-08-19 19:21 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Qaoxxie
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\Program Files\PepperZip
2015-02-06 22:58 - 2014-06-13 21:40 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\337Games
2015-02-06 22:58 - 2014-03-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.0
2015-02-06 22:58 - 2013-11-15 18:21 - 00000000 ____D () C:\Program Files\Plus-HD-1.3
2015-02-06 22:58 - 2013-11-15 18:08 - 00000000 ____D () C:\Program Files\PricePeep
2015-02-06 22:58 - 2013-11-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2015-02-06 22:58 - 2013-11-15 17:19 - 00000000 ____D () C:\Program Files\Advanced System Protector
2015-02-06 22:58 - 2013-09-28 14:19 - 00000000 ____D () C:\Program Files\BonanzaDeals
2015-02-06 22:58 - 2013-09-25 16:39 - 00000000 ____D () C:\Program Files\77zip
2015-02-06 22:58 - 2013-08-04 15:10 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\.minecraft
2015-02-06 22:58 - 2013-05-11 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
2015-02-06 22:58 - 2013-02-25 14:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Yontoo
2015-02-06 22:58 - 2013-02-25 14:01 - 00000000 ____D () C:\Program Files\Yontoo
2015-02-06 22:58 - 2013-02-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fessie
2015-02-06 22:58 - 2012-11-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-02-06 22:58 - 2010-08-09 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-06 22:58 - 2010-08-09 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack
2015-02-06 22:58 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-06 22:57 - 2013-11-15 17:18 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Systweak
2015-02-06 22:54 - 2014-08-12 10:57 - 00000000 ____D () C:\Program Files\SearchProtect
2015-02-06 22:54 - 2011-11-06 17:20 - 00000000 ____D () C:\Program Files\Purplehills
2015-02-06 22:54 - 2011-04-28 22:44 - 00000000 ____D () C:\Program Files\Trend
2015-02-06 22:54 - 2011-04-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
2015-02-06 22:54 - 2010-08-09 13:53 - 00000000 ____D () C:\Program Files\Realtek
2015-02-06 22:53 - 2013-05-11 08:35 - 00000000 ____D () C:\Program Files\LEGO Media
2015-02-06 22:53 - 2012-01-11 17:55 - 00000000 __RHD () C:\MSOCache
2015-02-06 22:53 - 2011-04-28 22:31 - 00000000 ____D () C:\Program Files\Disney Interactive Studios
2015-02-06 22:53 - 2010-08-09 13:13 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-06 22:53 - 2010-08-09 13:11 - 00000000 ____D () C:\Program Files\Medion MediaPack
2015-02-06 22:30 - 2011-04-28 20:33 - 00000000 ____D () C:\Users\Emily
2015-02-06 22:19 - 2011-04-28 20:27 - 01617496 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 22:06 - 2010-07-06 21:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 22:05 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\mozilla firefox
2015-02-06 22:02 - 2010-07-07 19:31 - 00045218 _____ () C:\Windows\PFRO.log
2015-02-06 22:00 - 2014-08-19 19:21 - 00000802 _____ () C:\Windows\Tasks\Security Center Update - 2034009945.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00003110 _____ () C:\Windows\Tasks\630346e9-1d7d-4aa1-b264-7e5276cba78a.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00002082 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5_user.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00002082 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00002066 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-4.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00001582 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-1.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00001360 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-2.job
2015-02-06 22:00 - 2014-08-04 10:04 - 00001284 _____ () C:\Windows\Tasks\4503c635-3e57-4083-ab3f-d96f93597eb9.job
2015-02-06 22:00 - 2014-08-04 10:03 - 00003792 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-11.job
2015-02-06 22:00 - 2014-08-04 10:03 - 00003110 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-3.job
2015-02-06 22:00 - 2014-08-04 10:03 - 00000874 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-06 22:00 - 2014-05-02 15:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-02-06 22:00 - 2013-11-15 18:24 - 00001284 _____ () C:\Windows\Tasks\Plus-HD-1.3-updater.job
2015-02-06 22:00 - 2013-11-15 18:24 - 00001086 _____ () C:\Windows\Tasks\Plus-HD-1.3-enabler.job
2015-02-06 22:00 - 2013-11-15 18:23 - 00001186 _____ () C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2015-02-06 22:00 - 2013-11-15 18:22 - 00001882 _____ () C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2015-02-06 22:00 - 2013-11-15 18:22 - 00001806 _____ () C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
2015-02-06 22:00 - 2013-11-15 18:22 - 00000328 _____ () C:\Windows\Tasks\dsmonitor.job
2015-02-06 22:00 - 2013-09-28 14:20 - 00000908 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2015-02-06 22:00 - 2013-02-02 17:32 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 21:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 21:59 - 2009-07-14 05:39 - 00088866 _____ () C:\Windows\setupact.log
2015-02-06 21:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-06 21:39 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 21:39 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 20:29 - 2010-08-09 13:53 - 00000000 ___HD () C:\Program Files\Temp

==================== Files in the root of some directories =======

2014-08-04 11:14 - 2014-08-04 11:14 - 0000314 _____ () C:\Users\Emily\AppData\Roaming\aps.uninstall.scan.results
2013-09-25 16:37 - 2013-09-25 16:36 - 0030894 _____ () C:\Users\Emily\AppData\Roaming\speedanalysis.ico
2011-06-18 18:20 - 2011-06-18 18:20 - 0018392 _____ () C:\Users\Emily\AppData\Roaming\UserTile.png
2013-09-28 16:08 - 2014-08-22 21:24 - 0000182 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2014-01-03 18:58 - 2014-01-03 18:58 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-09-28 16:08 - 2014-02-01 15:57 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-TTL.DAT
2014-08-04 11:12 - 2014-08-04 11:12 - 0590952 _____ (ClickMeIn Limited) C:\Users\Emily\AppData\Local\nst139B.tmp
2014-08-19 20:10 - 2014-08-19 20:10 - 0007605 _____ () C:\Users\Emily\AppData\Local\Resmon.ResmonCfg
2015-02-06 19:54 - 2015-02-06 19:54 - 0000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:46 - 2015-02-06 19:46 - 0000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}

Some content of TEMP:
====================
C:\Users\Emily\AppData\Local\Temp\ApnStub.exe
C:\Users\Emily\AppData\Local\Temp\BackupSetup.exe
C:\Users\Emily\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Emily\AppData\Local\Temp\dlLogic.exe
C:\Users\Emily\AppData\Local\Temp\dltr.exe
C:\Users\Emily\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Emily\AppData\Local\Temp\GCVerifier.dll
C:\Users\Emily\AppData\Local\Temp\ICReinstall_Setup.exe
C:\Users\Emily\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Emily\AppData\Local\Temp\nsc6C7C.exe
C:\Users\Emily\AppData\Local\Temp\nshD350.exe
C:\Users\Emily\AppData\Local\Temp\nsmCDF2.exe
C:\Users\Emily\AppData\Local\Temp\nsx718C.exe
C:\Users\Emily\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Emily\AppData\Local\Temp\propsys.dll
C:\Users\Emily\AppData\Local\Temp\rmktmps.exe
C:\Users\Emily\AppData\Local\Temp\Setup.exe
C:\Users\Emily\AppData\Local\Temp\Setup_V2.exe
C:\Users\Emily\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Emily\AppData\Local\Temp\UpdateFlashPlayer_3c1d8f9f.exe
C:\Users\Emily\AppData\Local\Temp\verifier.exe
C:\Users\Emily\AppData\Local\Temp\_is2664.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-30 06:23

==================== End Of Log ============================
         
Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015
Ran by Emily at 2015-02-06 22:34:30
Running from C:\Users\Emily\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

337 GAMES (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\337Games) (Version: 1.1.1.0 - ) <==== ATTENTION
77zip (HKLM\...\77zip) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
Advanced System Protector (HKLM\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12150 - Systweak Software) <==== ATTENTION
Angry Birds Rio (HKLM\...\{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}) (Version: 1.4.2 - Rovio)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.17.6.0 - Ask.com) <==== ATTENTION
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Bonanza Deals (remove only) (HKLM\...\Bonanza Deals) (Version: 5.0.1.0 - Bonanza Deals) <==== ATTENTION
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browsers Apps (HKLM\...\Browsers Apps) (Version: 1.34.7.29 - app) <==== ATTENTION
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
cosstminn (HKLM\...\{CE681A67-9477-CBE6-EB9D-FE534875F98D}) (Version: 2.0.0.1476 - cosstminn) <==== ATTENTION
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Delta toolbar   (HKLM\...\delta) (Version: 1.8.24.6 - Delta) <==== ATTENTION
Disney Rapunzel (HKLM\...\{AEAEA61F-ECE0-4528-AD7A-8A916F5F576E}) (Version: 1.00.0000 - Disney Interactive Studios)
DriverScanner (HKLM\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.11.2 - Uniblue Systems Ltd)
EG21 Vokabelkartei interaktiv 1 (HKLM\...\{A036DB99-B62F-4110-8D87-9DF0D6DC4022}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
EG21 Vokabelkartei interaktiv 2 (HKLM\...\{D9C1E527-F7B8-4C32-8186-E59DDD38C475}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Euro Truck Simulator 2 (HKLM\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.0.2 - SCS Software)
Fessie 1.01 (HKLM\...\Fessie) (Version: 1.01 - Connecta AG)
Globy (HKLM\...\Globy) (Version:  - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HyperBalloidCE (HKLM\...\HyperBalloidCE) (Version:  - )
iLivid (HKLM\...\iLivid) (Version: 4.0.0.2466 - Bandoo Media Inc) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java(TM) 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
LEGO Schach (HKLM\...\LegoChessDeInstKey) (Version:  - )
Lernspaß 4 (HKLM\...\{F932A61A-4FAD-4390-8163-AB50F5FDE61B}) (Version: 1.00.0000 - Terzio Verlag)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Monster Training Einmaleins (HKLM\...\{5F87EF36-A373-11D5-AA2E-0008C760B784}) (Version:  - )
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mysteryville 2 (HKLM\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.2.7 - ) <==== ATTENTION
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
Ottifanten Ostfriesen Lemminge in Not (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Ottifanten Ostfriesen Lemminge in Not) (Version: V1.000000 - )
Pearl Poppers (HKLM\...\Pearl Poppers) (Version:  - )
PepperZip 1.0 (HKLM\...\PepperZip) (Version: 1.0 - PepperWare Co.) <==== ATTENTION
Plus-HD-1.3 (HKLM\...\Plus-HD-1.3) (Version: 1.30.153.0 - Plus HD) <==== ATTENTION
PricePeep (HKLM\...\PricePeep) (Version: 2.2.0.4 - betwikx LLC) <==== ATTENTION
ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.5 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
RegULArDeeaals (HKLM\...\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}) (Version:  - RegularDealS) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Search Protect (HKLM\...\SearchProtect) (Version: 2.16.20.192 - Client Connect LTD) <==== ATTENTION
Search-Results Toolbar (HKLM\...\ilividtoolbarguid) (Version: 1.0.0.12 - APN LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speed Analysis 2 (HKLM\...\Speed Analysis 2) (Version: 1.0.0.3 - SpeedAnalysis.com) <==== ATTENTION
Supporter 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}) (Version:  - Costmin) <==== ATTENTION
SupTab (HKLM\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Great Mahjongg (HKLM\...\The Great Mahjongg) (Version:  - )
TV Jukebox 3.0 (HKLM\...\{F3F1D08D-ABEF-4528-8383-54C46369EBB6}) (Version: 3.00.000 - Meta Media Inc)
Update for Zip Extractor (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\DigitalSite) (Version:  - ) <==== ATTENTION
Versteckt - Entdeckt! Fantasy (HKLM\...\{FD2A02A5-C285-11DC-AA69-00E07DDCAF19}) (Version: 1.00.0000 - Terzio Verlag)
VirtualDJ Home FREE (HKLM\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
VirtualDJ Toolbar Updater (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.3.42067 - Ask.com) <==== ATTENTION
Vokabelkartei interaktiv À plus! 1 (HKLM\...\{C7BD31A9-B17E-4125-8AE6-217C1FF8BE10}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
webssearches uninstall (HKLM\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WindowsMangerProtect20.0.0.502 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version:  - )
Yontoo 2.04 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.04 - Yontoo LLC) <==== ATTENTION
Zip Extractor Packages (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION
Zula Games (HKLM\...\Zula Games) (Version: 1.0.0.5 - ZulaGames.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

19-08-2014 19:55:43 Windows 7 Service Pack 1
22-08-2014 20:54:00 Windows Update
30-08-2014 06:09:18 Windows Update
03-09-2014 19:17:15 Windows Update
05-09-2014 14:04:45 Windows Update
19-09-2014 18:19:09 Windows Update
19-09-2014 22:36:23 Windows Update
04-11-2014 12:39:28 Windows Update
06-02-2015 21:19:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {091F344D-E5A6-40D2-B9C6-98AD2E6CDC50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001UA => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0F79F89E-AB7B-4427-A5D0-E526E854BC0E} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28] (BonanzaDeals) <==== ATTENTION
Task: {13807DC3-5338-4132-84C1-05A3EB4BE663} - System32\Tasks\{E0FF7EA4-B9D4-41E6-AD9E-7E276684870D} => Firefox.exe 
Task: {1919DD8E-F94C-486F-AC20-F6742C9F48B1} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-08-04] (globalUpdate) <==== ATTENTION
Task: {1AE39EE7-D956-47D8-8B8F-99545773C4EF} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5 => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe [2014-08-04] (app) <==== ATTENTION
Task: {1EA54341-B93F-48CB-B4D7-23B742295B26} - System32\Tasks\4503c635-3e57-4083-ab3f-d96f93597eb9 => C:\Program Files\Browsers Apps\4503c635-3e57-4083-ab3f-d96f93597eb9.exe [2014-08-04] (app) <==== ATTENTION
Task: {2556386A-FF62-4252-89C3-77993D968A45} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {2A766783-D4C0-444E-8728-5117E59D3084} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {31980257-7A9E-4F7B-9C20-994AAD950AC7} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-15] (Plus HD) <==== ATTENTION
Task: {31F7DA48-CCA9-463C-90DC-C85A98190360} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {35B0D312-4D59-4C8C-976E-7C0D5D88EBD0} - System32\Tasks\{1FD47CF6-8F71-479D-99D6-0872FB2552A0} => Firefox.exe 
Task: {3EE67D8C-8256-43D8-92E4-B85AEBBA367B} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {40745BDD-34A3-490C-A3F3-F5DCDD570AEE} - System32\Tasks\DigitalSite => C:\Users\Emily\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {48953138-6F84-4657-937E-E7C0BA169CC1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {519CF277-3303-4F04-B973-BE1753D8D53C} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5_user => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe [2014-08-04] (app) <==== ATTENTION
Task: {5362DDBA-8336-41A8-A765-D0A3400AF97A} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-2 => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-2.exe [2014-08-04] (app) <==== ATTENTION
Task: {56EB955E-960D-436E-B20E-E9948070B426} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {733E8250-2532-4C70-A3DF-36E8FC0F1605} - System32\Tasks\{7A1D3718-8647-4D69-A2DC-E4EE9D091E84} => pcalua.exe -a C:\Windows\unin0407.exe -c -f"C:\Program Files\LEGO Media\Games\LEGO Schach\DeIsL1.isu"
Task: {74594B69-0BB8-44EE-B890-2AFA1E305251} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28] (BonanzaDeals) <==== ATTENTION
Task: {78A1D2FF-F98C-4648-B66E-41A929EFAE5C} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-15] (Plus HD) <==== ATTENTION
Task: {9090C07D-BB56-4A88-92F1-C0BCC695987C} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-15] (Plus HD) <==== ATTENTION
Task: {93EB4661-9979-4763-B502-0694248682D0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-08-04] (globalUpdate) <==== ATTENTION
Task: {AD8B97EB-5D18-47A3-9608-AE6F9C54971E} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-4 => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe [2014-08-04] (app) <==== ATTENTION
Task: {AFB3CE8F-EF27-4816-BAC2-B7CDC755D0BB} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-15] (Plus HD) <==== ATTENTION
Task: {B9410FCF-FACF-4ECF-AF3B-F3D70AA17553} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {BABD4B37-739E-42B0-B90E-FA69521B1035} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-15] (Plus HD) <==== ATTENTION
Task: {BBE5EF2B-A1B8-4A66-AEDF-030CEC110FD8} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-11 => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-11.exe [2014-08-04] (app) <==== ATTENTION
Task: {C608BD0D-3ABC-4E57-8A2B-65D8E95EF791} - System32\Tasks\{1FAF4A1B-0C2D-4ABB-812E-78E6585C27EC} => Firefox.exe 
Task: {C676B7DD-EFDF-4F04-805D-70D9DF6023B9} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-01] () <==== ATTENTION
Task: {C6E7652E-26B9-4F11-B691-D47C016E3724} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-3 => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-3.exe [2014-08-04] (app) <==== ATTENTION
Task: {D442CA26-6A70-44F9-B2E8-1471DF52FCB6} - System32\Tasks\EPUpdater => C:\Users\Emily\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () <==== ATTENTION
Task: {D57D3D7C-7D67-40C6-A94B-332BCA38E78A} - System32\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-1 => C:\Program Files\Browsers Apps\Browsers Apps-codedownloader.exe [2014-08-04] (app) <==== ATTENTION
Task: {D5F6E2C0-B410-40F2-A544-0698068D997D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001Core => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D7E26F09-6232-4118-9E4E-B5DE84C39FA4} - System32\Tasks\630346e9-1d7d-4aa1-b264-7e5276cba78a => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe [2014-08-04] (app) <==== ATTENTION
Task: {E72A77BE-4287-42F5-99C8-E487200CA702} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EAF3D1B9-45CE-4275-8D98-DCDA8F3697FF} - System32\Tasks\dsmonitor => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2013-10-16] (Uniblue Systems Ltd)
Task: {ED4B58D8-34A2-45DB-A477-850F21DCE080} - System32\Tasks\Advanced System Protector_startup => C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe [2013-10-04] (Systweak) <==== ATTENTION
Task: {F5BA07E2-72EE-4258-8F67-2171E541A678} - System32\Tasks\Security Center Update - 2034009945 => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe [2011-11-13] (Meskisift Corporatien) <==== ATTENTION
Task: {FAC5AEDC-E380-4246-8289-273225370801} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\4503c635-3e57-4083-ab3f-d96f93597eb9.job => C:\Program Files\Browsers Apps\4503c635-3e57-4083-ab3f-d96f93597eb9.exe <==== ATTENTION
Task: C:\Windows\Tasks\630346e9-1d7d-4aa1-b264-7e5276cba78a.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-1.job => C:\Program Files\Browsers Apps\Browsers Apps-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-11.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-2.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-3.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-4.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5_user.job => C:\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Emily\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001Core.job => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001UA.job => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2034009945.job => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-07-16 18:30 - 2014-07-16 18:31 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2221341230-3600195835-1468495209-500 - Administrator - Disabled)
Emily (S-1-5-21-2221341230-3600195835-1468495209-1001 - Administrator - Enabled) => C:\Users\Emily
Gast (S-1-5-21-2221341230-3600195835-1468495209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2221341230-3600195835-1468495209-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2221341230-3600195835-1468495209-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 10:00:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051f45
ID des fehlerhaften Prozesses: 0xb34
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (02/06/2015 10:49:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (02/06/2015 10:49:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (02/06/2015 09:36:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051f45
ID des fehlerhaften Prozesses: 0xb54
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (02/06/2015 08:07:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051f45
ID des fehlerhaften Prozesses: 0xa74
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (02/06/2015 07:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051f45
ID des fehlerhaften Prozesses: 0xaa4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (02/05/2015 09:10:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051f45
ID des fehlerhaften Prozesses: 0xc94
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (02/05/2015 09:07:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - Wajam; Fehler = 0x8007043c).

Error: (02/05/2015 09:05:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - InetStat; Fehler = 0x8007043c).

Error: (02/05/2015 09:00:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - Ottifanten Ostfriesen Lemminge in Not; Fehler = 0x8007043c).


System errors:
=============
Error: (02/06/2015 10:32:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/06/2015 10:32:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/06/2015 10:32:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/06/2015 10:31:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (02/06/2015 10:31:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (02/06/2015 10:30:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/06/2015 10:30:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/06/2015 10:30:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/06/2015 10:30:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/06/2015 10:30:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (02/06/2015 10:00:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500051f45b3401d0424fea0dd4a1C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll298ced37-ae43-11e4-9520-00262dc151e5

Error: (02/06/2015 10:49:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (02/06/2015 10:49:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (02/06/2015 09:36:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500051f45b5401d0424c93b9c23eC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dlld47a3499-ae3f-11e4-a491-e6ac53c89d7f

Error: (02/06/2015 08:07:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500051f45a7401d042401904f7a6C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll5b19cec8-ae33-11e4-b855-d7e86dfa4961

Error: (02/06/2015 07:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500051f45aa401d0423d0ed535a5C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll5d433033-ae30-11e4-9adf-00262dc151e5

Error: (02/05/2015 09:10:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500051f45c9401d0417fc6093671C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll05fa9114-ad73-11e4-83aa-00262dc151e5

Error: (02/05/2015 09:07:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"Revo Uninstaller's restore point - Wajam0x8007043c

Error: (02/05/2015 09:05:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"Revo Uninstaller's restore point - InetStat0x8007043c

Error: (02/05/2015 09:00:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"Revo Uninstaller's restore point - Ottifanten Ostfriesen Lemminge in Not0x8007043c


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 3253.42 MB
Available physical RAM: 1652.7 MB
Total Pagefile: 6505.12 MB
Available Pagefile: 4934.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.17 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:507.88 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:9.61 GB) NTFS
Drive e: (22 Jul 2014) (CDROM) (Total:4.38 GB) (Free:2.51 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         
und gmer.txt:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-06 22:48:01
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Emily\AppData\Local\Temp\kwdoapod.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13F9                                                          8228F829 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                             822B4132 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.reloc          C:\Windows\system32\drivers\acehlp10.sys                                                           section is executable [0x8DD89B80, 0x380E2, 0xE0000060]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[1308] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F  76FCC0A7 7 Bytes  JMP 6AB784D6 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1308] kernel32.dll!CloseHandle + 38                   76FD05CF 7 Bytes  JMP 6AB784F9 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1308] kernel32.dll!GetExitCodeProcess + 2C            76FD311D 7 Bytes  JMP 6A1F3A32 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1308] USER32.dll!GetWindowInfo                        75506A82 5 Bytes  JMP 6A91141D C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1308] GDI32.dll!GetViewportOrgEx + 21C                76CE85EB 7 Bytes  JMP 6AB78457 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                            Wdf01000.sys

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                 [8B090600] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {JMP 0xf5b0675a}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                      [8B090600] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {JMP 0xf5b0675a}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                      [8B090600] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {JMP 0xf5b0675a}

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                              unknown MBR code

---- Files - GMER 2.1 ----

File            C:\Windows\system32\drivers\iaStor.sys                                                             suspicious modification

---- EOF - GMER 2.1 ----
         
Ich würde mich freuen, wenn ihr eine Lösung für mich habt !
Vielen dank für die Mühe
LG Nailimixam

Alt 07.02.2015, 01:02   #2
sunjojo
/// Malwareteam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Hallo Nailimixam,

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:
Regeln zum Ablauf der Bereinigung
  • Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
  • Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
    • Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
  • Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).
  • Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.
  • Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
    • Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.
Hinweis
  • Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.

Dann fangen wir mal an . Ich hab das jetzt so verstanden, dass du nicht im normalen Modus arbeiten kannst. Wenn das so ist, führe bitte die nächsten Schritte im Abgesicherten Modus mit Netzwerktreibern aus.


Schritt 1
Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke dann auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird auch noch eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.

Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Poste folgende Logfiles in deiner nächsten Antwort:
  • MBRMastr_<date>_<time>.txt
  • Combofix.txt
__________________

__________________

Geändert von sunjojo (07.02.2015 um 01:30 Uhr)

Alt 07.02.2015, 13:19   #3
Nailimixam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Hallo Jonas,
Hab nun beides ausgeführt, beim ersten Programm (Emsisoft MBR Master) kam jedoch beim Ausführen des Programmes folgende Fehlermeldung:
Could not create driver service (Error code:1073)

Hier ist das Logfile von Combofix (1/2):
Code:
ATTFilter
ComboFix 15-02-02.01 - Emily 07.02.2015  11:38:28.1.4 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3253.2144 [GMT 1:00]
ausgeführt von:: c:\users\Emily\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\NewPlayer
c:\program files\NewPlayer\AddOn\ChromeAddon\contentscript.js
c:\program files\NewPlayer\AddOn\ChromeAddon\manifest.json
c:\program files\NewPlayer\AddOn\ChromeAddon\script.js
c:\program files\NewPlayer\AddOn\Thumbs.db
c:\program files\NewPlayer\AddonNP.exe
c:\program files\NewPlayer\dotNetFx40_Full_setup.exe
c:\program files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\contentscript.js
c:\program files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json
c:\program files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js
c:\program files\NewPlayer\FrameworkControl.exe
c:\program files\NewPlayer\icon.ico
c:\program files\NewPlayer\jid1-tce47bzfSrBDXQ@jetpack.xpi
c:\program files\NewPlayer\Languages\Arabic.ini
c:\program files\NewPlayer\Languages\Bulgarian.ini
c:\program files\NewPlayer\Languages\Catalan.ini
c:\program files\NewPlayer\Languages\ChineseS.ini
c:\program files\NewPlayer\Languages\ChineseT.ini
c:\program files\NewPlayer\Languages\Czech.ini
c:\program files\NewPlayer\Languages\Danish.ini
c:\program files\NewPlayer\Languages\Dutch.ini
c:\program files\NewPlayer\Languages\English.ini
c:\program files\NewPlayer\Languages\Estonian.ini
c:\program files\NewPlayer\Languages\Finnish.ini
c:\program files\NewPlayer\Languages\French.ini
c:\program files\NewPlayer\Languages\German.ini
c:\program files\NewPlayer\Languages\Greek.ini
c:\program files\NewPlayer\Languages\HaitianCreole.ini
c:\program files\NewPlayer\Languages\Hebrew.ini
c:\program files\NewPlayer\Languages\Hindi.ini
c:\program files\NewPlayer\Languages\Hungarian.ini
c:\program files\NewPlayer\Languages\Indonesian.ini
c:\program files\NewPlayer\Languages\Italian.ini
c:\program files\NewPlayer\Languages\Japanese.ini
c:\program files\NewPlayer\Languages\Korean.ini
c:\program files\NewPlayer\Languages\Latvian.ini
c:\program files\NewPlayer\Languages\Lithuanian.ini
c:\program files\NewPlayer\Languages\Norwegian.ini
c:\program files\NewPlayer\Languages\Polish.ini
c:\program files\NewPlayer\Languages\Portuguese.ini
c:\program files\NewPlayer\Languages\Romanian.ini
c:\program files\NewPlayer\Languages\Russian.ini
c:\program files\NewPlayer\Languages\Slovak.ini
c:\program files\NewPlayer\Languages\Slovenian.ini
c:\program files\NewPlayer\Languages\Spanish.ini
c:\program files\NewPlayer\Languages\Swedish.ini
c:\program files\NewPlayer\Languages\Thai.ini
c:\program files\NewPlayer\Languages\Turkish.ini
c:\program files\NewPlayer\Languages\Ukrainian.ini
c:\program files\NewPlayer\Languages\Vietnamese.ini
c:\program files\NewPlayer\LTV2.exe
c:\program files\NewPlayer\NewPlayer.uidnum
c:\program files\NewPlayer\NewPlayerUpdate.xml
c:\program files\NewPlayer\Newtonsoft.Json.dll
c:\program files\NewPlayer\NewVideoPlayer.exe
c:\program files\NewPlayer\NewVideoPlayerUpdater.exe
c:\program files\NewPlayer\NewVideoPlayerUpdaterService.exe
c:\program files\NewPlayer\NewVideoPlayerUpdaterService.InstallLog
c:\program files\NewPlayer\NewVideoPlayerUpdaterService.InstallState
c:\program files\NewPlayer\PhotoLoader.dll
c:\program files\NewPlayer\policy.2.0.taglib-sharp.config
c:\program files\NewPlayer\policy.2.0.taglib-sharp.dll
c:\program files\NewPlayer\references\extaudio.png
c:\program files\NewPlayer\references\extvideo.png
c:\program files\NewPlayer\references\ffmpeg.exe
c:\program files\NewPlayer\references\folder.png
c:\program files\NewPlayer\references\Interop.SHDocVw.dll
c:\program files\NewPlayer\references\libreria.png
c:\program files\NewPlayer\references\NDde.dll
c:\program files\NewPlayer\references\NewPlayerChecker.exe
c:\program files\NewPlayer\references\Newtonsoft.Json.dll
c:\program files\NewPlayer\references\PhotoLoader.dll
c:\program files\NewPlayer\references\policy.2.0.taglib-sharp.config
c:\program files\NewPlayer\references\policy.2.0.taglib-sharp.dll
c:\program files\NewPlayer\references\taglib-sharp.dll
c:\program files\NewPlayer\references\Thumbs.db
c:\program files\NewPlayer\taglib-sharp.dll
c:\program files\NewPlayer\uninstall.exe
c:\program files\NewPlayer\uninstall.log
c:\program files\NewPlayer\UninstallAddons.exe
c:\program files\NewPlayer\Windows\icon-play.ico
c:\program files\NewPlayer\Windows\ifishplayer-icon.ico
c:\program files\NewPlayer\Windows\Thumbs.db
c:\program files\PricePeep
c:\program files\PricePeep\installer.ico
c:\program files\PricePeep\prICepeep.dll
c:\program files\PricePeep\uninstall.exe
c:\program files\PricePeep\unutil.exe
c:\program files\Probit Software\Easy Speed PC
c:\program files\Probit Software\Easy Speed PC\ESPCSmartScan.exe
c:\program files\Search Results Toolbar\Datamngr
c:\program files\Search Results Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Search Results Toolbar\Datamngr\datamngr.dll
c:\program files\Search Results Toolbar\Datamngr\datamngrUI.exe
c:\program files\Search Results Toolbar\Datamngr\DnsBHO.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF16.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF17.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF18.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\RequestPreserver.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Search Results Toolbar\Datamngr\IEBHO.dll
c:\program files\Search Results Toolbar\Datamngr\installhelper.dll
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\as_guid.dat
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\custom.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\about.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\custom.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpanel.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpanelwin.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxprefwin.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxwin.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\external.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\neterror.xhtml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsspreview.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsswin.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsswin.xsl
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\wmpstreamer.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules\datastore.jsm
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules\nsDragAndDrop.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\neterror.xhtml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\preferences.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\template.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\toolbar.htm
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\toolbar.xul
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\vmncode.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\vmnrsswin.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_icon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconFF.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressed.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressedFF.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_pref_icon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs\tb_thumb_icon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsw
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsww
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-buffering.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-connecting.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-ico.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-playing.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-stopped.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.ico
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\tb_icon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\widget.jsw
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta\widget.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search\engines.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search\search.xsl
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\weather\icons.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\lib\en.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\locale.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\de.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\en.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\es.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\fr.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\it.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\blip.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\bluelite.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\bluesky.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-search-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-search.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-settings-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-settings.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-widgets-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-widgets.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn_settings.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\custom.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\dailymotion.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\divider.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\ebay.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\facebook.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\find-videos.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\grey.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\icon_games.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\images.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\add.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\alexabutton.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\aol.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-dn.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-right.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-up.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-divider.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-end.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-start.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-end.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-start.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\blank.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn-widgets-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn-widgets.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn_slider.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnback-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnback-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnleft-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnright-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnright-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\checkmark.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\chevron.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\collapse.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar\debug.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\dtx-test.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\dtx.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\edit-back-hot.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\edit-back.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\expand.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\found.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\gmail.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_blue.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_cyan.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_lime.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_magenta.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_yellow.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\hotmail.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\imap.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\launchers.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\loadingMid.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\lock.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\logo-separator.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\mailcom.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_bg-basic.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_separator_bar.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_separator_white.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitem-splitter.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemback-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemright-vista.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\minus.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\modify.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\move.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\movetarget.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\panels.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\default.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\main.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\main.html.bak
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts\defscript.js.bak
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\footer.htm
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gameData.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gameList.xsl
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gametype.xsl
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\throbber.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\initHTML.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupGames.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupHTML.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\scroll.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\plus.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\pop.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\radio.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\reload.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\remove.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rename.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\resize-box.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rss.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rsschannelback.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\RSSLogo.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rsstabdivider.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\scroll-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\scroll-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\search-go.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\search.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\separator.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\text-ellipsis.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\throbber.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\transparent_1px.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_02.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_03.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_04.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_06.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_07.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_08.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_09.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_10.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_11.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_12.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_13.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_14.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_15.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_16.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_18.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_19.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_20.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_21.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\close-hot.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\close-normal.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\paneltemplate.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\proxy.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.html.bak
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\templateFF.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\throbber.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\yahoo.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lichen.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-about.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-separator.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\menuseparatorback.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\metacafe.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modify-save.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modify.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modifyhot.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\namespacetoolbar.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options-search.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-main.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-search.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-weather.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-weather.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-widgets.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\orange.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\search-over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\search_icon.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\setting_stb_16x.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings_stb_19x.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings_stb_19x_over.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-bluelite.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-bluesky.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-grey.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-lichen.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-orange.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-yellow.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\sv.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\throbber.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\toolbarsplitter.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\TRUSTe_about.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\tv.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\twitter.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\veoh.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\video.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\vimeo.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\vmn.css
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\web.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\websearch.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\yellow.gif
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\youtube.png
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\components\windowmediator.js
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\install.ico
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\manifest.xml
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultstb.dll
c:\program files\Search Results Toolbar\Datamngr\SRTOOL~1\uninstall.exe
c:\program files\SearchProtect
c:\program files\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\bin\uninstall.exe
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files\SearchProtect\UI\bin\cltmngui.exe
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\program files\Speed Analysis 2\ScRIpthost.dll
c:\program files\SupTab\SuPTab.dll
c:\program files\Zula Games\ScRIpthost.dll
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\background.html
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\crossriderManifest.json
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\manifest.xml
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins.json
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\1_base.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\102_dealply_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\103_intext_5_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\105_corticas_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\108_icm_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\119_similar_web_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\120_luck_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\138_getdeal_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\17_jQuery.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\21_debug.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\22_resources.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\28_initializer.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\47_resources_background.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\64_appApiMessage.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\7_hooks.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\72_appApiValidation.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\userCode\background.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\userCode\extension.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\actions\1.png
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon128.png
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon16.png
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon48.png
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\chrome.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\cookie.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\message.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\pageAction.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\pageActionBG.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\background.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\app_api.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\bg_app_api.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\consts.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\cookie_store.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\crossriderAPI.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\delegate.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\events.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\extensionDataStore.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\installer.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\logFile.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\logging.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\onBGDocumentLoad.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\popupResource\newPopup.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\popupResource\popup.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\reports.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\storageWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\updateManager.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\util.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\xhr.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\main.js
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\manifest.json
c:\users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\popup.html
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\background.html
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\crossriderManifest.json
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\manifest.xml
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins.json
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\1_base.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\102_dealply_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\103_intext_5_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\105_corticas_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\108_icm_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\119_similar_web_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\120_luck_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\138_getdeal_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\17_jQuery.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\21_debug.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\22_resources.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\28_initializer.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\47_resources_background.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\64_appApiMessage.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\7_hooks.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\72_appApiValidation.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\93_superfish_no_coupons_m.js
         
Der 2. Teil steht in der nächsten Antwort...
LG Nailimixam
__________________

Alt 07.02.2015, 13:20   #4
Nailimixam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Und hier Teil (2/2):
Code:
ATTFilter
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\userCode\background.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\userCode\extension.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\actions\1.png
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon128.png
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon16.png
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\icons\icon48.png
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\chrome.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\cookie.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\message.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\pageAction.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\api\pageActionBG.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\background.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\app_api.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\bg_app_api.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\consts.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\cookie_store.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\crossriderAPI.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\delegate.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\events.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\extensionDataStore.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\installer.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\logFile.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\logging.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\onBGDocumentLoad.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\popupResource\newPopup.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\popupResource\popup.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\reports.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\storageWrapper.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\updateManager.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\util.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\lib\xhr.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\js\main.js
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\manifest.json
c:\users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\popup.html
c:\users\Emily\AppData\Local\newplayer
c:\users\Emily\AppData\Local\newplayer\config\config.ini
c:\users\Emily\AppData\Local\newplayer\log.txt
c:\users\Emily\AppData\Local\nst139B.tmp
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Emily\AppData\Roaming\.#
c:\users\Emily\AppData\Roaming\.#\MBX@12EC@1A02740.###
c:\users\Emily\AppData\Roaming\.#\MBX@12EC@1A02770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1368@1472740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1368@1472770.###
c:\users\Emily\AppData\Roaming\.#\MBX@15B4@1F2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@15B4@1F2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1730@1452740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1730@1452770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1850@15F2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1850@15F2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1954@1562740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1954@1562770.###
c:\users\Emily\AppData\Roaming\.#\MBX@19C0@1AA2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@19C0@1AA2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1BE4@15B2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1BE4@15B2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1C00@15E2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1C00@15E2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1DF8@15B2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1DF8@15B2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@1E14@6B2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@1E14@6B2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@2048@362740.###
c:\users\Emily\AppData\Roaming\.#\MBX@2048@362770.###
c:\users\Emily\AppData\Roaming\.#\MBX@244@1372740.###
c:\users\Emily\AppData\Roaming\.#\MBX@244@1372770.###
c:\users\Emily\AppData\Roaming\.#\MBX@300@1422740.###
c:\users\Emily\AppData\Roaming\.#\MBX@300@1422770.###
c:\users\Emily\AppData\Roaming\.#\MBX@C84@15C2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@C84@15C2770.###
c:\users\Emily\AppData\Roaming\.#\MBX@DCC@1352740.###
c:\users\Emily\AppData\Roaming\.#\MBX@DCC@1352770.###
c:\users\Emily\AppData\Roaming\.#\MBX@F40@15A2740.###
c:\users\Emily\AppData\Roaming\.#\MBX@F40@15A2770.###
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome.manifest
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\asyncDB.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\background.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\browserAction.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\contextMenu.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\dbManager.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\dom_bg.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\fileManager.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefox.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefoxNotifications.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefoxOmnibox.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\message.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\pageAction.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\request.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\tabs.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\webRequest.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\background.html
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\baseObject.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\browser.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\console.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\consts.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\delegate.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\extensionDataStore.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\folderIOWrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\httpObserver.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\IDBWrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\installer.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\logFile.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\prefs.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\progressListenerObserver.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\registry.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\reloadObserver.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\reports.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\requestObject.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\searchSettings.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\uninstallObserver.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\updateManager.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\utils.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\xhr.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\dialog.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\main.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\options.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\options.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\search_dialog.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\defaults\preferences\prefs.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\manifest.xml
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins.json
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\1_base.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\102_dealply_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\103_intext_5_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\105_corticas_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\108_icm_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\119_similar_web_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\120_luck_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\138_getdeal_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\17_jQuery.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\182_openUrl.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\207_dbWrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\21_debug.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\22_resources.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\220_icm_base_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\221_icm_downloads_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\223_imonomy_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\226_set_campaign_id_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\242_price_gong_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\244_engageya_inner_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\246_setup.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\259_bpo_intext_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\260_pricedetect_sidebar_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\263_intext_5_j_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\268_stats_ff.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\273_aedgency_back_button_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\28_initializer.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\281_ibario_tier3_pops_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\286_sp_j_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\288_firstoffer_pricecomp_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\289_covus_logos_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\291_adoptmedia_search_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\47_resources_background.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\64_appApiMessage.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\7_hooks.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\72_appApiValidation.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\98_omniCommands.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode\background.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode\extension.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\install.rdf
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\locale\en-US\translations.dtd
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button1.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button2.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button3.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button4.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button5.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\crossrider_statusbar.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon128.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon16.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon24.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon48.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\panelarrow-up.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\popup.html
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\skin.css
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\update.css
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome.manifest
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\0b0a59f39b765121d2b23d64d252bcf2.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\2218b5de6255590a4a32f9e94dd6a73b.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\2903aebc53ea517db5dc56379c779ac4.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\603b6d3bc1e1cff627631a00cfa3147a.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\02e8d1df80b3580e405e62010962d48b.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\124385b4bf747e83b8d14910f3cb861e.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\18c8143dab5003d5845692d8f860d881.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\20eea9e77a78002ca5bf30a7ca2a70e9.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\23a823d86034424ad35a5cea55c466bf.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\42d82983cc53f17c8598ef4a8de3d5ac.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\63ed2512d397f14c32d3789405307ca1.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\7caab01950356b7ec2e5b4a49238ef81.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\9042f75fc2248a02a06c3bdf0136b68a.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\95976b559db28701c4a68a7bd1073ef3.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\975e57179636e8369b9f992a284bd63b.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\a0978c5425665714001beca8c7523f98.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\a6a82c5fe0578f52a21e15ead189e7d4.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\d565c250a32bc2c2176ded7eeb6f2e0d.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\dcc25e9a5d0da6c8dea4a2b72695c519.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\dcd0a40afe8ce8dabd67fe0c2a918154.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\background.html
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\browser.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\262232c13d2781fc0c2da4443f106fd5.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\3f1151138a3e7e2383ee4b355dc75eed.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\40e6bcaca0d1b8e73651118685171e74.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\40fc532203773e9700ec55fa91607318.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\4495fc266ac5da62a748c79e37105e9a.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\44b064388f283ee9c5cef467a1f90218.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\508a3eb0bf731d29cd83240c9c6b2cf9.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\6574332410eff9b57f1742db5fc3288e.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\8881fa3c7fb5d5e2070b1bcd4a4beedf.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\8b9f5f3ce1e0787f14bbaed8a2a58e3b.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\92c94d8ed08695ae5b69ad27f590a2df.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\9f18c42aca5631830bdc1758489dc2ee.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\9f6152d7ab4ef7950510f8ff29c2d677.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\a7f1f112add366215e1adb5ef9ad4eb7.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\c5b60ac3faf3b03140c1d485763fced8.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\cdb43505c47a821aa1aaccdb17f9c1dc.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\dca2f50f4c2bee5cb63c8c6851b81cf3.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\dd6b04a3e4fe2e2e8e20fdd5c6be1112.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\edc5aed56c9870dc248af1c6d5e77354.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\f2ba9e82a88949fb1b50283d6d1f6f5c.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\installer.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\dialog.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\f2b6287dd26a44972fe0ff0917cb413b.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\fab77e07a68a42f81e40cbad2abe2063.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\options.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\options.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\search_dialog.xul
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\defaults\preferences\prefs.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\manifest.xml
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins.json
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\1.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\102.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\104.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\13.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\14.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\16.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\17.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\177.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\180.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\182.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\183.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\184.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\190.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\191.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\192.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\195.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\207.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\21.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\22.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\220.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\221.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\223.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\226.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\233.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\242.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\246.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\260.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\262.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\263.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\268.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\273.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\275.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\28.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\281.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\289.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\354.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\4.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\47.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\64.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\7.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\72.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\78.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\9.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\91.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\93.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\98.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\userCode\background.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\userCode\extension.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\install.rdf
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\locale\en-US\translations.dtd
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button1.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button2.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button3.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button4.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button5.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\crossrider_statusbar.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon128.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon16.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon24.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon48.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\panelarrow-up.png
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\popup.html
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\skin.css
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\update.css
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com\bootstrap.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com\chrome.manifest
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com\content\bg.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com\install.rdf
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com\bootstrap.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com\chrome.manifest
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com\content\bg.js
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com\install.rdf
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\Public\sdelevURL.tmp
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js
c:\windows\msdownld.tmp
c:\windows\system32\AF15BDAEX.dll
c:\windows\Tasks\Security Center Update - 2034009945.job
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_40030ae4
-------\Service_CltMngSvc
-------\Service_globalUpdate
-------\Service_NewVideoPlayerUpdaterService
-------\Service_NewVideoPlayerUpdaterService
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-07 bis 2015-02-07  ))))))))))))))))))))))))))))))
.
.
2015-02-07 10:49 . 2015-02-07 11:00	--------	d-----w-	c:\users\Emily\AppData\Local\temp
2015-02-07 10:49 . 2015-02-07 10:49	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-02-07 10:49 . 2015-02-07 10:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-07 10:29 . 2015-02-07 11:00	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF2462D5-EE7F-4FE7-B113-BAFF48BA7ED5}\offreg.dll
2015-02-06 21:33 . 2015-02-06 21:34	--------	d-----w-	C:\FRST
2015-02-06 21:20 . 2014-12-15 03:13	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF2462D5-EE7F-4FE7-B113-BAFF48BA7ED5}\mpengine.dll
2015-02-06 21:01 . 2015-02-06 21:01	--------	d-----w-	c:\program files\WaIntEnhance
2015-02-06 20:19 . 2015-02-06 21:58	--------	d-----w-	C:\689882de6eaabdefc8
2015-02-06 19:07 . 2015-02-06 19:07	--------	d-----w-	c:\programdata\Systweak
2015-02-06 18:59 . 2015-02-06 21:05	--------	d-----w-	c:\users\Emily\AppData\Local\ElevatedDiagnostics
2015-02-06 18:51 . 2015-02-06 18:51	--------	d-----w-	C:\found.000
2015-02-06 18:45 . 2015-02-06 18:45	--------	d-----w-	c:\users\Emily\AppData\Local\SearchProtect
2015-02-05 18:40 . 2015-02-05 18:40	--------	d-----w-	c:\program files\VS Revo Group
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-04-01 1527432]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A63F6A27-6960-FFE7-5313-A90C10BAD43D}]
2014-08-19 18:32	555008	----a-w-	c:\programdata\RegULArDeeaals\2Ki.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{F0957C89-1479-61BB-1BCF-C64ED7C8EDC8}]
2013-08-12 09:57	332800	----a-w-	c:\program files\cosstminn\Znza9uVUEX.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
"Yontoo Desktop"="c:\users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-02-02 42784]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"AqjiJzed"="c:\programdata\AqjiJzed\AqjiJzed.dat" [2014-08-19 276480]
"Agenlywuybugfyv"="c:\users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe" [2011-11-13 309950]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-02 9222760]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-02 1481320]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 170520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-28 77824]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-04-01 1719944]
"MRT"="c:\windows\system32\MRT.exe" [2014-08-15 96303304]
"tvjbmonitor"="c:\program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 53248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-08-22 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 cbbjpzjo;cbbjpzjo;c:\windows\system32\drivers\cbbjpzjo.sys [x]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
R2 bonanzadealslive;BonanzaDealsLive-Dienst (bonanzadealslive);c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28 148976]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe [2014-06-12 761968]
R2 scores;scores;c:\windows\score.exe [2014-07-30 4816384]
R2 servervo;VO Service component;c:\users\Emily\AppData\Roaming\VOPackage\VOsrv.exe [2014-08-04 73728]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-10 2320920]
R2 Wpm;Wpm Service;c:\programdata\WPM\wprotectmanager.exe [2014-06-11 540304]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\Yontoo\Y2Desktop.Updater.exe [2013-02-14 23552]
R3 a2dda;Emsisoft Direct Disk Access support driver;c:\users\Emily\Desktop\MBRMastr.sys [2015-02-07 17904]
R3 bonanzadealslivem;BonanzaDealsLive-Dienst (bonanzadealslivem);c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28 148976]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-08-04 68608]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 246272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys [x]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-26 19656]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-06 c:\windows\Tasks\4503c635-3e57-4083-ab3f-d96f93597eb9.job
- c:\program files\Browsers Apps\4503c635-3e57-4083-ab3f-d96f93597eb9.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\630346e9-1d7d-4aa1-b264-7e5276cba78a.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-1.job
- c:\program files\Browsers Apps\Browsers Apps-codedownloader.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-11.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-11.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-2.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-2.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-3.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-3.exe [2014-08-04 09:03]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-4.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe [2014-08-04 09:04]
.
2015-02-06 c:\windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5_user.job
- c:\program files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe [2014-08-04 09:04]
.
2014-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-07 13:23]
.
2015-02-06 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
- c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28 13:19]
.
2014-08-22 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
- c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-28 13:19]
.
2015-02-06 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-11-15 14:03]
.
2015-02-06 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-08-04 09:03]
.
2014-08-15 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-08-04 09:03]
.
2015-02-06 c:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job
- c:\program files\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-15 17:22]
.
2015-02-06 c:\windows\Tasks\Plus-HD-1.3-codedownloader.job
- c:\program files\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-15 17:22]
.
2015-02-06 c:\windows\Tasks\Plus-HD-1.3-enabler.job
- c:\program files\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-15 17:24]
.
2015-02-06 c:\windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
- c:\program files\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-15 17:22]
.
2015-02-06 c:\windows\Tasks\Plus-HD-1.3-updater.job
- c:\program files\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-15 17:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
uDefault_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402691963&from=wpm0612&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
mStart Page = hxxp://websearch.calcitapp.info/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
HKLM-Run-DATAMNGR - c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM-Run-fst_de_122 - (no file)
SafeBoot-BsScanner
AddRemove-ilividtoolbarguid - c:\progra~1\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-LegoChessDeInstKey - c:\windows\unin0407.exe
AddRemove-NewPlayer - c:\program files\NewPlayer\uninstall.exe
AddRemove-PricePeep - c:\program files\PricePeep\uninstall.exe
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
AddRemove-zulagames - c:\program files\ZulaGames\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{F34C9277-6577-4DFF-B2D7-7D58092F272F}"=hex:51,66,7a,6c,4c,1d,38,12,19,91,5f,
   f7,45,2b,91,08,cd,c1,3e,18,0c,71,63,3b
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,
   86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DBB6CE-3148-4FEC-B481-103CB3290427}"=hex:51,66,7a,6c,4c,1d,38,12,a0,b5,c8,
   1c,7a,7f,82,0a,cb,97,53,7c,b6,77,40,33
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,38,12,85,b5,89,
   a4,87,7f,22,00,e8,fa,d8,69,48,cc,aa,3e
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
   a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{A9337080-7CBF-4E3E-80C1-3867BEDD88E0}"=hex:51,66,7a,6c,4c,1d,38,12,ee,73,20,
   ad,8d,32,50,0b,ff,d7,7b,27,bb,83,cc,f4
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,
   c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93
"{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}"=hex:51,66,7a,6c,4c,1d,38,12,ce,9e,fe,
   c5,e2,e1,fe,0e,d3,7c,90,c7,4a,07,54,00
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FC872B94-35E3-4B94-B028-184A2A1C7CCE}"=hex:51,66,7a,6c,4c,1d,38,12,fa,28,94,
   f8,d1,7b,fa,0e,cf,3e,5b,0a,2f,42,38,da
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FE063412-BEA4-4D76-8ED3-183BE6220D17}"=hex:51,66,7a,6c,4c,1d,38,12,7c,37,15,
   fa,96,f0,18,08,f1,c5,5b,7b,e3,7c,49,03
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:99,a0,9f,b3,c0,db,ce,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\conhost.exe
c:\windows\System32\WerFault.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-07  12:03:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-07 11:03
.
Vor Suchlauf: 11 Verzeichnis(se), 555.123.208.192 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 556.189.954.048 Bytes frei
.
- - End Of File - - 76C000B36A19DE35E11E0008CBB76728
7827CE22D5B6A2E3FA5111270DD20242
         
Was gibts nun zu tun? :P
LG Nailimixam

Alt 07.02.2015, 18:09   #5
sunjojo
/// Malwareteam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Alles klar, das gefällt mir aber noch nicht. Wir bleiben mal im Abgesicherten Modus mit Netzwerktreibern.


Schritt 1
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Schritt 2

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Poste folgende Logfiles in deiner nächsten Antwort:
  • mbar-log-<Jahr-Monat-Tag>.txt
  • TDSSKiller.<Version_Datum_Uhrzeit>log.txt

__________________
Gruß,

Jonas

Alt 07.02.2015, 21:15   #6
Nailimixam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Hey Jonas,
Hier die beiden Files:
mbarlog.txt:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.07.06
  rootkit: v2015.02.03.01

Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Emily :: EMILY-PC [administrator]

07.02.2015 17:29:45
mbar-log-2015-02-07 (17-29-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 417517
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Delete on reboot. [396972a959317abc9656d731fd0627d9]
HKLM\SOFTWARE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Delete on reboot. [c9d9ab70b7d3b48220ccb355cf34cd33]
HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} (Adware.Agent) -> Delete on reboot. [c9d9ab70b7d3b48220ccb355cf34cd33]
HKLM\SOFTWARE\FREESOFTTODAY (Adware.EoRezo) -> Delete on reboot. [cbd744d7c3c7a69073ce7873dc28d030]

Registry Values Detected: 2
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AqjiJzed (Trojan.FakeMS) -> Data: regsvr32.exe "C:\ProgramData\AqjiJzed\AqjiJzed.dat" -> Delete on reboot. [aef479a23f4b989eeec9c00ab34e53ad]
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Agenlywuybugfyv (Trojan.Zbot.gen) -> Data: C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe -> Delete on reboot. [f6ac76a5e6a4181e8c8a5e5a15ec5da3]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\ProgramData\AqjiJzed\AqjiJzed.dat (Trojan.FakeMS) -> Delete on reboot. [aef479a23f4b989eeec9c00ab34e53ad]
C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe (Trojan.Zbot.gen) -> Delete on reboot. [f6ac76a5e6a4181e8c8a5e5a15ec5da3]
C:\ProgramData\Windows Genuine Advantage\{265FA7A8-A63B-4E13-90E5-A3D3167F2E5D}\msiexec.exe (Trojan.Zbot.CXgen) -> Delete on reboot. [5b4704179af0d2644981959b17ea827e]
C:\Program Files\Supporter\Supporter.dll (Trojan.SProtector) -> Delete on reboot. [ebb778a36b1fed49704e9fe1f30e50b0]
C:\Program Files\Supporter\SupporterSvc.dll (Trojan.SProtector) -> Delete on reboot. [386af02b6c1e59dd9f20fe8246bb0bf5]

Physical Sectors Detected: 2
Physical Sector #2048 on Drive #0 (Rootkit.Cidox.J.VBR) -> Replace on reboot. [2f5632743afcba29dc12fb38883fec71]
Physical Sector #1 on Drive #0 (Forged physical sector) -> Replace on reboot. [4e8e7ed0b44fc2d63ed5c747a14d4a9e]

(end)
         
TDSSKiller.log.txt:
Code:
ATTFilter
19:09:35.0984 0x06d8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:40:04.0953 0x06d8  ============================================================
19:40:04.0953 0x06d8  Current date / time: 2015/02/07 19:40:04.0953
19:40:04.0953 0x06d8  SystemInfo:
19:40:04.0953 0x06d8  
19:40:04.0953 0x06d8  OS Version: 6.1.7600 ServicePack: 0.0
19:40:04.0953 0x06d8  Product type: Workstation
19:40:04.0953 0x06d8  ComputerName: EMILY-PC
19:40:04.0953 0x06d8  UserName: Emily
19:40:04.0953 0x06d8  Windows directory: C:\Windows
19:40:04.0953 0x06d8  System windows directory: C:\Windows
19:40:04.0953 0x06d8  Processor architecture: Intel x86
19:40:04.0953 0x06d8  Number of processors: 4
19:40:04.0953 0x06d8  Page size: 0x1000
19:40:04.0953 0x06d8  Boot type: Safe boot with network
19:40:04.0953 0x06d8  ============================================================
19:40:05.0062 0x06d8  KLMD registered as C:\Windows\system32\drivers\83944428.sys
19:40:05.0296 0x06d8  System UUID: {A5A33EEB-B2CB-5FA0-D186-0774426E6CED}
19:40:05.0951 0x06d8  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:40:05.0951 0x06d8  ============================================================
19:40:05.0951 0x06d8  \Device\Harddisk0\DR0:
19:40:05.0951 0x06d8  MBR partitions:
19:40:05.0951 0x06d8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:40:05.0951 0x06d8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x46A24000
19:40:05.0951 0x06d8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x46A56800, BlocksNum 0x3C00000
19:40:05.0951 0x06d8  ============================================================
19:40:05.0982 0x06d8  C: <-> \Device\Harddisk0\DR0\Partition2
19:40:06.0029 0x06d8  D: <-> \Device\Harddisk0\DR0\Partition3
19:40:06.0029 0x06d8  ============================================================
19:40:06.0029 0x06d8  Initialize success
19:40:06.0029 0x06d8  ============================================================
19:40:11.0598 0x058c  ============================================================
19:40:11.0598 0x058c  Scan started
19:40:11.0598 0x058c  Mode: Manual; 
19:40:11.0598 0x058c  ============================================================
19:40:11.0598 0x058c  KSN ping started
19:40:21.0489 0x058c  KSN ping finished: true
19:40:22.0627 0x058c  ================ Scan system memory ========================
19:40:22.0627 0x058c  System memory - ok
19:40:22.0627 0x058c  ================ Scan services =============================
19:40:22.0877 0x058c  [ D01E0B1CEF9EE82100C2BB07294880EF, 335817C019E2A214EE3185ED9AFCCF323062D1CF2A0C32A114DD5D83B2FF9132 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:40:22.0893 0x058c  1394ohci - ok
19:40:23.0002 0x058c  a2dda - ok
19:40:23.0095 0x058c  [ 0059FF74927A27395C5E190F9AA392DF, CAB034EA66AAC5705F9F3029B67A4C1E2CF3A6EBCCABB2C3A8FE8CD39CD7008C ] acedrv10        C:\Windows\system32\drivers\acedrv10.sys
19:40:23.0111 0x058c  acedrv10 - ok
19:40:23.0189 0x058c  [ 6625A32AD17A3FA6C7F405AEAC945AA7, 9B9BFAE7586CD2601DE2AD77560B1345E8628B8E9A90CADBE134534EBAAF829F ] acehlp10        C:\Windows\system32\drivers\acehlp10.sys
19:40:23.0189 0x058c  acehlp10 - ok
19:40:23.0251 0x058c  [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:40:23.0267 0x058c  ACPI - ok
19:40:23.0345 0x058c  [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:40:23.0345 0x058c  AcpiPmi - ok
19:40:23.0485 0x058c  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:40:23.0485 0x058c  AdobeFlashPlayerUpdateSvc - ok
19:40:23.0579 0x058c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:40:23.0595 0x058c  adp94xx - ok
19:40:23.0641 0x058c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:40:23.0657 0x058c  adpahci - ok
19:40:23.0704 0x058c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:40:23.0704 0x058c  adpu320 - ok
19:40:23.0751 0x058c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:40:23.0751 0x058c  AeLookupSvc - ok
19:40:23.0844 0x058c  [ 25E12313338E476293178BCAE4D6F4E2, 189E83A57C46603ED7CDEDBA56D3FDD6645A64CD490141E75266DE7D10A50CFE ] AF15BDA         C:\Windows\system32\DRIVERS\AF15BDA.sys
19:40:23.0844 0x058c  AF15BDA - ok
19:40:23.0907 0x058c  [ 0DB7A48388D54D154EBEC120461A0FCD, 567B65F96ADE0E8252B7D8CE7F254CB8054C3AE4BC3577C394EFDEF8D8A61427 ] AFD             C:\Windows\system32\drivers\afd.sys
19:40:23.0922 0x058c  AFD - ok
19:40:23.0953 0x058c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:40:23.0953 0x058c  agp440 - ok
19:40:24.0031 0x058c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
19:40:24.0031 0x058c  aic78xx - ok
19:40:24.0078 0x058c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
19:40:24.0078 0x058c  ALG - ok
19:40:24.0156 0x058c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:40:24.0156 0x058c  aliide - ok
19:40:24.0187 0x058c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
19:40:24.0203 0x058c  amdagp - ok
19:40:24.0250 0x058c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:40:24.0250 0x058c  amdide - ok
19:40:24.0312 0x058c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:40:24.0312 0x058c  AmdK8 - ok
19:40:24.0328 0x058c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:40:24.0328 0x058c  AmdPPM - ok
19:40:24.0406 0x058c  [ 19CE906B4CDC11FC4FEF5745F33A63B6, 27BF91DB1FDC81CFCF0E0DCFD3C4AD51FCFB778D36F1E83105C2AFCF6851A4DF ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:40:24.0406 0x058c  amdsata - ok
19:40:24.0468 0x058c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:40:24.0468 0x058c  amdsbs - ok
19:40:24.0499 0x058c  [ 869E67D66BE326A5A9159FBA8746FA70, 8F493A340F19FB39B5BD24EF8603812BECE7770544AB91817FF67236448569CB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:40:24.0499 0x058c  amdxata - ok
19:40:24.0562 0x058c  [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID           C:\Windows\system32\drivers\appid.sys
19:40:24.0562 0x058c  AppID - ok
19:40:24.0640 0x058c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:40:24.0640 0x058c  AppIDSvc - ok
19:40:24.0702 0x058c  [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo         C:\Windows\System32\appinfo.dll
19:40:24.0702 0x058c  Appinfo - ok
19:40:24.0780 0x058c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:40:24.0780 0x058c  arc - ok
19:40:24.0811 0x058c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:40:24.0811 0x058c  arcsas - ok
19:40:24.0983 0x058c  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:40:24.0983 0x058c  aspnet_state - ok
19:40:25.0061 0x058c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:25.0061 0x058c  AsyncMac - ok
19:40:25.0139 0x058c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:40:25.0139 0x058c  atapi - ok
19:40:25.0217 0x058c  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:40:25.0217 0x058c  AudioEndpointBuilder - ok
19:40:25.0233 0x058c  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:40:25.0248 0x058c  Audiosrv - ok
19:40:25.0311 0x058c  [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:40:25.0311 0x058c  AxInstSV - ok
19:40:25.0389 0x058c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
19:40:25.0404 0x058c  b06bdrv - ok
19:40:25.0451 0x058c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:40:25.0451 0x058c  b57nd60x - ok
19:40:25.0545 0x058c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
19:40:25.0545 0x058c  BDESVC - ok
19:40:25.0591 0x058c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:40:25.0591 0x058c  Beep - ok
19:40:25.0669 0x058c  [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE             C:\Windows\System32\bfe.dll
19:40:25.0685 0x058c  BFE - ok
19:40:25.0763 0x058c  [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS            C:\Windows\system32\qmgr.dll
19:40:25.0779 0x058c  BITS - ok
19:40:25.0857 0x058c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:40:25.0857 0x058c  blbdrive - ok
19:40:25.0919 0x058c  bonanzadealslive - ok
19:40:25.0935 0x058c  bonanzadealslivem - ok
19:40:26.0028 0x058c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:40:26.0044 0x058c  Bonjour Service - ok
19:40:26.0106 0x058c  [ 9A5C671B7FBAE4865149BB11F59B91B2, BE1D5901CB8EF20E34F711D6451BDFBCA4BD65AFAD6028964C5CE1673D94FBAD ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:40:26.0106 0x058c  bowser - ok
19:40:26.0153 0x058c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:40:26.0153 0x058c  BrFiltLo - ok
19:40:26.0215 0x058c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:40:26.0215 0x058c  BrFiltUp - ok
19:40:26.0325 0x058c  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:40:26.0340 0x058c  BridgeMP - ok
19:40:26.0403 0x058c  [ A0E691DC6589D4D2CBE373171D1A49E5, 66BAED3EF7AFE0FB4304FC97ABE2BB106ADE1A956F89DCB52E70F30239461D05 ] Browser         C:\Windows\System32\browser.dll
19:40:26.0403 0x058c  Browser - ok
19:40:26.0449 0x058c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:40:26.0465 0x058c  Brserid - ok
19:40:26.0512 0x058c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:40:26.0512 0x058c  BrSerWdm - ok
19:40:26.0527 0x058c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:40:26.0527 0x058c  BrUsbMdm - ok
19:40:26.0574 0x058c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:40:26.0574 0x058c  BrUsbSer - ok
19:40:26.0590 0x058c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:40:26.0590 0x058c  BTHMODEM - ok
19:40:26.0668 0x058c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
19:40:26.0668 0x058c  bthserv - ok
19:40:26.0793 0x058c  catchme - ok
19:40:26.0871 0x058c  cbbjpzjo - ok
19:40:26.0902 0x058c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:40:26.0902 0x058c  cdfs - ok
19:40:26.0980 0x058c  [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:40:26.0980 0x058c  cdrom - ok
19:40:27.0042 0x058c  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:40:27.0042 0x058c  CertPropSvc - ok
19:40:27.0105 0x058c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:40:27.0105 0x058c  circlass - ok
19:40:27.0167 0x058c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
19:40:27.0167 0x058c  CLFS - ok
19:40:27.0261 0x058c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:27.0261 0x058c  clr_optimization_v2.0.50727_32 - ok
19:40:27.0323 0x058c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:27.0339 0x058c  clr_optimization_v4.0.30319_32 - ok
19:40:27.0385 0x058c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:40:27.0385 0x058c  CmBatt - ok
19:40:27.0385 0x058c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:40:27.0401 0x058c  cmdide - ok
19:40:27.0463 0x058c  [ DB5E008B3744DD60C8498CBBF2A1CFA6, 1D851BF2433A953B32438A911D194C9DB42A52CD6E8DA296CA3C8DD2CCA83381 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:40:27.0463 0x058c  CNG - ok
19:40:27.0510 0x058c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:40:27.0510 0x058c  Compbatt - ok
19:40:27.0588 0x058c  [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:40:27.0588 0x058c  CompositeBus - ok
19:40:27.0635 0x058c  COMSysApp - ok
19:40:27.0666 0x058c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:40:27.0666 0x058c  crcdisk - ok
19:40:27.0729 0x058c  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED, 579D206CF49FB78C2D9BA29A9C57489B7875242EB618019CB7B8D336C70A09E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:40:27.0729 0x058c  CryptSvc - ok
19:40:27.0775 0x058c  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:40:27.0775 0x058c  DcomLaunch - ok
19:40:27.0838 0x058c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
19:40:27.0838 0x058c  defragsvc - ok
19:40:27.0885 0x058c  [ 83D1ECEA8FAAE75604C0FA49AC7AD996, 0EB4F374CB91AFF12ABC7EFC7858BDB6E58B50FCE0ADA1711F90FF592059DA40 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:40:27.0885 0x058c  DfsC - ok
19:40:27.0963 0x058c  [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:40:27.0963 0x058c  Dhcp - ok
19:40:28.0009 0x058c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
19:40:28.0009 0x058c  discache - ok
19:40:28.0087 0x058c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:40:28.0087 0x058c  Disk - ok
19:40:28.0165 0x058c  [ B15BE77A2BACF9C3177D27518AFE26A9, FBF02038C2EC0262B401FCBD348C48DF184AD76E95643E3D6ED32C02E90D8FC9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:40:28.0165 0x058c  Dnscache - ok
19:40:28.0197 0x058c  [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc         C:\Windows\System32\dot3svc.dll
19:40:28.0212 0x058c  dot3svc - ok
19:40:28.0275 0x058c  [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS             C:\Windows\system32\dps.dll
19:40:28.0290 0x058c  DPS - ok
19:40:28.0353 0x058c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:40:28.0353 0x058c  drmkaud - ok
19:40:28.0399 0x058c  [ 1679A4669326CB1A67CC95658D273234, 57429EC10744956635CAE0742320D7C03B3EEA0CB1F5769AEF21C054C0B5E498 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:40:28.0431 0x058c  DXGKrnl - ok
19:40:28.0462 0x058c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
19:40:28.0477 0x058c  EapHost - ok
19:40:28.0665 0x058c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
19:40:28.0743 0x058c  ebdrv - ok
19:40:28.0774 0x058c  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] EFS             C:\Windows\System32\lsass.exe
19:40:28.0774 0x058c  EFS - ok
19:40:28.0852 0x058c  [ 1697C39978CD69F6FBC15302EDCECE1F, E496FAE102EE33EBD35AC745E8647976DB9F91EF78E54EB962FF2D04D45B561A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:40:28.0867 0x058c  ehRecvr - ok
19:40:28.0899 0x058c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
19:40:28.0899 0x058c  ehSched - ok
19:40:28.0977 0x058c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:40:28.0992 0x058c  elxstor - ok
19:40:29.0008 0x058c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:40:29.0008 0x058c  ErrDev - ok
19:40:29.0101 0x058c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
19:40:29.0117 0x058c  EventSystem - ok
19:40:29.0133 0x058c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:40:29.0133 0x058c  exfat - ok
19:40:29.0195 0x058c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:40:29.0195 0x058c  fastfat - ok
19:40:29.0289 0x058c  [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax             C:\Windows\system32\fxssvc.exe
19:40:29.0304 0x058c  Fax - ok
19:40:29.0351 0x058c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:40:29.0351 0x058c  fdc - ok
19:40:29.0382 0x058c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
19:40:29.0382 0x058c  fdPHost - ok
19:40:29.0398 0x058c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:40:29.0398 0x058c  FDResPub - ok
19:40:29.0445 0x058c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:40:29.0445 0x058c  FileInfo - ok
19:40:29.0460 0x058c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:40:29.0460 0x058c  Filetrace - ok
19:40:29.0507 0x058c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:40:29.0507 0x058c  flpydisk - ok
19:40:29.0569 0x058c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:40:29.0585 0x058c  FltMgr - ok
19:40:29.0663 0x058c  [ 7FE4995528A7529A761875151EE3D512, 63F062A8E6AA9AEF39A46E94ADD548C72B4E21C1090DE9CBDCFB3F4489637BAF ] FontCache       C:\Windows\system32\FntCache.dll
19:40:29.0679 0x058c  FontCache - ok
19:40:29.0757 0x058c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:40:29.0757 0x058c  FontCache3.0.0.0 - ok
19:40:29.0757 0x058c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:40:29.0757 0x058c  FsDepends - ok
19:40:29.0788 0x058c  [ 500A9814FD9446A8126858A5A7F7D273, FB9607A43B8DDA87A449A3BFEBDC035F00BA7B5D9CC56AD5F310732A38F56A46 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:40:29.0788 0x058c  Fs_Rec - ok
19:40:29.0850 0x058c  [ 4732E596BB1C50D9F9188C5074EE7782, 465E47C6AFA53B7CAFED5C61A5D832E7B3A1A33F82E1F11A472B84CD24D2ED55 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:40:29.0866 0x058c  fvevol - ok
19:40:29.0913 0x058c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:40:29.0913 0x058c  gagp30kx - ok
19:40:29.0975 0x058c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:40:29.0975 0x058c  GEARAspiWDM - ok
19:40:30.0037 0x058c  globalUpdatem - ok
19:40:30.0084 0x058c  [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:40:30.0100 0x058c  gpsvc - ok
19:40:30.0147 0x058c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:40:30.0147 0x058c  hcw85cir - ok
19:40:30.0240 0x058c  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:40:30.0240 0x058c  HdAudAddService - ok
19:40:30.0287 0x058c  [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:40:30.0303 0x058c  HDAudBus - ok
19:40:30.0349 0x058c  [ A88485DC6A7136C10D9A6C7E38FDFE3C, B651823E5F6D13B086B00440AD17C7C2756F079DD9290E0FEB1A3A48D0104F8C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
19:40:30.0349 0x058c  HECI - ok
19:40:30.0381 0x058c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:40:30.0381 0x058c  HidBatt - ok
19:40:30.0412 0x058c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:40:30.0412 0x058c  HidBth - ok
19:40:30.0474 0x058c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:40:30.0474 0x058c  HidIr - ok
19:40:30.0521 0x058c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
19:40:30.0521 0x058c  hidserv - ok
19:40:30.0630 0x058c  [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:40:30.0630 0x058c  HidUsb - ok
19:40:30.0661 0x058c  [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:40:30.0661 0x058c  hkmsvc - ok
19:40:30.0771 0x058c  [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:40:30.0771 0x058c  HomeGroupListener - ok
19:40:30.0817 0x058c  [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:40:30.0833 0x058c  HomeGroupProvider - ok
19:40:30.0911 0x058c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:40:30.0911 0x058c  HpSAMD - ok
19:40:30.0973 0x058c  [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:40:30.0989 0x058c  HTTP - ok
19:40:31.0005 0x058c  [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:40:31.0005 0x058c  hwpolicy - ok
19:40:31.0067 0x058c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:40:31.0067 0x058c  i8042prt - ok
19:40:31.0207 0x058c  [ 26541A068572F650A2FA490726FE81BE, 9D6EF745731D45C4482274BE9C56300BBE8843D6C182F0E5C621AB121DBE371E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:40:31.0223 0x058c  iaStor - ok
19:40:31.0363 0x058c  [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:40:31.0363 0x058c  IAStorDataMgrSvc - ok
19:40:31.0426 0x058c  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9, 3AF6B8220E5081C79951979FE59E980C0309C826E201AE286D3B42CD2BA8145F ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:40:31.0426 0x058c  iaStorV - ok
19:40:31.0504 0x058c  [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:40:31.0535 0x058c  idsvc - ok
19:40:31.0597 0x058c  IePluginServices - ok
19:40:31.0941 0x058c  [ C5589781F75DE0BFB26E221649C80D00, 949AC24AF8669F9FF71DB30A502AF8BA17D892A0E86708418469B15F084A9D72 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:40:32.0221 0x058c  igfx - ok
19:40:32.0284 0x058c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:40:32.0284 0x058c  iirsp - ok
19:40:32.0362 0x058c  [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:40:32.0377 0x058c  IKEEXT - ok
19:40:32.0455 0x058c  [ E3C36AC5AE87EC970AE8EA2A93D59AE1, 8403A5243DF38EFC35A0200760EC081E42467744AF25A1F2168D5A8198AF6A5B ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
19:40:32.0455 0x058c  Impcd - ok
19:40:32.0674 0x058c  [ ACEC5BBEE4AA34D74BE0E2E512CC2026, DBE4672B0ABA876FBE51EF36CA0AF1EABD00F793984E9A2A90C2A757E7953C34 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:40:32.0736 0x058c  IntcAzAudAddService - ok
19:40:32.0845 0x058c  [ AF6D1E38BCE11DABA4C01D6A6DE94410, 0913444FE63FF47C99A3F002368C05574DE9AE7973CA5832FFC6C88F9F12B574 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:40:32.0861 0x058c  IntcDAud - ok
19:40:32.0908 0x058c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:40:32.0908 0x058c  intelide - ok
19:40:32.0986 0x058c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:40:32.0986 0x058c  intelppm - ok
19:40:33.0017 0x058c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:40:33.0033 0x058c  IPBusEnum - ok
19:40:33.0079 0x058c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:40:33.0079 0x058c  IpFilterDriver - ok
19:40:33.0142 0x058c  [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:40:33.0157 0x058c  iphlpsvc - ok
19:40:33.0189 0x058c  [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:40:33.0189 0x058c  IPMIDRV - ok
19:40:33.0204 0x058c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:40:33.0204 0x058c  IPNAT - ok
19:40:33.0267 0x058c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:40:33.0267 0x058c  IRENUM - ok
19:40:33.0313 0x058c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:40:33.0313 0x058c  isapnp - ok
19:40:33.0329 0x058c  [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:40:33.0329 0x058c  iScsiPrt - ok
19:40:33.0391 0x058c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:40:33.0407 0x058c  kbdclass - ok
19:40:33.0454 0x058c  [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:40:33.0454 0x058c  kbdhid - ok
19:40:33.0501 0x058c  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] KeyIso          C:\Windows\system32\lsass.exe
19:40:33.0501 0x058c  KeyIso - ok
19:40:33.0532 0x058c  [ 52FC17C8589F11747D01D3CF592673D0, 0D432F14DF6A0964947FADF4AFBCC195946A68230DC17FA610CC000BB0C921A7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:40:33.0532 0x058c  KSecDD - ok
19:40:33.0563 0x058c  [ 3E5474B03568CFAB834DA3C38E8C9EFA, 1223B99AD86905C34BC95C61DA894F36567F4A23EA7E32E955133C5B2FD558DB ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:40:33.0563 0x058c  KSecPkg - ok
19:40:33.0594 0x058c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:40:33.0594 0x058c  KtmRm - ok
19:40:33.0641 0x058c  [ 4566FD5F4416E7FEF3600E4B30D086C3, 8AF3E81D4BFE974D7419D1C7EFA7D2910AEA38A44C932A5EC83DAAAD995B7AB7 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
19:40:33.0657 0x058c  L1C - ok
19:40:33.0688 0x058c  [ 8F6BF790D3168224C16F2AF68A84438C, CEEA0E38B746163A4110E157DAB50CC35A689A5BBC9B3691F2B9D3AE49B0D95E ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:40:33.0703 0x058c  LanmanServer - ok
19:40:33.0781 0x058c  [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:40:33.0781 0x058c  LanmanWorkstation - ok
19:40:33.0844 0x058c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:40:33.0844 0x058c  lltdio - ok
19:40:33.0891 0x058c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:40:33.0891 0x058c  lltdsvc - ok
19:40:33.0922 0x058c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:40:33.0922 0x058c  lmhosts - ok
19:40:34.0031 0x058c  [ 1E2F802846EB944E0333EFEE7C9532A8, 86EB59BF238E3DB8AF9E379B0BAE5AEC734C15598E665062B2E19C0A58BEF783 ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:40:34.0047 0x058c  LMS - ok
19:40:34.0093 0x058c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:40:34.0093 0x058c  LSI_FC - ok
19:40:34.0125 0x058c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:40:34.0125 0x058c  LSI_SAS - ok
19:40:34.0171 0x058c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:40:34.0187 0x058c  LSI_SAS2 - ok
19:40:34.0203 0x058c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:40:34.0203 0x058c  LSI_SCSI - ok
19:40:34.0281 0x058c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:40:34.0281 0x058c  luafv - ok
19:40:34.0312 0x058c  [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:40:34.0312 0x058c  Mcx2Svc - ok
19:40:34.0374 0x058c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:40:34.0374 0x058c  megasas - ok
19:40:34.0390 0x058c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:40:34.0390 0x058c  MegaSR - ok
19:40:34.0437 0x058c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
19:40:34.0437 0x058c  MMCSS - ok
19:40:34.0530 0x058c  [ 5B9CA81817E046666E7ABF8B9B101545, 6DD02C4C991198AC515847DAAEF7A3DF379636649FDB2623A0FBD8B51DADD523 ] mod7700         C:\Windows\system32\DRIVERS\mod7700.sys
19:40:34.0546 0x058c  mod7700 - ok
19:40:34.0577 0x058c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
19:40:34.0593 0x058c  Modem - ok
19:40:34.0608 0x0080  Object required for P2P: [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD
19:40:34.0624 0x058c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:40:34.0624 0x058c  monitor - ok
19:40:34.0639 0x058c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:40:34.0639 0x058c  mouclass - ok
19:40:34.0702 0x058c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:40:34.0717 0x058c  mouhid - ok
19:40:34.0749 0x058c  [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:40:34.0749 0x058c  mountmgr - ok
19:40:34.0764 0x058c  [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:40:34.0764 0x058c  mpio - ok
19:40:34.0827 0x058c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:40:34.0827 0x058c  mpsdrv - ok
19:40:34.0905 0x058c  [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:40:34.0920 0x058c  MpsSvc - ok
19:40:34.0936 0x058c  [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:40:34.0936 0x058c  MRxDAV - ok
19:40:35.0014 0x058c  [ CA7570E42522E24324A12161DB14EC02, E4DA5EDC7CBCC9E601543071A49347A0AA3EB4EAC205E342A1F2768FD785D08F ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:40:35.0014 0x058c  mrxsmb - ok
19:40:35.0061 0x058c  [ F965C3AB2B2AE5C378F4562486E35051, 5FFDD5531B98FF0EA19A901C4EE1CE6043C245A4BE5533A495E331B5834D696B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:40:35.0076 0x058c  mrxsmb10 - ok
19:40:35.0123 0x058c  [ 25C38264A3C72594DD21D355D70D7A5D, DCEF2DEBB1859FED6FC7A19D13A841B6B6CA10577E12F116D0EB2D2B8C72A4A1 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:35.0123 0x058c  mrxsmb20 - ok
19:40:35.0139 0x058c  [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:40:35.0139 0x058c  msahci - ok
19:40:35.0170 0x058c  [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:40:35.0185 0x058c  msdsm - ok
19:40:35.0201 0x058c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
19:40:35.0201 0x058c  MSDTC - ok
19:40:35.0248 0x058c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:40:35.0248 0x058c  Msfs - ok
19:40:35.0263 0x058c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:40:35.0263 0x058c  mshidkmdf - ok
19:40:35.0310 0x058c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:40:35.0310 0x058c  msisadrv - ok
19:40:35.0373 0x058c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:40:35.0388 0x058c  MSiSCSI - ok
19:40:35.0419 0x058c  msiserver - ok
19:40:35.0482 0x058c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:40:35.0482 0x058c  MSKSSRV - ok
19:40:35.0482 0x058c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:35.0482 0x058c  MSPCLOCK - ok
19:40:35.0497 0x058c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:40:35.0497 0x058c  MSPQM - ok
19:40:35.0529 0x058c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:40:35.0529 0x058c  MsRPC - ok
19:40:35.0544 0x058c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:40:35.0560 0x058c  mssmbios - ok
19:40:35.0560 0x058c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:40:35.0560 0x058c  MSTEE - ok
19:40:35.0575 0x058c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:40:35.0575 0x058c  MTConfig - ok
19:40:35.0622 0x058c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:40:35.0622 0x058c  Mup - ok
19:40:35.0653 0x058c  [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent        C:\Windows\system32\qagentRT.dll
19:40:35.0669 0x058c  napagent - ok
19:40:35.0763 0x058c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:40:35.0778 0x058c  NativeWifiP - ok
19:40:35.0825 0x058c  [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:40:35.0841 0x058c  NDIS - ok
19:40:35.0872 0x058c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:40:35.0872 0x058c  NdisCap - ok
19:40:35.0934 0x058c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:35.0934 0x058c  NdisTapi - ok
19:40:35.0997 0x058c  [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:35.0997 0x058c  Ndisuio - ok
19:40:36.0012 0x058c  [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:36.0012 0x058c  NdisWan - ok
19:40:36.0043 0x058c  [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:40:36.0059 0x058c  NDProxy - ok
19:40:36.0106 0x058c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:40:36.0106 0x058c  NetBIOS - ok
19:40:36.0121 0x058c  [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:40:36.0137 0x058c  NetBT - ok
19:40:36.0184 0x058c  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] Netlogon        C:\Windows\system32\lsass.exe
19:40:36.0184 0x058c  Netlogon - ok
19:40:36.0215 0x058c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
19:40:36.0215 0x058c  Netman - ok
19:40:36.0293 0x058c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:36.0293 0x058c  NetMsmqActivator - ok
19:40:36.0293 0x058c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:36.0309 0x058c  NetPipeActivator - ok
19:40:36.0324 0x058c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
19:40:36.0340 0x058c  netprofm - ok
19:40:36.0355 0x058c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:36.0355 0x058c  NetTcpActivator - ok
19:40:36.0371 0x058c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:36.0371 0x058c  NetTcpPortSharing - ok
19:40:36.0433 0x058c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:40:36.0433 0x058c  nfrd960 - ok
19:40:36.0465 0x058c  [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:40:36.0465 0x058c  NlaSvc - ok
19:40:36.0496 0x058c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:40:36.0511 0x058c  Npfs - ok
19:40:36.0589 0x058c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
19:40:36.0589 0x058c  nsi - ok
19:40:36.0605 0x058c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:40:36.0621 0x058c  nsiproxy - ok
19:40:36.0683 0x058c  [ A8F59428E9F361C7AC42A94AC1560BC9, 5B056375C8D21E7AE9E2EAC2EF62F5A2D6D0DBB52DD2FC34F9CC35F55C6766A6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:40:36.0714 0x058c  Ntfs - ok
19:40:36.0745 0x058c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
19:40:36.0745 0x058c  Null - ok
19:40:36.0823 0x058c  [ 03AD379554B50FA1802BE4EC2E291E92, DCF2B5DB1C8BDF2473E454F974EA6445C3EEC111252D859EC2EC3F6833390271 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
19:40:36.0823 0x058c  nusb3hub - ok
19:40:36.0855 0x067c  Object required for P2P: [ 53F476476F55A27F580661BDE09C4EC4 ] BITS
19:40:36.0901 0x058c  [ 06FE87C9D181AF5F04D192E604E10E6C, 27BBB521C68EAD123117DCD1DEA7436833EC0CFB62F6B6A5AC12E5A2996C7595 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:40:36.0917 0x058c  nusb3xhc - ok
19:40:37.0291 0x058c  [ 011C6E2E44A36ED7ACB57FD6197F0516, 5CD3414659461DD028EFBDD5734B7F1343B362CB5FB250C4EBAD169AF4E8AC9B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:40:37.0635 0x058c  nvlddmkm - ok
19:40:37.0697 0x058c  [ 47188871F2A151746A93DEEF0DBC26D9, B593E41E4490D08A823F4722476E63797876563EF46E0A7C695C66CFDD1B50E2 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:40:37.0697 0x058c  nvpciflt - ok
19:40:37.0775 0x058c  [ F1B0BED906F97E16F6D0C3629D2F21C6, 563DE1AF0BE884264FD0D17AAA92EA32A2EACDF1E6C56D038773919D731E110C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:40:37.0775 0x058c  nvraid - ok
19:40:37.0822 0x058c  [ 4520B63899E867F354EE012D34E11536, BDFF1033609834F44B0EDBE8B360FD7977D027034C469862385736AEFE8832B7 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:40:37.0822 0x058c  nvstor - ok
19:40:37.0869 0x058c  [ 07428D1C6FA4011085E8610AA37769E5, E64FF250B5CF5A89A4958D92445F44F9AE9B006A16334CB0CCC41216D5540E2A ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:40:37.0869 0x058c  nvsvc - ok
19:40:38.0040 0x058c  [ 6CC0B075295589730917B17ECBBCB6B3, E24DE98B499261F9FCF64239231873BC95E5ED1BD2B6B2E2B972C87222E85C6B ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:40:38.0087 0x058c  nvUpdatusService - ok
19:40:38.0118 0x058c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:40:38.0134 0x058c  nv_agp - ok
19:40:38.0196 0x058c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:40:38.0196 0x058c  ohci1394 - ok
19:40:38.0305 0x058c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:40:38.0305 0x058c  ose - ok
19:40:38.0477 0x058c  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:40:38.0664 0x058c  osppsvc - ok
19:40:38.0711 0x0598  Object required for P2P: [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch
19:40:38.0758 0x058c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:40:38.0758 0x058c  p2pimsvc - ok
19:40:38.0836 0x058c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:40:38.0851 0x058c  p2psvc - ok
19:40:38.0883 0x058c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:40:38.0883 0x058c  Parport - ok
19:40:38.0929 0x058c  [ 66D3415C159741ADE7038A277EFFF99F, D9853845FE495A546328986718074373EAB0F59538CFE7E604B1A94C8CBE7140 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:40:38.0929 0x058c  partmgr - ok
19:40:38.0976 0x058c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:40:38.0976 0x058c  Parvdm - ok
19:40:39.0054 0x058c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:40:39.0070 0x058c  PcaSvc - ok
19:40:39.0117 0x058c  [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:40:39.0117 0x058c  pci - ok
19:40:39.0132 0x058c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:40:39.0148 0x058c  pciide - ok
19:40:39.0179 0x058c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:40:39.0179 0x058c  pcmcia - ok
19:40:39.0241 0x058c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:40:39.0241 0x058c  pcw - ok
19:40:39.0382 0x058c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:40:39.0397 0x058c  PEAUTH - ok
19:40:39.0475 0x058c  [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla             C:\Windows\system32\pla.dll
19:40:39.0522 0x058c  pla - ok
19:40:39.0600 0x058c  [ 71DEF5EC79774C798342D0EA16E41780, 5B5A365E57A7ACE3C4EDA1D891BD613879B284831E8253FDE498E40B2091E3B6 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:40:39.0600 0x058c  PlugPlay - ok
19:40:39.0616 0x058c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:40:39.0616 0x058c  PNRPAutoReg - ok
19:40:39.0678 0x058c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:40:39.0694 0x058c  PNRPsvc - ok
19:40:39.0756 0x058c  [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:40:39.0772 0x058c  PolicyAgent - ok
19:40:39.0803 0x058c  [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power           C:\Windows\system32\umpo.dll
19:40:39.0803 0x058c  Power - ok
19:40:39.0881 0x058c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:40:39.0881 0x058c  PptpMiniport - ok
19:40:39.0943 0x058c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:40:39.0943 0x058c  Processor - ok
19:40:40.0021 0x058c  [ AEA3BDBDBA667AA6F678CB38907E4F5E, AB698DCA117F8D5F22F9CD8D7884147BAB4E0C055B8A487BC035C18ED1634752 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:40:40.0037 0x058c  ProfSvc - ok
19:40:40.0053 0x058c  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] ProtectedStorage C:\Windows\system32\lsass.exe
19:40:40.0053 0x058c  ProtectedStorage - ok
19:40:40.0131 0x058c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:40:40.0131 0x058c  Psched - ok
19:40:40.0209 0x0694  Object required for P2P: [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax
19:40:40.0255 0x058c  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:40:40.0255 0x058c  PSI_SVC_2 - ok
19:40:40.0349 0x058c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:40:40.0380 0x058c  ql2300 - ok
19:40:40.0411 0x058c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:40:40.0411 0x058c  ql40xx - ok
19:40:40.0427 0x058c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
19:40:40.0443 0x058c  QWAVE - ok
19:40:40.0489 0x058c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:40:40.0489 0x058c  QWAVEdrv - ok
19:40:40.0552 0x058c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:40:40.0552 0x058c  RasAcd - ok
19:40:40.0614 0x058c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:40:40.0614 0x058c  RasAgileVpn - ok
19:40:40.0630 0x058c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
19:40:40.0630 0x058c  RasAuto - ok
19:40:40.0661 0x058c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:40:40.0661 0x058c  Rasl2tp - ok
19:40:40.0692 0x058c  [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan          C:\Windows\System32\rasmans.dll
19:40:40.0692 0x058c  RasMan - ok
19:40:40.0739 0x058c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:40:40.0739 0x058c  RasPppoe - ok
19:40:40.0801 0x058c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:40:40.0801 0x058c  RasSstp - ok
19:40:40.0895 0x058c  [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:40:40.0895 0x058c  rdbss - ok
19:40:40.0911 0x058c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:40:40.0911 0x058c  rdpbus - ok
19:40:40.0926 0x058c  [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:40:40.0926 0x058c  RDPCDD - ok
19:40:40.0989 0x058c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:40:40.0989 0x058c  RDPENCDD - ok
19:40:41.0051 0x058c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:40:41.0051 0x058c  RDPREFMP - ok
19:40:41.0145 0x058c  [ C5B8D47A4688DE9D335204EA757C2240, 2F646466120911B0CA0E331B4959A470E18DFD51C8FAAB69BE0461C31D52DBBE ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:40:41.0145 0x058c  RDPWD - ok
19:40:41.0191 0x058c  [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:40:41.0207 0x058c  rdyboost - ok
19:40:41.0238 0x058c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:40:41.0238 0x058c  RemoteAccess - ok
19:40:41.0301 0x058c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:40:41.0316 0x058c  RemoteRegistry - ok
19:40:41.0363 0x058c  rjaty - ok
19:40:41.0410 0x058c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:40:41.0410 0x058c  RpcEptMapper - ok
19:40:41.0441 0x058c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
19:40:41.0441 0x058c  RpcLocator - ok
19:40:41.0488 0x058c  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs           C:\Windows\system32\rpcss.dll
19:40:41.0503 0x058c  RpcSs - ok
19:40:41.0503 0x058c  Object required for P2P: [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs
19:40:43.0032 0x076c  Object required for P2P: [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP
19:40:44.0421 0x0200  Object required for P2P: [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation
19:40:45.0606 0x0764  Object required for P2P: [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc
19:40:46.0339 0x0080  Object send P2P result: true
19:40:47.0931 0x059c  Object required for P2P: [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy
19:40:48.0211 0x067c  Object send P2P result: true
19:40:57.0681 0x0598  Object send P2P result: true
19:40:57.0681 0x058c  Object send P2P result: true
19:40:57.0681 0x0598  Object required for P2P: [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS
19:40:57.0681 0x0694  Object send P2P result: true
19:40:57.0681 0x0694  Object required for P2P: [ 7FE4995528A7529A761875151EE3D512 ] FontCache
19:40:57.0759 0x058c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:40:57.0759 0x058c  rspndr - ok
19:40:57.0821 0x058c  [ 0340A381B920A6E68178B832889F33F8, 725B829D44AF88EBB404DA8E62679F0A412AF15EB5E5B2A60344A44E3BDA1B92 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
19:40:57.0837 0x058c  RSUSBSTOR - ok
19:40:57.0915 0x058c  [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
19:40:57.0930 0x058c  RTL8167 - ok
19:40:58.0008 0x058c  [ CFD6C307BF5DB3B339BE9F92B95433B9, BAD48DA6B8F35D5A7E1C513BEAAA5F89AC05105B4AA8AD6281D688F3DF63CAF9 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
19:40:58.0008 0x05f0  Object required for P2P: [ C858CB77C577780ECC456A892E7E7D0F ] pci
19:40:58.0040 0x058c  rtl8192se - ok
19:40:58.0055 0x058c  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] SamSs           C:\Windows\system32\lsass.exe
19:40:58.0055 0x058c  SamSs - ok
19:40:58.0102 0x058c  [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:40:58.0102 0x058c  sbp2port - ok
19:40:58.0149 0x058c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:40:58.0149 0x058c  SCardSvr - ok
19:40:58.0211 0x058c  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:40:58.0211 0x058c  scfilter - ok
19:40:58.0289 0x058c  [ DF1E5C82E4D09CF8105CC644980C4803, 36BB8402B29466CF1AE5BD56ED6CF6FE47DE162ADF04D44E2BCEA168CB0BD4D4 ] Schedule        C:\Windows\system32\schedsvc.dll
19:40:58.0305 0x058c  Schedule - ok
19:40:58.0461 0x058c  [ 43BB01FA6B3E6E4D4343BDEAB3EC56B7, 535B392580D77EEAED3647836A8567223D44A7ADD629BA457D117F3C584D7120 ] scores          C:\Windows\score.exe
19:40:58.0617 0x058c  scores - ok
19:40:58.0648 0x058c  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:40:58.0648 0x058c  SCPolicySvc - ok
19:40:58.0695 0x058c  [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:40:58.0710 0x058c  SDRSVC - ok
19:40:58.0788 0x058c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:40:58.0788 0x058c  secdrv - ok
19:40:58.0820 0x058c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
19:40:58.0820 0x058c  seclogon - ok
19:40:58.0835 0x058c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
19:40:58.0835 0x058c  SENS - ok
19:40:58.0882 0x058c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:40:58.0882 0x058c  SensrSvc - ok
19:40:58.0960 0x058c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:40:58.0960 0x058c  Serenum - ok
19:40:59.0007 0x058c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:40:59.0007 0x058c  Serial - ok
19:40:59.0069 0x058c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:40:59.0069 0x058c  sermouse - ok
19:40:59.0225 0x058c  [ A196F22AD8C0F724675C8385406B03E5, 2003CED05A336F7D84627C2C94F9AF7FAD5DC23AEA2FF7B31C6AB3F5E9B54E08 ] servervo        C:\Users\Emily\AppData\Roaming\VOPackage\VOsrv.exe
19:40:59.0225 0x058c  servervo - ok
19:40:59.0241 0x058c  [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv      C:\Windows\system32\sessenv.dll
19:40:59.0256 0x058c  SessionEnv - ok
19:40:59.0272 0x058c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:40:59.0272 0x058c  sffdisk - ok
19:40:59.0334 0x058c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:40:59.0334 0x058c  sffp_mmc - ok
19:40:59.0381 0x058c  [ A0708BBD07D245C06FF9DE549CA47185, 6A95ACD63A3E7CE6065D0A8B5C182C5B3F4540B8345AB5DCCBD3AC77E9D6CEAC ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:40:59.0381 0x058c  sffp_sd - ok
19:40:59.0428 0x058c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:40:59.0428 0x058c  sfloppy - ok
19:40:59.0459 0x058c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:40:59.0475 0x058c  SharedAccess - ok
19:40:59.0506 0x058c  [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:40:59.0506 0x058c  ShellHWDetection - ok
19:40:59.0568 0x058c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
19:40:59.0568 0x076c  Object send P2P result: true
19:40:59.0568 0x058c  sisagp - ok
19:40:59.0568 0x076c  Object required for P2P: [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT
19:40:59.0615 0x058c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:40:59.0615 0x058c  SiSRaid2 - ok
19:40:59.0646 0x058c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:40:59.0646 0x058c  SiSRaid4 - ok
19:40:59.0771 0x058c  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
19:40:59.0787 0x058c  SkypeUpdate - ok
19:40:59.0849 0x058c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:40:59.0849 0x058c  Smb - ok
19:40:59.0912 0x058c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:40:59.0912 0x058c  SNMPTRAP - ok
19:40:59.0927 0x058c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:40:59.0927 0x058c  spldr - ok
19:40:59.0958 0x058c  [ E17323B0AA9FB3FF9945731D736EDA2F, 65837FC6329A4B2B042B0CDB04F139CA14C2BD1EE0CDB2C7705431E9D97D0597 ] Spooler         C:\Windows\System32\spoolsv.exe
19:40:59.0974 0x058c  Spooler - ok
19:41:00.0005 0x058c  SPPD - ok
19:41:00.0177 0x058c  [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:41:00.0239 0x058c  sppsvc - ok
19:41:00.0286 0x058c  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:41:00.0286 0x058c  sppuinotify - ok
19:41:00.0333 0x058c  [ C4A027B8C0BD3FC0699F41FA5E9E0C87, A709BD7DDF0ACA5CF65B5A541FC6013FF86181138B86D1BF631E4BF5F4F2E266 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:41:00.0348 0x058c  srv - ok
19:41:00.0380 0x058c  [ 414BB592CAD8A79649D01F9D94318FB3, 093F52568B48E94B6C53F2E7F229416B8643DD9CEBB3E41601C64E932E3098F3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:41:00.0395 0x058c  srv2 - ok
19:41:00.0442 0x058c  [ FF207D67700AA18242AAF985D3E7D8F4, CFB36B6AA3D6915D23654FB11E848EC47DA8346F47151BE66967E51101FD4222 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:41:00.0442 0x058c  srvnet - ok
19:41:00.0458 0x058c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:41:00.0458 0x058c  SSDPSRV - ok
19:41:00.0520 0x058c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:41:00.0520 0x058c  SstpSvc - ok
19:41:00.0567 0x058c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:41:00.0567 0x058c  stexstor - ok
19:41:00.0645 0x058c  [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:41:00.0660 0x058c  StiSvc - ok
19:41:00.0692 0x058c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:41:00.0692 0x058c  swenum - ok
19:41:00.0723 0x058c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
19:41:00.0738 0x058c  swprv - ok
19:41:00.0785 0x058c  [ D776EB85A20696D9D43129CCF6E703E2, F4C16C6EE09DA173A8FE3FD85E3F81E68AB4FF66D996FA3CCC47989052DD69C2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:41:00.0801 0x058c  SynTP - ok
19:41:00.0848 0x058c  [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain         C:\Windows\system32\sysmain.dll
19:41:00.0879 0x058c  SysMain - ok
19:41:00.0894 0x058c  [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:41:00.0894 0x058c  TabletInputService - ok
19:41:00.0941 0x058c  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:41:00.0941 0x058c  TapiSrv - ok
19:41:00.0957 0x058c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
19:41:00.0972 0x058c  TBS - ok
19:41:01.0066 0x058c  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:41:01.0097 0x058c  Tcpip - ok
19:41:01.0144 0x058c  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:41:01.0175 0x058c  TCPIP6 - ok
19:41:01.0206 0x058c  [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:41:01.0222 0x058c  tcpipreg - ok
19:41:01.0253 0x058c  [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:41:01.0253 0x058c  TDPIPE - ok
19:41:01.0284 0x058c  [ 7156308896D34EA75A582F9A09E50C17, B5663B4035EE4D7957D2EDB4F9D3342806CB0E094D9661C6BD6AFC031160F176 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:41:01.0284 0x058c  TDTCP - ok
19:41:01.0316 0x058c  [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:41:01.0316 0x058c  tdx - ok
19:41:01.0331 0x058c  [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:41:01.0331 0x058c  TermDD - ok
19:41:01.0394 0x058c  [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService     C:\Windows\System32\termsrv.dll
19:41:01.0409 0x058c  TermService - ok
19:41:01.0425 0x058c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
19:41:01.0425 0x058c  Themes - ok
19:41:01.0440 0x058c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:41:01.0440 0x058c  THREADORDER - ok
19:41:01.0503 0x058c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
19:41:01.0503 0x058c  TrkWks - ok
19:41:01.0550 0x058c  [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:41:01.0550 0x058c  TrustedInstaller - ok
19:41:01.0581 0x058c  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:41:01.0581 0x058c  tssecsrv - ok
19:41:01.0690 0x058c  [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:41:01.0690 0x058c  tunnel - ok
19:41:01.0752 0x058c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:41:01.0752 0x058c  uagp35 - ok
19:41:01.0815 0x058c  [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:41:01.0830 0x058c  udfs - ok
19:41:01.0877 0x058c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:41:01.0877 0x058c  UI0Detect - ok
19:41:01.0955 0x058c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:41:01.0955 0x058c  uliagpkx - ok
19:41:02.0018 0x058c  [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:41:02.0018 0x058c  umbus - ok
19:41:02.0096 0x058c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:41:02.0096 0x058c  UmPass - ok
19:41:02.0283 0x058c  [ AF905F4966CFC8B973623AB150CD4B2B, E1BF0481A584C10AE4A927A01A1E6B76036C18FAF7AB38D9B78641F5808D9888 ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:41:02.0345 0x058c  UNS - ok
19:41:02.0392 0x058c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
19:41:02.0392 0x058c  upnphost - ok
19:41:02.0470 0x058c  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
19:41:02.0470 0x058c  USBAAPL - ok
19:41:02.0517 0x058c  [ C31AE588E403042632DC796CF09E30B0, 3EA64F9637D6F0AFC9DA70775AC6598828CB289BC1F7B028B3CC22878A443F30 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:41:02.0517 0x058c  usbccgp - ok
19:41:02.0595 0x058c  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:41:02.0595 0x058c  usbcir - ok
19:41:02.0642 0x058c  [ E4C436D914768CE965D5E659BA7EEBD8, 4FE0B360D2FE4C8B1D3FA5BD9A0E24CA6C186CD99B72EA58F6B669FABB0B1269 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:41:02.0642 0x058c  usbehci - ok
19:41:02.0688 0x058c  [ BDCD7156EC37448F08633FD899823620, 557A6E8B1CD43213FCCB247DEC9EEBC12F263DA13CFF72DEE724E830F7F22C33 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:41:02.0704 0x058c  usbhub - ok
19:41:02.0782 0x058c  [ EB2D819A639015253C871CDA09D91D58, E65757F3D162F26012BF9E16ECA0688BBCAE633AFFD1CE07083A3306376A4E82 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:41:02.0782 0x058c  usbohci - ok
19:41:02.0813 0x058c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:41:02.0813 0x058c  usbprint - ok
19:41:02.0844 0x058c  [ 1C4287739A93594E57E2A9E6A3ED7353, FCA7D01D7A699B2C3514FD30D534C9ABA975D4AC2543546D94BEB224834BCA54 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:41:02.0844 0x058c  USBSTOR - ok
19:41:02.0876 0x058c  [ 22480BF4E5A09192E5E30BA4DDE79FA4, E5CB29CD419009AC0F641E50E8B0E0B7FF6AD68ADB48A959FFD07A37FCF7B9BE ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:41:02.0876 0x058c  usbuhci - ok
19:41:02.0954 0x058c  [ B5F6A992D996282B7FAE7048E50AF83A, CE8A3096DB78BD7E660A7B544AD3EE25AE747B3A63359D55B480B7FF1B6BEE8B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:41:02.0969 0x058c  usbvideo - ok
19:41:03.0016 0x058c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
19:41:03.0016 0x058c  UxSms - ok
19:41:03.0047 0x058c  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] VaultSvc        C:\Windows\system32\lsass.exe
19:41:03.0047 0x058c  VaultSvc - ok
19:41:03.0094 0x058c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:41:03.0094 0x058c  vdrvroot - ok
19:41:03.0125 0x058c  [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds             C:\Windows\System32\vds.exe
19:41:03.0141 0x058c  vds - ok
19:41:03.0188 0x058c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:41:03.0188 0x058c  vga - ok
19:41:03.0219 0x058c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:41:03.0219 0x058c  VgaSave - ok
19:41:03.0266 0x058c  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:41:03.0266 0x058c  vhdmp - ok
19:41:03.0344 0x058c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
19:41:03.0344 0x058c  viaagp - ok
19:41:03.0375 0x058c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
19:41:03.0375 0x058c  ViaC7 - ok
19:41:03.0390 0x058c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:41:03.0390 0x058c  viaide - ok
19:41:03.0437 0x058c  [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:41:03.0437 0x058c  volmgr - ok
19:41:03.0468 0x058c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:41:03.0468 0x058c  volmgrx - ok
19:41:03.0515 0x058c  [ 59F06B4968E58BC83DFC56CA4517960E, F0ACE8D5F30B8C81E4FDE0CEBDBA71A212A3198ED09D92B2B40C48FBB243D3F5 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:41:03.0515 0x058c  volsnap - ok
19:41:03.0609 0x058c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:41:03.0609 0x058c  vsmraid - ok
19:41:03.0656 0x058c  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS             C:\Windows\system32\vssvc.exe
19:41:03.0687 0x058c  VSS - ok
19:41:03.0702 0x058c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:41:03.0702 0x058c  vwifibus - ok
19:41:03.0765 0x058c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:41:03.0780 0x058c  vwififlt - ok
19:41:03.0812 0x058c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
19:41:03.0827 0x058c  W32Time - ok
19:41:03.0874 0x058c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:41:03.0874 0x058c  WacomPen - ok
19:41:03.0936 0x058c  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:41:03.0936 0x058c  WANARP - ok
19:41:03.0936 0x058c  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:41:03.0952 0x058c  Wanarpv6 - ok
19:41:04.0030 0x058c  [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine        C:\Windows\system32\wbengine.exe
19:41:04.0061 0x058c  wbengine - ok
19:41:04.0124 0x058c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:41:04.0124 0x058c  WbioSrvc - ok
19:41:04.0170 0x058c  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6, 0805471A57DDF1974F3F7B36B0DD843731C608D10A1C00B01E6E9D0460098E1A ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:41:04.0170 0x058c  wcncsvc - ok
19:41:04.0202 0x058c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:41:04.0202 0x058c  WcsPlugInService - ok
19:41:04.0248 0x058c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:41:04.0248 0x058c  Wd - ok
19:41:04.0295 0x058c  [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:41:04.0311 0x058c  Wdf01000 - ok
19:41:04.0326 0x058c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:41:04.0342 0x058c  WdiServiceHost - ok
19:41:04.0358 0x058c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:41:04.0358 0x058c  WdiSystemHost - ok
19:41:04.0404 0x058c  [ BB5EC38F8D4600119B4720BC5D4211F1, F04F823A9FE77704F38D773C7350C71727C5E3309CD1EC754519C826A4599476 ] WebClient       C:\Windows\System32\webclnt.dll
19:41:04.0404 0x058c  WebClient - ok
19:41:04.0436 0x0200  Object send P2P result: false
19:41:04.0436 0x0200  Object required for P2P: [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc
19:41:04.0436 0x058c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:41:04.0451 0x058c  Wecsvc - ok
19:41:04.0498 0x058c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:41:04.0498 0x058c  wercplsupport - ok
19:41:04.0560 0x058c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
19:41:04.0560 0x058c  WerSvc - ok
19:41:04.0638 0x058c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:41:04.0638 0x058c  WfpLwf - ok
19:41:04.0685 0x058c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:41:04.0685 0x058c  WIMMount - ok
19:41:04.0794 0x058c  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:41:04.0810 0x058c  WinDefend - ok
19:41:04.0810 0x058c  WinHttpAutoProxySvc - ok
19:41:04.0872 0x058c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:41:04.0872 0x058c  Winmgmt - ok
19:41:04.0950 0x058c  [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM           C:\Windows\system32\WsmSvc.dll
19:41:04.0966 0x058c  WinRM - ok
19:41:05.0060 0x058c  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:41:05.0060 0x058c  WinUsb - ok
19:41:05.0153 0x058c  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C, 235C7A41425846EFE4966490EB7F72AA768B3FE1665843BF58520DDBD6822A74 ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe
19:41:05.0153 0x058c  WisLMSvc - ok
19:41:05.0200 0x058c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:41:05.0216 0x058c  Wlansvc - ok
19:41:05.0278 0x058c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:41:05.0278 0x058c  WmiAcpi - ok
19:41:05.0325 0x058c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:41:05.0325 0x058c  wmiApSrv - ok
19:41:05.0465 0x058c  [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:41:05.0481 0x058c  WMPNetworkSvc - ok
19:41:05.0512 0x058c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:41:05.0528 0x058c  WPCSvc - ok
19:41:05.0543 0x058c  [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:41:05.0559 0x058c  WPDBusEnum - ok
19:41:05.0637 0x0764  Object send P2P result: false
19:41:05.0637 0x0764  Object required for P2P: [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20
19:41:05.0637 0x058c  Wpm - ok
19:41:05.0684 0x058c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:41:05.0684 0x058c  ws2ifsl - ok
19:41:05.0715 0x058c  [ A661A76333057B383A06E65F0073222F, B25AEC2B668C61F2E1C6F7AD27706EE10F8B04F09B5D069784131A6B8B5DF570 ] wscsvc          C:\Windows\system32\wscsvc.dll
19:41:05.0715 0x058c  wscsvc - ok
19:41:05.0730 0x058c  WSearch - ok
19:41:05.0808 0x058c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:41:05.0855 0x058c  wuauserv - ok
19:41:05.0886 0x058c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:41:05.0886 0x058c  WudfPf - ok
19:41:05.0933 0x058c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:41:05.0933 0x058c  WUDFRd - ok
19:41:06.0011 0x058c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:41:06.0011 0x058c  wudfsvc - ok
19:41:06.0058 0x058c  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:41:06.0074 0x058c  WwanSvc - ok
19:41:06.0152 0x058c  [ 1F93FCB5BAB3A921ECBA522F63586F4A, 0340B73DBC953B50572666EC603E87F253B9CEB9B0489A441A6A2171A04595D8 ] X10Hid          C:\Windows\System32\Drivers\x10hid.sys
19:41:06.0152 0x058c  X10Hid - ok
19:41:06.0276 0x058c  [ 5A0C788C5BC5F2C993CB60940ADCF95E, FEEC158466040A6528E7FC8D33706B50D2F03479E0B62DF8F06B69A1A850A9FB ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
19:41:06.0276 0x058c  x10nets - ok
19:41:06.0339 0x058c  [ 378DC1B0B1F62A7488EE8D31A3C6E949, 8334CBC479797DC82551D38DFF1AEF5E41E4C6427D410C633DECC95C4FB84C0E ] XUIF            C:\Windows\System32\Drivers\x10ufx2.sys
19:41:06.0339 0x058c  XUIF - ok
19:41:06.0432 0x058c  [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8, 967B7FA83171485DA1EEF51DB2A21FD17DFB4846E1F700C83E516BD40A542DCA ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
19:41:06.0432 0x058c  Yontoo Desktop Updater - ok
19:41:06.0479 0x058c  ================ Scan global ===============================
19:41:06.0510 0x058c  [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
19:41:06.0557 0x058c  [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
19:41:06.0573 0x058c  [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
19:41:06.0604 0x058c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
19:41:06.0651 0x058c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
19:41:06.0651 0x058c  [ Global ] - ok
19:41:06.0666 0x058c  ================ Scan MBR ==================================
19:41:06.0666 0x058c  [ 7827CE22D5B6A2E3FA5111270DD20242 ] \Device\Harddisk0\DR0
19:41:07.0946 0x059c  Object send P2P result: false
19:41:07.0946 0x059c  Object required for P2P: [ 2226496E34BD40734946A054B1CD657F ] NlaSvc
19:41:09.0100 0x058c  \Device\Harddisk0\DR0 - ok
19:41:09.0100 0x058c  ================ Scan VBR ==================================
19:41:09.0100 0x058c  [ B0D5A8FBF3D19023AA16814C187EBAFB ] \Device\Harddisk0\DR0\Partition1
19:41:09.0100 0x058c  \Device\Harddisk0\DR0\Partition1 - ok
19:41:09.0100 0x058c  [ 94A25F0864972491B870D83B6C2142C2 ] \Device\Harddisk0\DR0\Partition2
19:41:09.0116 0x058c  \Device\Harddisk0\DR0\Partition2 - ok
19:41:09.0131 0x058c  [ E07850F3D6AF56E0D1116A7339A3B2DB ] \Device\Harddisk0\DR0\Partition3
19:41:09.0131 0x058c  \Device\Harddisk0\DR0\Partition3 - ok
19:41:09.0162 0x058c  ================ Scan generic autorun ======================
19:41:09.0552 0x058c  [ 1FF6220D9CBFAC929E62ADA893C9F357, 9117852465969A9B12D364CCF51A8026BC3D8BA5D2B82212CAF7157E2D577AB7 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
19:41:09.0880 0x058c  RtHDVCpl - ok
19:41:09.0958 0x058c  [ C8215BBCA8F3E0E2A1B18C9BB51C042B, EEF2C61178DE052EA4AD7CF0106439CA17B212BAF53A2D3FA4C0169A26A15E3B ] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
19:41:09.0989 0x058c  RtHDVBg - ok
19:41:10.0005 0x058c  [ 8D2851FC8807D456319C721AE3809824, 3AB40A5538C04CC536523E1AB890BBD4BA648134BB594B852EB8434DCE80632C ] C:\Program Files\Launch Manager\HotkeyApp.exe
19:41:10.0020 0x058c  HotkeyApp - ok
19:41:10.0052 0x058c  [ DFA1067EA4157BCCCFD48F052066A076, 5E5B60C20CFF1F3F9D45588B0E0AEB59C3F4C11089CCB52AA92890773BAA081F ] C:\Program Files\Launch Manager\OSD.exe
19:41:10.0067 0x058c  LMgrVolOSD - ok
19:41:10.0114 0x058c  [ 94D2739E7F421BC0EE0B32387B78B619, D7835E81FD08EBBFBDF44712D48CBF4311A89FF505ADD4DF4ECC46A2ECCD6F1B ] C:\Program Files\Launch Manager\Wbutton.exe
19:41:10.0130 0x058c  Wbutton - ok
19:41:10.0286 0x058c  [ B2D2DB4C716665691816C77557AD685C, F8B919FED0B4E979DC3F39578D59CFB2D984AFBDD67A6A4D850F71930C28016D ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
19:41:10.0317 0x058c  SynTPEnh - ok
19:41:10.0364 0x058c  [ 51C8885B6A00904C0252704C9FB0F43A, BF2F58E6697DB10F3D6FB3859FADC2CE1D3CDD318E487E02FDC2BE171AF6CA29 ] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
19:41:10.0364 0x058c  NUSB3MON - ok
19:41:10.0410 0x058c  [ 69CAF0A923235ABD9887ED9CB9553CA4, CCACFE2B0A3992DEA56D92EC03E7CCD3F9FDE4A3FE240C2B2CFAF1095108261D ] C:\Windows\system32\igfxtray.exe
19:41:10.0426 0x058c  IgfxTray - ok
19:41:10.0442 0x058c  [ BD42EF6D8566CA5E46563C0103FF1875, 1D1B19ECB98C89298CC347F3AB969BA1108A4DA10BD830CDA934A618F81BAF95 ] C:\Windows\system32\hkcmd.exe
19:41:10.0442 0x058c  HotKeysCmds - ok
19:41:10.0520 0x058c  [ 48584955B0CE8545BB31CF0D4459E525, D65DF3C4E1DE39DCF3AD3C48C2560C538CB2C47D6EE7E94BD15484214B186433 ] C:\Windows\system32\igfxpers.exe
19:41:10.0520 0x058c  Persistence - ok
19:41:10.0566 0x058c  [ F8DBB32041336A94C676E6B70F759993, 5DD10E2696616F18A88526B06899C1874243BF2BF674F19C86228B975BCD9C1E ] C:\Program Files\QuickTime\qttask.exe
19:41:10.0566 0x058c  QuickTime Task - ok
19:41:10.0722 0x058c  [ F99ACEE528FE94E1BB7CCB6EF0E0A47C, FB5096E6AD83ACAA362EF56F61BDA0BD831E09FCE49482A5E905F5BCDB4172BC ] C:\Program Files\Ask.com\Updater\Updater.exe
19:41:10.0754 0x058c  ApnUpdater - ok
19:41:10.0785 0x058c  MRT - ok
19:41:10.0847 0x058c  [ D267C1A121EB3B2772FE7B199008F2EF, BE9675B15EE21DC02022A695ED191B2ABC63ABC8164713ACDB34E06D1E692D85 ] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
19:41:10.0863 0x058c  tvjbmonitor - ok
19:41:10.0925 0x058c  [ 32133F73425463751C97FFD908AAF3DC, CB35F16442CEFC0026D2E68EAE15D32158F22C7D0E51D16A5D7A4FFF919C4E08 ] C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe
19:41:10.0925 0x058c  Malwarebytes Anti-Rootkit (cleanup) - ok
19:41:11.0034 0x058c  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
19:41:11.0066 0x058c  Sidebar - ok
19:41:11.0128 0x058c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
19:41:11.0128 0x058c  mctadmin - ok
19:41:11.0222 0x058c  [ 522D7C043890F3D27D56548871959D9C, 7D77AD83AF781336C5F30C073F99EA6669F27832A3198055B7432FE16CA3FC37 ] C:\Windows\Web\Wallpaper\MEDION\start.vbs
19:41:11.0222 0x058c  Screensaver - ok
19:41:11.0253 0x058c  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\sidebar.exe
19:41:11.0268 0x058c  Sidebar - ok
19:41:11.0300 0x058c  [ 5C42A1C410C1EA4D71B655D3B05D3181, 31D6C507D2220617D9789AF2B8A799C4E26E9C17A2F6429DB8AE4E96CE5CE360 ] C:\Windows\Speech\Common\sapisvr.exe
19:41:11.0315 0x058c  Speech Recognition - ok
19:41:11.0424 0x058c  [ 0C85B24C059C0614AA506D15C9A7978D, D0A66F2B3A72065F1ED323ABEC37EA02433B7CD566D01E6E8DC1E032C81BBD4D ] C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe
19:41:11.0424 0x058c  Yontoo Desktop - ok
19:41:12.0111 0x058c  [ 58920E6A409046BA06548D9D139CE0F0, 73FB33F5A76A3445C494482D520448EE02C0B1B7D3DD2E97BE3A9B15F89C5911 ] C:\Program Files\Skype\Phone\Skype.exe
19:41:12.0750 0x058c  Skype - ok
19:41:12.0782 0x058c  Waiting for KSN requests completion. In queue: 247
19:41:13.0796 0x058c  Waiting for KSN requests completion. In queue: 247
19:41:14.0810 0x058c  Waiting for KSN requests completion. In queue: 247
19:41:15.0824 0x058c  Waiting for KSN requests completion. In queue: 247
19:41:16.0838 0x058c  Waiting for KSN requests completion. In queue: 247
19:41:17.0696 0x0598  Object send P2P result: false
19:41:17.0727 0x0694  Object send P2P result: false
19:41:17.0727 0x0694  Object required for P2P: [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService
19:41:17.0852 0x058c  Waiting for KSN requests completion. In queue: 226
19:41:18.0039 0x05f0  Object send P2P result: false
19:41:18.0866 0x058c  Waiting for KSN requests completion. In queue: 209
19:41:19.0583 0x076c  Object send P2P result: false
19:41:19.0880 0x058c  Waiting for KSN requests completion. In queue: 199
19:41:20.0894 0x058c  Waiting for KSN requests completion. In queue: 199
19:41:21.0908 0x058c  Waiting for KSN requests completion. In queue: 199
19:41:22.0922 0x058c  Waiting for KSN requests completion. In queue: 199
19:41:23.0936 0x058c  Waiting for KSN requests completion. In queue: 199
19:41:24.0450 0x0200  Object send P2P result: false
19:41:24.0950 0x058c  Waiting for KSN requests completion. In queue: 192
19:41:25.0652 0x0764  Object send P2P result: false
19:41:25.0964 0x058c  Waiting for KSN requests completion. In queue: 175
19:41:26.0978 0x058c  Waiting for KSN requests completion. In queue: 175
19:41:27.0960 0x059c  Object send P2P result: false
19:41:27.0960 0x059c  Object required for P2P: [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy
19:41:27.0992 0x058c  Waiting for KSN requests completion. In queue: 172
19:41:29.0006 0x058c  Waiting for KSN requests completion. In queue: 172
19:41:30.0020 0x058c  Waiting for KSN requests completion. In queue: 36
19:41:31.0034 0x058c  Waiting for KSN requests completion. In queue: 36
19:41:32.0048 0x058c  Waiting for KSN requests completion. In queue: 36
19:41:33.0062 0x058c  Waiting for KSN requests completion. In queue: 36
19:41:34.0076 0x058c  Waiting for KSN requests completion. In queue: 15
19:41:35.0090 0x058c  Waiting for KSN requests completion. In queue: 15
19:41:36.0104 0x058c  Waiting for KSN requests completion. In queue: 15
19:41:36.0993 0x0694  Object send P2P result: true
19:41:36.0993 0x0694  Object required for P2P: [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus
19:41:37.0118 0x058c  Waiting for KSN requests completion. In queue: 14
19:41:38.0132 0x058c  Waiting for KSN requests completion. In queue: 14
19:41:39.0146 0x058c  Waiting for KSN requests completion. In queue: 14
19:41:40.0160 0x058c  Waiting for KSN requests completion. In queue: 14
19:41:40.0409 0x059c  Object send P2P result: true
19:41:41.0174 0x058c  Waiting for KSN requests completion. In queue: 3
19:41:42.0188 0x058c  Waiting for KSN requests completion. In queue: 3
19:41:43.0202 0x058c  Waiting for KSN requests completion. In queue: 3
19:41:44.0216 0x058c  Waiting for KSN requests completion. In queue: 3
19:41:45.0230 0x058c  Waiting for KSN requests completion. In queue: 3
19:41:46.0244 0x058c  Waiting for KSN requests completion. In queue: 3
19:41:47.0258 0x058c  Waiting for KSN requests completion. In queue: 3
19:41:48.0272 0x058c  Waiting for KSN requests completion. In queue: 3
19:41:48.0365 0x0694  Object send P2P result: true
19:41:49.0520 0x058c  Win FW state via NFP2: enabled
19:41:59.0348 0x058c  ============================================================
19:41:59.0348 0x058c  Scan finished
19:41:59.0348 0x058c  ============================================================
19:41:59.0348 0x0688  Detected object count: 0
19:41:59.0348 0x0688  Actual detected object count: 0
         
LG Nailimixam

Alt 07.02.2015, 21:54   #7
sunjojo
/// Malwareteam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Na also, das sieht doch schonmal besser aus. Aber meine Vermutungen haben sie bestätigt. Du hattest dir ein Rootkit und einen Bankingtrojaner eingefangen (als Hauptproblem).

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.
Teile mir also mit, wie du dich entschieden hast.

Wenn du dich für eine weitere Bereinigung (und nochmal: wir haben gute Chancen den Rechner wieder sauber zu bekommen) entscheidest, solltest du auf jeden Fall am Ende der Bereinigung deine Passwörter ändern oder jetzt schon von einem anderen Rechner, bei dem du dir sicher bist, dass er ohne Malware ist. Des weiteren solltest du nichts weiter am Rechner machen.

Probiere im normalen Modus zu starten. Falls das ohne Probleme funktioniert, führe direkt Schritt 1 aus. Wenn die explorer.exe wieder abstürzt, versuche über den Taskmanager die explorer.exe manuell zu starten. Dafür öffnest du den Taskmanager -> Neuer Task ... -> und gibts einfach explorer.exe ein. Falls diese sofort wieder abstürzt, wechsle wieder in den abgesicherten Modus mit Netzwerktreibern und führe folgenden Schritt aus:


Schritt 1
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.


Poste folgende Logfiles in deiner nächsten Antwort:
  • FRST.txt
__________________
Gruß,

Jonas

Alt 08.02.2015, 12:46   #8
Nailimixam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Hey Jonas,
Also ich hätte kein Problem mit dem Fortfahren der Bereinigung, da ich noch nie Onlinebanking mit diesem PC gemacht habe (wegen der ganzen Werbung) und alle meine Daten eh schon gesichert habe und auch keine "sensiblen" Daten hier gespeichert habe.
Eine Neuinstallation käme mir sogar ganz recht, da ich eh mal meine ganzen alten Programme entfernt haben wollte und nochmal alles neu einstellen wollte.
Internet Explorer und Firefox funktionieren im normalen Modus.

Hier ist der FRST log:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Emily (administrator) on EMILY-PC on 08-02-2015 12:36:04
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\score.exe
() C:\Users\Emily\AppData\Roaming\VOPackage\VOsrv.exe
(app) C:\Program Files\Browsers Apps\4503c635-3e57-4083-ab3f-d96f93597eb9.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Microsoft) C:\Program Files\Yontoo\Y2Desktop.Updater.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
(Systweak) C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Yontoo LLC) C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
Failed to access process -> WMIADAP.exe
(Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-04-28] (Apple Computer, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [96303304 2014-08-15] (Microsoft Corporation)
HKLM\...\Run: [tvjbmonitor] => C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [53248 2006-12-26] ()
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1757648 2014-02-08] (APN)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Yontoo Desktop] => C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-02-02] (Yontoo LLC)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro 3.38\OptProLauncher.exe [148024 2015-02-02] (PC Utilities Software Limited)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-08-22] (Microsoft Corporation)
Startup: C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
ShortcutTarget: setup.lnk -> C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}\setup.exe (PC Utilities Software Limited)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.calcitapp.info/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=1E6B00262DC151E5&affID=119357&tsp=5019
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402691963&from=wpm0612&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0100161247274674&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=58&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DB5647D9A3684441AA70332AE49C6722 URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0100161247274674&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=58&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1E6B00262DC151E5&affID=119357&tsp=5019
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407142894&from=tugs&uid=SAMSUNGXHM641JI_S2BEJDRZ802869&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {4EEBDE03-4A52-43BC-A88B-B93E1A516942} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647959&src=kw&q={searchTerms}&locale=&apn_ptnrs=^8Q&apn_dtid=^YYYYYY^YY^DE&apn_uid=cabddbfa-b761-46ae-9501-77a247c4e860&apn_sauid=A0B9820A-406E-4682-A081-17EC3CD212F6
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: RegULArDeeaals -> {A63F6A27-6960-FFE7-5313-A90C10BAD43D} -> C:\ProgramData\RegULArDeeaals\2Ki.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual DJ Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\AskPartnerNetwork\Toolbar\VDJ\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
BHO: cosstminn -> {F0957C89-1479-61BB-1BCF-C64ED7C8EDC8} -> C:\Program Files\cosstminn\Znza9uVUEX.dll ()
Toolbar: HKLM - Virtual DJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\AskPartnerNetwork\Toolbar\VDJ\Passport.dll (APN LLC.)
Toolbar: HKU\.DEFAULT -> Virtual DJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\AskPartnerNetwork\Toolbar\VDJ\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB
FF DefaultSearchEngine: Trovi search
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M8B3EBCF0-BAA5-43B8-B948-2C69263B8CEC&SearchSource=55&CUI=&UM=2&UP=SP790D4A11-CE81-431E-8CDB-ACC2CFB691EB&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/O1DPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml
FF Extension: Re-markit - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 [2013-11-15]
FF Extension: Fast Start - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\faststartff@gmail.com [2014-08-04]
FF Extension: Delta Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\ffxtlbr@delta.com [2013-09-25]
FF Extension: Browsers Apps - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\herman.thorne45@outlook.com [2015-02-08]
FF Extension: No Name - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com [2013-11-15]
FF Extension: shortcut - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\shortcutff@gmail.com [2014-08-04]
FF Extension: Plus-HD-1.3c - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com [2015-02-07]
FF Extension: Search-Results Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2013-02-01]
FF Extension: Iminent - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\firefoxmini@go.im.xpi [2014-08-12]
FF Extension: superfish - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\jid1-tce47bzfSrBDXQ@jetpack.xpi [2014-08-15]
FF Extension: PricePeep - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com.xpi [2013-11-05]
FF Extension: Virtual DJ Toolbar - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\toolbar@ask.com.xpi [2014-02-14]
FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\shortcutff@gmail.com
FF HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Re-\x6d\x61rkit) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel [2013-11-15]
CHR Extension: (No Name) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg [2014-08-04]
CHR Extension: (No Name) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2013-09-28]
CHR HKLM\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Emily\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx [2013-06-11]
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Emily\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-25]
CHR HKLM\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\Emily\AppData\Roaming\zulagames\zulagames.crx [2013-07-01]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 8df1bcd0; c:\Program Files\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-08] ()
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-08] (APN LLC.)
S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-28] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-28] (BonanzaDeals)
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-04] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [761968 2014-06-12] (Cherished Technololgy LIMITED)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
R2 scores; C:\Windows\score.exe [4816384 2014-07-30] () [File not signed]
R2 servervo; C:\Users\Emily\AppData\Roaming\VOPackage\VOsrv.exe [73728 2014-08-04] () [File not signed] <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [540304 2014-06-11] (Cherished Technololgy LIMITED)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
R2 Yontoo Desktop Updater; C:\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-02-02] (Yontoo LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech                  )
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2010-07-26] (NVIDIA Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 a2dda; \??\C:\Users\Emily\Desktop\MBRMastr.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Emily\AppData\Local\Temp\catchme.sys [X]
S1 cbbjpzjo; \??\C:\Windows\system32\drivers\cbbjpzjo.sys [X]
S0 rjaty; System32\drivers\imofugc.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 12:38 - 2015-02-08 12:38 - 00000000 ____D () C:\Windows\system32\SPReview
2015-02-08 12:37 - 2015-02-08 12:37 - 00000000 ____D () C:\9bcd6e346a1d0ed7c539f55b
2015-02-08 12:33 - 2015-02-08 12:33 - 00001065 _____ () C:\Users\Emily\Desktop\Optimizer Pro.lnk
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Optimizer Pro
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\ProgramData\APN
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.38
2015-02-08 12:33 - 2015-02-08 12:33 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2015-02-08 12:32 - 2015-02-08 12:32 - 00000000 ____D () C:\Users\Public\E3B468852C874837A8B554A1FA9071D5
2015-02-07 19:09 - 2015-02-07 19:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Emily\Desktop\tdsskiller.exe
2015-02-07 17:29 - 2015-02-08 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-07 17:29 - 2015-02-07 17:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 17:29 - 2015-02-07 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 17:27 - 2015-02-07 19:47 - 00000000 ____D () C:\Users\Emily\Desktop\mbar
2015-02-07 17:27 - 2015-02-07 17:53 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 17:24 - 2015-02-07 17:24 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Emily\Desktop\mbar-1.08.3.1004.exe
2015-02-07 12:21 - 2015-02-07 12:21 - 00158779 _____ () C:\Users\Emily\Desktop\Combofix.txt
2015-02-07 12:03 - 2015-02-07 12:03 - 00158779 _____ () C:\ComboFix.txt
2015-02-07 11:58 - 2015-02-07 11:58 - 00141616 _____ () C:\Windows\Minidump\020715-19718-01.dmp
2015-02-07 11:36 - 2015-02-07 12:03 - 00000000 ____D () C:\Qoobox
2015-02-07 11:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-07 11:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-07 11:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-07 11:35 - 2015-02-07 12:03 - 00000000 ____D () C:\Windows\erdnt
2015-02-07 11:35 - 2015-02-07 11:35 - 05611380 ____R (Swearware) C:\Users\Emily\Desktop\ComboFix.exe
2015-02-07 11:34 - 2015-02-07 11:35 - 05611380 _____ (Swearware) C:\Users\Emily\Downloads\ComboFix.exe
2015-02-07 11:33 - 2015-02-07 11:33 - 00788728 _____ (Emsisoft GmbH) C:\Users\Emily\Downloads\mbrmastr.exe
2015-02-07 11:33 - 2015-02-07 11:33 - 00017904 _____ (Emsi Software GmbH) C:\Users\Emily\Downloads\MBRMastr.sys
2015-02-06 23:13 - 2015-02-07 11:58 - 300521773 _____ () C:\Windows\MEMORY.DMP
2015-02-06 23:13 - 2015-02-07 11:58 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 23:13 - 2015-02-06 23:13 - 00141616 _____ () C:\Windows\Minidump\020615-23010-01.dmp
2015-02-06 22:48 - 2015-02-06 22:48 - 00003003 _____ () C:\Users\Emily\Desktop\gmer.txt
2015-02-06 22:34 - 2015-02-06 22:34 - 00043603 _____ () C:\Users\Emily\Desktop\Addition.txt
2015-02-06 22:33 - 2015-02-08 12:36 - 00000000 ____D () C:\FRST
2015-02-06 22:32 - 2015-02-06 22:33 - 00000000 ___RD () C:\Users\Emily\Desktop\Emilys Programme
2015-02-06 22:30 - 2015-02-06 22:30 - 00000472 _____ () C:\Users\Emily\Desktop\defogger_disable.log
2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 _____ () C:\Users\Emily\defogger_reenable
2015-02-06 22:01 - 2015-02-06 22:01 - 00000000 ____D () C:\Program Files\WaIntEnhance
2015-02-06 21:19 - 2015-02-06 22:58 - 00000000 ____D () C:\689882de6eaabdefc8
2015-02-06 20:07 - 2015-02-06 20:07 - 00000000 ____D () C:\ProgramData\Systweak
2015-02-06 19:58 - 2015-02-08 12:36 - 00000000 ____D () C:\Users\Emily\Desktop\AntiVirus Programme
2015-02-06 19:54 - 2015-02-06 19:54 - 00000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:52 - 2015-02-06 19:52 - 00009736 ____N () C:\bootsqm.dat
2015-02-06 19:51 - 2015-02-06 19:51 - 00000000 ____D () C:\found.000
2015-02-06 19:46 - 2015-02-06 19:46 - 00000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}
2015-02-06 19:45 - 2015-02-06 19:45 - 00000000 ____D () C:\Users\Emily\AppData\Local\SearchProtect
2015-02-05 19:40 - 2015-02-05 19:40 - 00000000 ____D () C:\Program Files\VS Revo Group

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 12:38 - 2011-04-28 20:27 - 01679154 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 12:35 - 2010-07-06 21:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 12:34 - 2013-08-06 16:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Skype
2015-02-08 12:32 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-08 11:32 - 2013-02-25 14:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Yontoo
2015-02-08 11:30 - 2014-08-04 10:04 - 00002066 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-4.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00003110 _____ () C:\Windows\Tasks\630346e9-1d7d-4aa1-b264-7e5276cba78a.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00002082 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5_user.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00002082 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-5.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00001582 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-1.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00001360 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-2.job
2015-02-08 11:29 - 2014-08-04 10:04 - 00001284 _____ () C:\Windows\Tasks\4503c635-3e57-4083-ab3f-d96f93597eb9.job
2015-02-08 11:29 - 2014-08-04 10:03 - 00003792 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-11.job
2015-02-08 11:29 - 2014-08-04 10:03 - 00003110 _____ () C:\Windows\Tasks\6b1b9178-2152-4f31-89ec-d1c64de256da-3.job
2015-02-08 11:29 - 2014-08-04 10:03 - 00000874 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-08 11:29 - 2013-11-15 18:24 - 00001284 _____ () C:\Windows\Tasks\Plus-HD-1.3-updater.job
2015-02-08 11:29 - 2013-11-15 18:24 - 00001086 _____ () C:\Windows\Tasks\Plus-HD-1.3-enabler.job
2015-02-08 11:29 - 2013-11-15 18:23 - 00001186 _____ () C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2015-02-08 11:29 - 2013-11-15 18:22 - 00001882 _____ () C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2015-02-08 11:29 - 2013-11-15 18:22 - 00001806 _____ () C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
2015-02-08 11:29 - 2013-11-15 18:22 - 00000328 _____ () C:\Windows\Tasks\dsmonitor.job
2015-02-08 11:29 - 2013-09-28 14:20 - 00000908 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2015-02-08 11:29 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 11:29 - 2009-07-14 05:39 - 00088922 _____ () C:\Windows\setupact.log
2015-02-07 17:49 - 2010-07-07 19:31 - 00048408 _____ () C:\Windows\PFRO.log
2015-02-07 17:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Globalization
2015-02-07 17:41 - 2014-08-19 19:21 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Qaoxxie
2015-02-07 17:41 - 2014-08-19 19:15 - 00000000 ____D () C:\ProgramData\AqjiJzed
2015-02-07 17:41 - 2014-08-12 10:57 - 00000000 ____D () C:\Program Files\Supporter
2015-02-07 12:07 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\mozilla firefox
2015-02-07 11:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-07 11:52 - 2009-07-14 03:03 - 59768832 _____ () C:\Windows\system32\config\software.bak
2015-02-07 11:52 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-07 11:51 - 2009-07-14 03:03 - 17563648 _____ () C:\Windows\system32\config\system.bak
2015-02-07 11:51 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2015-02-07 11:49 - 2014-08-04 10:00 - 00000000 ____D () C:\Program Files\Probit Software
2015-02-07 11:49 - 2013-02-01 20:34 - 00000000 ____D () C:\Program Files\Search Results Toolbar
2015-02-07 11:47 - 2014-06-13 21:39 - 00000000 ____D () C:\Program Files\SupTab
2015-02-07 11:47 - 2013-09-25 16:37 - 00000000 ____D () C:\Program Files\Zula Games
2015-02-07 11:47 - 2013-09-25 16:37 - 00000000 ____D () C:\Program Files\Speed Analysis 2
2015-02-07 11:26 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-06 22:58 - 2014-09-05 14:58 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\InetStat
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2015-02-06 22:58 - 2014-08-04 10:02 - 00000000 ____D () C:\Program Files\PepperZip
2015-02-06 22:58 - 2014-06-13 21:40 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\337Games
2015-02-06 22:58 - 2014-03-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.0
2015-02-06 22:58 - 2013-11-15 18:21 - 00000000 ____D () C:\Program Files\Plus-HD-1.3
2015-02-06 22:58 - 2013-11-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2015-02-06 22:58 - 2013-11-15 17:19 - 00000000 ____D () C:\Program Files\Advanced System Protector
2015-02-06 22:58 - 2013-09-28 14:19 - 00000000 ____D () C:\Program Files\BonanzaDeals
2015-02-06 22:58 - 2013-09-25 16:39 - 00000000 ____D () C:\Program Files\77zip
2015-02-06 22:58 - 2013-08-04 15:10 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\.minecraft
2015-02-06 22:58 - 2013-05-11 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
2015-02-06 22:58 - 2013-02-25 14:01 - 00000000 ____D () C:\Program Files\Yontoo
2015-02-06 22:58 - 2013-02-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fessie
2015-02-06 22:58 - 2012-11-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-02-06 22:58 - 2010-08-09 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-06 22:58 - 2010-08-09 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack
2015-02-06 22:58 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-06 22:57 - 2013-11-15 17:18 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Systweak
2015-02-06 22:54 - 2011-11-06 17:20 - 00000000 ____D () C:\Program Files\Purplehills
2015-02-06 22:54 - 2011-04-28 22:44 - 00000000 ____D () C:\Program Files\Trend
2015-02-06 22:54 - 2011-04-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
2015-02-06 22:54 - 2010-08-09 13:53 - 00000000 ____D () C:\Program Files\Realtek
2015-02-06 22:53 - 2013-05-11 08:35 - 00000000 ____D () C:\Program Files\LEGO Media
2015-02-06 22:53 - 2012-01-11 17:55 - 00000000 ___RD () C:\MSOCache
2015-02-06 22:53 - 2011-04-28 22:31 - 00000000 ____D () C:\Program Files\Disney Interactive Studios
2015-02-06 22:53 - 2010-08-09 13:13 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-06 22:53 - 2010-08-09 13:11 - 00000000 ____D () C:\Program Files\Medion MediaPack
2015-02-06 22:30 - 2011-04-28 20:33 - 00000000 ____D () C:\Users\Emily
2015-02-06 22:00 - 2014-05-02 15:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-02-06 21:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-06 21:39 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 21:39 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 20:29 - 2010-08-09 13:53 - 00000000 ___HD () C:\Program Files\Temp

==================== Files in the root of some directories =======

2014-08-04 11:14 - 2014-08-04 11:14 - 0000314 _____ () C:\Users\Emily\AppData\Roaming\aps.uninstall.scan.results
2013-09-25 16:37 - 2013-09-25 16:36 - 0030894 _____ () C:\Users\Emily\AppData\Roaming\speedanalysis.ico
2011-06-18 18:20 - 2011-06-18 18:20 - 0018392 _____ () C:\Users\Emily\AppData\Roaming\UserTile.png
2013-09-28 16:08 - 2014-08-22 21:24 - 0000182 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2014-01-03 18:58 - 2014-01-03 18:58 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-09-28 16:08 - 2014-02-01 15:57 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-TTL.DAT
2014-08-19 20:10 - 2014-08-19 20:10 - 0007605 _____ () C:\Users\Emily\AppData\Local\Resmon.ResmonCfg
2015-02-06 19:54 - 2015-02-06 19:54 - 0000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:46 - 2015-02-06 19:46 - 0000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}

Some content of TEMP:
====================
C:\Users\Emily\AppData\Local\temp\optprosetup.exe
C:\Users\Emily\AppData\Local\temp\setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-30 06:23

==================== End Of Log ============================
         
--- --- ---



LG Nailimixam

Geändert von Nailimixam (08.02.2015 um 12:56 Uhr)

Alt 08.02.2015, 14:49   #9
sunjojo
/// Malwareteam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Ok, alles klar, dann machen wir weiter mit der Bereinigung . Wir kümmern uns jetzt um die ganze Werbung und die unnötigen Programme auf deinem Rechner.


Schritt 1
Bitte deinstalliere folgende Programme:
  • 337 GAMES
  • Advanced System Protector
  • Ask Toolbar
  • Bonanza Deals (remove only)
  • Browsers Apps
  • cosstminn
  • Delta Chrome Toolbar
  • Delta toolbar
  • iLivid
  • NewPlayer
  • PepperZip 1.0
  • Plus-HD-1.3
  • PricePeep
  • RegULArDeeaals
  • Remote Desktop Access (VuuPC)
  • Search Protect
  • Search-Results Toolbar
  • Speed Analysis 2
  • Supporter 1.80
  • SupTab
  • webssearches uninstall
  • Yontoo 2.04
Gehe dafür auf:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Software
Windows Vista/7: Start -> Systemsteuerung -> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) -> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)
und wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8).

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Starte noch einmal FRST.
  • Setze einen Haken bei Addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.


Poste folgende Logfiles in deiner nächsten Antwort:
  • AdwCleaner[Sx].txt
  • mbam.txt
  • FRST.txt und Addition.txt
__________________
Gruß,

Jonas

Alt 09.02.2015, 20:14   #10
Nailimixam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Hey Jonas,
Hier die gewünschten Files:
AdwCleaner.txt:
Code:
ATTFilter
# AdwCleaner v4.110 - Bericht erstellt 08/02/2015 um 20:19:14
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium  (x86)
# Benutzername : Emily - EMILY-PC
# Gestarted von : C:\Users\Emily\Desktop\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : APNMCP
[#] Dienst Gelöscht : bonanzadealslive
[#] Dienst Gelöscht : bonanzadealslivem
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : IePluginServices
Dienst Gelöscht : Scores
[#] Dienst Gelöscht : SPPD
Dienst Gelöscht : Wpm
Dienst Gelöscht : Yontoo Desktop Updater

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\wincert
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\cosstminn
Ordner Gelöscht : C:\ProgramData\RegULArDeeaals
Ordner Gelöscht : C:\ProgramData\f37bce10b200aa81
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Ordner Gelöscht : C:\Program Files\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files\BonanzaDeals
Ordner Gelöscht : C:\Program Files\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\Program Files\predm
Ordner Gelöscht : C:\Program Files\Probit Software
Ordner Gelöscht : C:\Program Files\Search Results Toolbar
Ordner Gelöscht : C:\Program Files\Speed Analysis 2
Ordner Gelöscht : C:\Program Files\supporter
Ordner Gelöscht : C:\Program Files\SupTab
Ordner Gelöscht : C:\Program Files\Uniblue
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\Program Files\77zip
Ordner Gelöscht : C:\Program Files\cosstminn
Ordner Gelöscht : C:\Program Files\RegULArDeeaals
Ordner Gelöscht : C:\Program Files\Browsers Apps
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Emily\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Emily\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Emily\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Emily\AppData\Local\torch
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Genesis_08040900
Ordner Gelöscht : C:\Users\Emily\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Emily\AppData\LocalLow\Feven 1.5
Ordner Gelöscht : C:\Users\Emily\AppData\LocalLow\ilividtoolbarguid
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\0D0S1L2Z1P1B
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\337Games
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Probit Software
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\SpeedAnalysis2
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Yontoo
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\zulagames
Ordner Gelöscht : C:\Users\Emily\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\torch
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\faststartff@gmail.com
[!] Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\firefoxmini@go.im.xpi
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com
[!] Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\pricepeep@getpricepeep.com.xpi
Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\shortcutff@gmail.com
[!] Ordner Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\toolbar@ask.com.xpi
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg
Ordner Gelöscht : C:\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\toolbar@ask.com.xpi
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\firefoxmini@go.im.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\score.exe
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\speedanalysis.ico
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
Datei Gelöscht : C:\Users\Emily\Desktop\Optimizer Pro.lnk
Datei Gelöscht : C:\Users\UpdatusUser\Desktop\NewPlayer.lnk
Datei Gelöscht : C:\Users\UpdatusUser\Desktop\PepperZip.lnk
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\invalidprefs.js
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\delta.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\delta-homes.xml
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\searchplugins\trovi-search.xml

***** [ Geplante Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : BitGuard
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineCore
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineUA
Task Gelöscht : DigitalSite
Task Gelöscht : dsmonitor
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : 4503c635-3e57-4083-ab3f-d96f93597eb9
Task Gelöscht : 630346e9-1d7d-4aa1-b264-7e5276cba78a
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-1
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-11
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-2
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-3
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-4
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-5
Task Gelöscht : 6b1b9178-2152-4f31-89ec-d1c64de256da-5_user

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Emily\Desktop\Emilys Programme\Internet.lnk
Verknüpfung Desinfiziert : C:\Users\Emily\Desktop\Emilys Programme\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Emily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Emily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Emily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [shortcutff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.BackgroundHostObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.BackgroundHostObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.Navbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.Navbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zula Games.Tool.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RegularDealS.RegularDealS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RegularDealS.RegularDealS.7.2
Schlüssel Gelöscht : HKCU\Software\5a53d88bb36fbd44
Schlüssel Gelöscht : HKLM\SOFTWARE\5a53d88bb36fbd44
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0061787.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0061787.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0061787.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A63F6A27-6960-FFE7-5313-A90C10BAD43D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172287}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125557}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176687}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BB30FEA7-5866-406A-B47D-FB69E1AF8FD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A63F6A27-6960-FFE7-5313-A90C10BAD43D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A63F6A27-6960-FFE7-5313-A90C10BAD43D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A63F6A27-6960-FFE7-5313-A90C10BAD43D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45b4500a-39d4-4ebc-9962-0545df943550}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8dd9758c-0b65-462d-9a44-0cf3f531b65e}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DB5647D9A3684441AA70332AE49C6722
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4EEBDE03-4A52-43BC-A88B-B93E1A516942}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\Conduit
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\FreeSoftToday
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\ilividtoolbarguid
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\usyndication.com
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\Easy Speed Check
Schlüssel Gelöscht : HKCU\Software\USyndication
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Browsers Apps
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PricePeep
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re-Markable
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\aartemisSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\SOFTWARE\Browsers Apps
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\delta-homesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\do-searchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\iLividSRTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\NewPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\webssearchesSoftware
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsers Apps
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\77zip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\do-search.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getwebcake.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchgol.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16476

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (de)

[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.5CKUJzh324.url", "hxxp://webterminall.in/sync2/?q=hfZ9oehUBeCHtNbPhd98rdkEtMqLDe49CNU0mwkMCMlNhd9Fqda5rjUFpds9qjkMBzqUojw9rdYGrTsErTn8qih7hfs0pihPBMn0qTn6rTg4qja4qGhHC7n0rHY6rTn4[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119556&babsrc=NT_ss&mntrId=1e6b7ca500000000000000262dc151e5");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.VDJ.InstallDir", "\"C:\\\\Program Files\\\\Ask.com\\\\\"");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.VDJ.domain", "\"www.search.ask.com\"");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.VDJ.hpr_ff", "\"hxxp://www.search.ask.com/?l=dis&o=41647959&gct=hp\"");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.VDJ.hpr_ie", "\"hxxp://www.search.ask.com/?l=dis&o=41647959&gct=hp\"");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aUNGEDRJW444405LS70886362com62034.62034.internaldb.__ICM_DOWNLOADS__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22ant[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aUNGEDRJW444405LS70886362com62034.62034.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthropo[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aUNGEDRJW444405LS70886362com62034.62034.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22optionweb.com%22%2C%22pctool[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aUNGEDRJW444405LS70886362com62034.62034.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.ahermanthorne45outlookcom61787.61787.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthropolog[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.ahermanthorne45outlookcom61787.61787.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22optionweb.com%22%2C%22pctools.c[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.ahermanthorne45outlookcom61787.61787.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%2[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "1425ccb13f1d0aa3b57aea8cc57951a4");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.admin", false);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.aflt", "babsst");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.bbDpng", "8");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.cntry", "DE");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.dfltLng", "de");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.excTlbr", false);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.hdrMd5", "90FF83F56705D71C495128BD82D05FAF");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.id", "1e6b7ca500000000000000262dc151e5");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.instlDay", "15976");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.instlRef", "sst");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.24.615:20:26");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.newTab", false);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.prdct", "delta");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.rvrt", "false");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.sg", "azb");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.smplGrp", "azb");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.tlbrId", "base");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.615:20:26");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.babExt", "");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=5019");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledAddons", "pricepeep%40getpricepeep.com:2.2.0.4,shortcutff%40gmail.com:1.6.0,faststartff%40gmail.com:4.3.0,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.12,firefoxmini%4[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.installId", "c1bb0691-71c5-47cd-9b3a-9530dc74b7b8");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.LayoutId", "1");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0.00339711,\"s\":0,\"es\":3}");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.adapters", "{\"australianbrewingcompany\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"expireTime\":\"1386689055141259200\"},\"systweak\":{\"CountryCode\":\"DE\",\"NoAds\"[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"urlhxxps\[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrDCt8K4wrfCsMKywrHCtsKx\",\"raw_pkgid\":\"169613070\"}");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "[{\"ALERT_MESSAGES\":1,\"Analytics_code\":\"\",\"APPROVE_STRIP_COLOR\":\"4BBA42    \",\"CHARITY_URL\":\"hxxp://iminent.donation-tools.org[...]
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCt8K4wrfCsMKywrHCtsKx");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.registerToolbarEvent101", "1400167150932");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.registerToolbarEvent102", "1400167183859");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts1", "1399570857046");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts13", "1423420152471");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts14", "1423304860998");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts15", "1423304860788");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts16", "1423420135236");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts2", "1399570857156");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts3", "1399570857427");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts4", "1402590586856");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts6", "1408471717351");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts7", "1408472359657");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts8", "1405518299039");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackExternalScripts9", "1423304860101");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.version", "9.6.2.1");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"9.6.2.1\",\"InstallEventCTime\":1423420096731,\"InstallEvent\":\"True\"}");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1369839517075");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1369834640587");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1370272634962");
[o792a2zw.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1369839013014");

-\\ Google Chrome v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [51572 Bytes] - [08/02/2015 20:17:02]
AdwCleaner[S0].txt - [51733 Bytes] - [08/02/2015 20:19:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [51793  Bytes] ##########
         
mbam.txt:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.02.2015
Suchlauf-Zeit: 18:20:30
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.09.08
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: Emily

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 419371
Verstrichene Zeit: 9 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.OptimizerPro, C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}\setup.exe, 4036, Löschen bei Neustart, [e587b7657119b6803e679b7f7092e11f]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 14
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [a6c633e9c2c8f442258dbe48cc37a55b], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [a6c633e9c2c8f442258dbe48cc37a55b], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE681A67-9477-CBE6-EB9D-FE534875F98D}, In Quarantäne, [f17be339e6a4de5803fe38cac34001ff], 
PUP.Optional.Zulagames.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{11577C71-9E04-4A42-ACC5-9C7F240BF4FE}, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2A16BB3D-56EA-472B-A8E8-7BB49ABDB37D}, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, HKLM\SOFTWARE\CLASSES\CLSID\{D2C54F93-A898-437F-AE89-7BDD918954A5}, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1B0DA3F5-D96D-483D-8BEF-224BA1B67620}, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Zula Games, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WaIntEnhance, In Quarantäne, [373527f547430531b13f4345f013d828], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [bfade735e1a9f83ec3573ad1e025bb45], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{8df1bcd0}, In Quarantäne, [7af26cb06a200630ddb3aa033dc640c0], 
PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps, In Quarantäne, [6606a379e0aa270fe13a555215ee8977], 
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, In Quarantäne, [79f3bc606c1ed16515b9bf0d47bc3cc4], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3, In Quarantäne, [90dcf12b4b3fab8ba237cef647bc6997], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 23
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], 
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\config, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], 
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\Playlists, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], 
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\Snap, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\mz, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.PlusHD.A, C:\Users\Emily\AppData\LocalLow\Plus-HD-1.3, In Quarantäne, [91db23f9d5b522145eecf066bf44c13f], 
PUP.Optional.SearchResultsTB.A, C:\Windows\System32\config\systemprofile\AppData\LocalLow\searchresultstb, In Quarantäne, [323a110b63279c9a7915f47f33d053ad], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\defaults, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\defaults\preferences, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\userCode, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\locale, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\locale\en-US, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 

Dateien: 164
PUP.Optional.OptimizerPro, C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}\setup.exe, Löschen bei Neustart, [e587b7657119b6803e679b7f7092e11f], 
PUP.Optional.OptimizerPro, C:\Program Files\Optimizer Pro 3.38\OptProSchedule.exe, In Quarantäne, [7def59c3a6e49a9c404f72dc768b41bf], 
PUP.Optional.OptimizerPro, C:\Program Files\Optimizer Pro 3.38\OptProSmartScan.exe, In Quarantäne, [0b6187952a6071c5ade3b797e1206c94], 
PUP.Optional.Somoto.A, C:\Users\Emily\Downloads\7ZipSetup.exe, In Quarantäne, [a4c8e13bf694a78f1a63de5a2cd42bd5], 
PUP.Optional.Conduit.A, C:\Users\Emily\Downloads\FileConverter_1.3.exe, In Quarantäne, [de8ee3396129d95d1ee01a56bd4423dd], 
PUP.Optional.RegCleanerPro, C:\Users\Emily\Downloads\rcpsetup_matomy_30679.exe, In Quarantäne, [501cd14b2367a5918308ee434ab7ee12], 
PUP.Optional.RegCleanerPro, C:\Users\Emily\Downloads\rcpsetup_softonic_new_de_pd_new.exe, In Quarantäne, [9dcf96860b7faa8cb8d37bb6e120bd43], 
PUP.Optional.Softonic, C:\Users\Emily\Downloads\SoftonicDownloader_fuer_virtual-dj-free-home-edition(1).exe, In Quarantäne, [36363ce09febbd7985cc37f452af39c7], 
PUP.Optional.Softonic, C:\Users\Emily\Downloads\SoftonicDownloader_fuer_virtual-dj-free-home-edition.exe, In Quarantäne, [c8a4b765f6945cda074ade4d748de61a], 
PUP.Optional.OptimizerPro, C:\Users\Public\E3B468852C874837A8B554A1FA9071D5\setup.exe, In Quarantäne, [600cc15b494190a67c29e139fc06d32d], 
PUP.Optional.Superfish.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\jid1-tce47bzfSrBDXQ@jetpack.xpi, In Quarantäne, [e983c557662480b69470307452b1f50b], 
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\log.txt, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], 
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\config\config.ini, In Quarantäne, [78f417055c2e50e6a8c52c8b8b78fa06], 
PUP.Optional.Searchqu.A, C:\Users\Emily\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, In Quarantäne, [ee7e7ba1f793b185ce0431b66e963fc1], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\background.html, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon128.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\AddonsFramework.Typelib.dll, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\BackgroundHost.exe, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\BackgroundHost64.exe, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\BackgroundHostPS.dll, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\bg.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\ButtonSite.dll, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\ButtonSite64.dll, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\config.xml, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\content.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon16.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon18.ico, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon18.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon24.ico, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon24.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon32.ico, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon32.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\icon48.png, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\jquery-1.9.1.min.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\json2.min.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\uninstall.exe, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\updater.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\updaterWrapper.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\zulagames.rdf, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\mz\background.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.Zulagames.A, C:\Program Files\Zula Games\mz\content.js, In Quarantäne, [1e4e3ce07317290da8150ce2bc48f808], 
PUP.Optional.PlusHD.A, C:\Users\Emily\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p16808.dat, In Quarantäne, [91db23f9d5b522145eecf066bf44c13f], 
PUP.Optional.PlusHD.A, C:\Users\Emily\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p2300.dat, In Quarantäne, [91db23f9d5b522145eecf066bf44c13f], 
PUP.Optional.PlusHD.A, C:\Users\Emily\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p3800.dat, In Quarantäne, [91db23f9d5b522145eecf066bf44c13f], 
PUP.Optional.PlusHD.A, C:\Users\Emily\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p6504.dat, In Quarantäne, [91db23f9d5b522145eecf066bf44c13f], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome.manifest, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\install.rdf, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\2c1f8a6e50aa1c94ef60bae8aa1bf5ec.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\57e7929b45305b57d9a0de79e98c9489.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\6e95c05130ff097f160d3c57ee6ba28f.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\9a45f87ee8351a0cf83483061bd53792.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\b176883e352d26cd43db75eca3c14885.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\b292d109cfa50ec45233cee6ff5da70b.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\background.html, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\browser.xul, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\dialog.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\options.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\options.xul, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\search_dialog.xul, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\5c652b2fb759d42630e323758d09bade.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\0f4ec946678401589c1358a00057e960.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\11ae2f89d1e798f0ad12f10aa23a83b4.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\1b31e042d1b67fbe7dd2785ec0492a5d.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\1d2d43146833620402f964cc92f446ac.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\203ee0094b8845a290245fde57b8a8a6.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\30210a5ee4c5b3cfba0a0bbfd4cc9250.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\3803d71ec00b69996cb4351cd9cd2468.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\3cba06b41eebf31fb9c07429c2922ed0.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\630cd281e0b1ae42c0fc96b0a9a27c1f.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\81bb9b625359da0c3ff5ed2df2ebd984.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\820c7bf46bf85fbf16d455d70532c786.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\9eefbcd3b6b94b98ca40e653f2c874ab.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\a55b181375c5883e33be428980e7fef2.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\b999a96fd1cf0de5e049cd3eb6ec1b2d.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\api\c7344916630eae9306f244fa72307ba2.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\b19815695e6013719c9a610c6808a7a3.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\1140172464a3bebc130b417b5b5c6a98.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\1b4f2ee894b878a29d9aeb6105970b06.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\25eb3f7a6c5b8ee2a004fc74c06e087d.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\368340c3e4ac2a81ac1bfcf20604fbe2.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\41ea5accb04136001355aca7b70124f4.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\466c01f26fcc8853fb81b6721bba4d13.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\5e1711297f2ded34181e20f9f8837c1c.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\6273034e0a8bff85e9b3feef73f54da5.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\8ba71a8e45ae21e6ebbab0d6c5b0e667.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\8ec0828108316860e394217a63214e84.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\95d5828b0ec4ba26d7295abab22a9808.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\9d76436f5894498ea89bd907f06080c0.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\abdb8f7d474197e963eae3d844bb0bd8.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\bc7baebcb212348e4772b69133267875.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\ce1ae12f655e919ec6909b973229b7fc.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\de83dbbe45aeaf376519c64a7d21f3b9.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\e8463f2cdc5713fe1cb7a497bd234d99.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\f5829dc70d9a8f871d631698af86df4b.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\f84f2be286912063258b7b3bfe568ba2.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\chrome\content\core\installer.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\defaults\preferences\prefs.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\manifest.xml, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins.json, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\102.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\13.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\14.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\16.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\17.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\180.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\184.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\192.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\193.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\195.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\200.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\220.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\221.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\223.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\226.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\230.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\233.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\242.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\246.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\253.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\262.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\263.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\273.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\281.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\288.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\301.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\337.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\345.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\350.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\354.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\373.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\4.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\47.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\64.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\7.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\78.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\9.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\91.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\userCode\background.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\userCode\extension.js, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\locale\en-US\translations.dtd, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button1.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button2.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button3.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button4.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\button5.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\crossrider_statusbar.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon128.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon16.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon24.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\icon48.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\panelarrow-up.png, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\popup.html, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\skin.css, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.CrossRider.A, C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\skin\update.css, In Quarantäne, [e68657c5f69476c0d780a3db41c251af], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\ApiHandlr.dll, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\FiddlerCore.dll, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\HtmlAgilityPack.dll, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\InternetEnhancer.exe, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\InternetEnhancerService.exe, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\makecert.exe, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\Newtonsoft.Json.dll, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\WHttpServer.exe, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 
PUP.Optional.Wajam.A, C:\Program Files\WaIntEnhance\WaIntEnhance Internet Enhancer\wie, In Quarantäne, [fc701b011f6b9f971ec4ff871de617e9], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
FRST.txt:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Emily (administrator) on EMILY-PC on 09-02-2015 18:58:25
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
() C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-04-28] (Apple Computer, Inc.)
HKLM\...\Run: [tvjbmonitor] => C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [53248 2006-12-26] ()
HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-09] (Microsoft Corporation)
Startup: C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
ShortcutTarget: setup.lnk -> C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}\setup.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/O1DPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Re-markit - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 [2013-11-15]
FF Extension: Plus-HD-1.3c - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com [2015-02-07]
FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 8df1bcd0; c:\Program Files\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-08] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech                  )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2010-07-26] (NVIDIA Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 a2dda; \??\C:\Users\Emily\Desktop\MBRMastr.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Emily\AppData\Local\Temp\catchme.sys [X]
S1 cbbjpzjo; \??\C:\Windows\system32\drivers\cbbjpzjo.sys [X]
S0 rjaty; System32\drivers\imofugc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 18:57 - 2015-02-09 18:57 - 00040338 _____ () C:\Users\Emily\Desktop\mbam.txt
2015-02-09 18:57 - 2015-02-09 18:57 - 00040338 _____ () C:\mbam.txt
2015-02-09 18:19 - 2015-02-09 18:19 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-09 18:19 - 2015-02-09 18:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-09 18:19 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 18:19 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-09 17:52 - 2015-02-09 17:52 - 00000000 ____D () C:\Windows\system32\SPReview
2015-02-08 20:58 - 2015-02-08 20:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Emily\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-08 20:43 - 2015-02-08 20:43 - 00051874 _____ () C:\Users\Emily\Desktop\AdwCleaner[S0].txt
2015-02-08 20:16 - 2015-02-08 20:19 - 00000000 ____D () C:\AdwCleaner
2015-02-08 20:15 - 2015-02-08 20:15 - 02112512 _____ () C:\Users\Emily\Desktop\AdwCleaner_4.110.exe
2015-02-08 20:05 - 2015-02-08 20:05 - 00001230 _____ () C:\Users\Emily\Desktop\Revo Uninstaller.lnk
2015-02-08 12:37 - 2014-09-15 01:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-08 12:36 - 2015-02-08 12:39 - 00039945 _____ () C:\Users\Emily\Desktop\FRST.txt
2015-02-08 12:33 - 2015-02-09 18:31 - 00000000 ____D () C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}
2015-02-08 12:33 - 2015-02-09 18:30 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.38
2015-02-08 12:32 - 2015-02-09 18:30 - 00000000 ____D () C:\Users\Public\E3B468852C874837A8B554A1FA9071D5
2015-02-07 19:09 - 2015-02-07 19:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Emily\Desktop\tdsskiller.exe
2015-02-07 17:29 - 2015-02-09 18:33 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 17:29 - 2015-02-09 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 17:29 - 2015-02-08 20:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-07 17:27 - 2015-02-07 19:47 - 00000000 ____D () C:\Users\Emily\Desktop\mbar
2015-02-07 17:27 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 17:24 - 2015-02-07 17:24 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Emily\Desktop\mbar-1.08.3.1004.exe
2015-02-07 12:21 - 2015-02-07 12:21 - 00158779 _____ () C:\Users\Emily\Desktop\Combofix.txt
2015-02-07 12:03 - 2015-02-07 12:03 - 00158779 _____ () C:\ComboFix.txt
2015-02-07 11:58 - 2015-02-07 11:58 - 00141616 _____ () C:\Windows\Minidump\020715-19718-01.dmp
2015-02-07 11:36 - 2015-02-07 12:03 - 00000000 ____D () C:\Qoobox
2015-02-07 11:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-07 11:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-07 11:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-07 11:35 - 2015-02-07 12:03 - 00000000 ____D () C:\Windows\erdnt
2015-02-07 11:35 - 2015-02-07 11:35 - 05611380 ____R (Swearware) C:\Users\Emily\Desktop\ComboFix.exe
2015-02-07 11:34 - 2015-02-07 11:35 - 05611380 _____ (Swearware) C:\Users\Emily\Downloads\ComboFix.exe
2015-02-07 11:33 - 2015-02-07 11:33 - 00788728 _____ (Emsisoft GmbH) C:\Users\Emily\Downloads\mbrmastr.exe
2015-02-07 11:33 - 2015-02-07 11:33 - 00017904 _____ (Emsi Software GmbH) C:\Users\Emily\Downloads\MBRMastr.sys
2015-02-06 23:13 - 2015-02-07 11:58 - 300521773 _____ () C:\Windows\MEMORY.DMP
2015-02-06 23:13 - 2015-02-07 11:58 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 23:13 - 2015-02-06 23:13 - 00141616 _____ () C:\Windows\Minidump\020615-23010-01.dmp
2015-02-06 22:48 - 2015-02-06 22:48 - 00003003 _____ () C:\Users\Emily\Desktop\gmer.txt
2015-02-06 22:34 - 2015-02-06 22:34 - 00043603 _____ () C:\Users\Emily\Desktop\Addition.txt
2015-02-06 22:33 - 2015-02-09 18:58 - 00000000 ____D () C:\FRST
2015-02-06 22:32 - 2015-02-08 20:19 - 00000000 ___RD () C:\Users\Emily\Desktop\Emilys Programme
2015-02-06 22:30 - 2015-02-06 22:30 - 00000472 _____ () C:\Users\Emily\Desktop\defogger_disable.log
2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 _____ () C:\Users\Emily\defogger_reenable
2015-02-06 21:19 - 2015-02-06 22:58 - 00000000 ____D () C:\689882de6eaabdefc8
2015-02-06 19:58 - 2015-02-09 18:58 - 00000000 ____D () C:\Users\Emily\Desktop\AntiVirus Programme
2015-02-06 19:54 - 2015-02-06 19:54 - 00000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:52 - 2015-02-06 19:52 - 00009736 ____N () C:\bootsqm.dat
2015-02-06 19:51 - 2015-02-06 19:51 - 00000000 ____D () C:\found.000
2015-02-06 19:46 - 2015-02-06 19:46 - 00000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}
2015-02-05 19:40 - 2015-02-05 19:40 - 00000000 ____D () C:\Program Files\VS Revo Group

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 18:40 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 18:40 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 18:37 - 2011-04-28 20:27 - 01929830 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 18:35 - 2013-11-15 17:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-09 18:34 - 2013-08-06 16:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Skype
2015-02-09 18:34 - 2011-05-20 12:37 - 00120360 _____ () C:\Users\Emily\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 18:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 18:32 - 2009-07-14 05:39 - 00089034 _____ () C:\Windows\setupact.log
2015-02-09 18:32 - 2009-07-14 05:33 - 00424232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-09 18:31 - 2010-07-07 19:31 - 00123406 _____ () C:\Windows\PFRO.log
2015-02-09 18:22 - 2013-10-07 15:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 17:58 - 2011-05-20 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-09 17:41 - 2010-07-06 21:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 20:26 - 2013-10-07 15:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-08 20:26 - 2013-10-07 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-08 20:19 - 2013-05-05 14:39 - 00001027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-08 20:02 - 2013-09-28 16:08 - 00000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2015-02-08 12:32 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-07 17:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Globalization
2015-02-07 17:41 - 2014-08-19 19:21 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Qaoxxie
2015-02-07 17:41 - 2014-08-19 19:15 - 00000000 ____D () C:\ProgramData\AqjiJzed
2015-02-07 12:07 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\mozilla firefox
2015-02-07 11:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-07 11:52 - 2009-07-14 03:03 - 59768832 _____ () C:\Windows\system32\config\software.bak
2015-02-07 11:52 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-07 11:51 - 2009-07-14 03:03 - 17563648 _____ () C:\Windows\system32\config\system.bak
2015-02-07 11:51 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2015-02-07 11:26 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-06 22:58 - 2014-03-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.0
2015-02-06 22:58 - 2013-08-04 15:10 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\.minecraft
2015-02-06 22:58 - 2013-05-11 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
2015-02-06 22:58 - 2013-02-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fessie
2015-02-06 22:58 - 2012-11-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-02-06 22:58 - 2010-08-09 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-06 22:58 - 2010-08-09 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack
2015-02-06 22:58 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-06 22:54 - 2011-11-06 17:20 - 00000000 ____D () C:\Program Files\Purplehills
2015-02-06 22:54 - 2011-04-28 22:44 - 00000000 ____D () C:\Program Files\Trend
2015-02-06 22:54 - 2011-04-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
2015-02-06 22:54 - 2010-08-09 13:53 - 00000000 ____D () C:\Program Files\Realtek
2015-02-06 22:53 - 2013-05-11 08:35 - 00000000 ____D () C:\Program Files\LEGO Media
2015-02-06 22:53 - 2012-01-11 17:55 - 00000000 ___RD () C:\MSOCache
2015-02-06 22:53 - 2011-04-28 22:31 - 00000000 ____D () C:\Program Files\Disney Interactive Studios
2015-02-06 22:53 - 2010-08-09 13:13 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-06 22:53 - 2010-08-09 13:11 - 00000000 ____D () C:\Program Files\Medion MediaPack
2015-02-06 22:30 - 2011-04-28 20:33 - 00000000 ____D () C:\Users\Emily
2015-02-06 22:00 - 2014-05-02 15:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-02-06 21:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-05 20:29 - 2010-08-09 13:53 - 00000000 ___HD () C:\Program Files\Temp

==================== Files in the root of some directories =======

2011-06-18 18:20 - 2011-06-18 18:20 - 0018392 _____ () C:\Users\Emily\AppData\Roaming\UserTile.png
2013-09-28 16:08 - 2015-02-08 20:02 - 0000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2014-01-03 18:58 - 2014-01-03 18:58 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-09-28 16:08 - 2014-02-01 15:57 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-TTL.DAT
2014-08-19 20:10 - 2014-08-19 20:10 - 0007605 _____ () C:\Users\Emily\AppData\Local\Resmon.ResmonCfg
2015-02-06 19:54 - 2015-02-06 19:54 - 0000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:46 - 2015-02-06 19:46 - 0000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}

Some content of TEMP:
====================
C:\Users\Emily\AppData\Local\temp\optprosetup.exe
C:\Users\Emily\AppData\Local\temp\Quarantine.exe
C:\Users\Emily\AppData\Local\temp\setup.exe
C:\Users\Emily\AppData\Local\temp\sqlite3.dll
C:\Users\Emily\AppData\Local\temp\uninst1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-30 06:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---
(auf der 2. Seite gehts weiter!)

Geändert von Nailimixam (09.02.2015 um 20:20 Uhr)

Alt 09.02.2015, 20:17   #11
Nailimixam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



und Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2015
Ran by Emily at 2015-02-09 18:59:04
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
Angry Birds Rio (HKLM\...\{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}) (Version: 1.4.2 - Rovio)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
Disney Rapunzel (HKLM\...\{AEAEA61F-ECE0-4528-AD7A-8A916F5F576E}) (Version: 1.00.0000 - Disney Interactive Studios)
EG21 Vokabelkartei interaktiv 1 (HKLM\...\{A036DB99-B62F-4110-8D87-9DF0D6DC4022}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
EG21 Vokabelkartei interaktiv 2 (HKLM\...\{D9C1E527-F7B8-4C32-8186-E59DDD38C475}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Euro Truck Simulator 2 (HKLM\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.0.2 - SCS Software)
Fessie 1.01 (HKLM\...\Fessie) (Version: 1.01 - Connecta AG)
Globy (HKLM\...\Globy) (Version:  - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HyperBalloidCE (HKLM\...\HyperBalloidCE) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java(TM) 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
Lernspaß 4 (HKLM\...\{F932A61A-4FAD-4390-8163-AB50F5FDE61B}) (Version: 1.00.0000 - Terzio Verlag)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Monster Training Einmaleins (HKLM\...\{5F87EF36-A373-11D5-AA2E-0008C760B784}) (Version:  - )
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mysteryville 2 (HKLM\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
Ottifanten Ostfriesen Lemminge in Not (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\Ottifanten Ostfriesen Lemminge in Not) (Version: V1.000000 - )
Pearl Poppers (HKLM\...\Pearl Poppers) (Version:  - )
ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.5 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Great Mahjongg (HKLM\...\The Great Mahjongg) (Version:  - )
TV Jukebox 3.0 (HKLM\...\{F3F1D08D-ABEF-4528-8383-54C46369EBB6}) (Version: 3.00.000 - Meta Media Inc)
Versteckt - Entdeckt! Fantasy (HKLM\...\{FD2A02A5-C285-11DC-AA69-00E07DDCAF19}) (Version: 1.00.0000 - Terzio Verlag)
Virtual DJ Toolbar (HKLM\...\{56444A00-6A76-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4331 - APN, LLC)
VirtualDJ Home FREE (HKLM\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Vokabelkartei interaktiv À plus! 1 (HKLM\...\{C7BD31A9-B17E-4125-8AE6-217C1FF8BE10}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Google Talk Plugin\gtpo3d_host.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

09-02-2015 17:52:41 Windows 7 Service Pack 1

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-02-07 11:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {091F344D-E5A6-40D2-B9C6-98AD2E6CDC50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001UA => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {13807DC3-5338-4132-84C1-05A3EB4BE663} - System32\Tasks\{E0FF7EA4-B9D4-41E6-AD9E-7E276684870D} => Firefox.exe 
Task: {31F7DA48-CCA9-463C-90DC-C85A98190360} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {35B0D312-4D59-4C8C-976E-7C0D5D88EBD0} - System32\Tasks\{1FD47CF6-8F71-479D-99D6-0872FB2552A0} => Firefox.exe 
Task: {48953138-6F84-4657-937E-E7C0BA169CC1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {496AC240-80AF-447B-BCD7-E913C55B1BA5} - System32\Tasks\{BFBC5E6D-AB99-48FB-A633-4AFBF761FA4D} => pcalua.exe -a C:\Users\Emily\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {733E8250-2532-4C70-A3DF-36E8FC0F1605} - System32\Tasks\{7A1D3718-8647-4D69-A2DC-E4EE9D091E84} => pcalua.exe -a C:\Windows\unin0407.exe -c -f"C:\Program Files\LEGO Media\Games\LEGO Schach\DeIsL1.isu"
Task: {B9410FCF-FACF-4ECF-AF3B-F3D70AA17553} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {C608BD0D-3ABC-4E57-8A2B-65D8E95EF791} - System32\Tasks\{1FAF4A1B-0C2D-4ABB-812E-78E6585C27EC} => Firefox.exe 
Task: {D5F6E2C0-B410-40F2-A544-0698068D997D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2221341230-3600195835-1468495209-1001Core => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {F5BA07E2-72EE-4258-8F67-2171E541A678} - System32\Tasks\Security Center Update - 2034009945 => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe <==== ATTENTION
Task: {FAC5AEDC-E380-4246-8289-273225370801} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-28 20:41 - 2006-12-26 17:08 - 00053248 _____ () C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
2013-11-15 20:10 - 2013-11-15 20:10 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-08-09 13:36 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-16 18:30 - 2014-07-16 18:31 - 03839088 _____ () C:\Program Files\mozilla firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2221341230-3600195835-1468495209-500 - Administrator - Disabled)
Emily (S-1-5-21-2221341230-3600195835-1468495209-1001 - Administrator - Enabled) => C:\Users\Emily
Gast (S-1-5-21-2221341230-3600195835-1468495209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2221341230-3600195835-1468495209-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2221341230-3600195835-1468495209-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 73852964

Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 73852964

Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012

Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012

Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 08:19:15 PM) (Source: scores) (EventID: 0) (User: )
Description: Service failed on stop: 301: Interrupted.


System errors:
=============
Error: (02/09/2015 06:32:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
rjaty

Error: (02/09/2015 05:56:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007371b fehlgeschlagen: Windows 7 Service Pack 1 (KB976932)

Error: (02/08/2015 08:21:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
rjaty

Error: (02/08/2015 08:21:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "X10 Device Network Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/08/2015 08:21:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst X10 Device Network Service erreicht.

Error: (02/08/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/08/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Optimizer Pro Crash Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/08/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 73852964

Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 73852964

Error: (02/09/2015 05:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012

Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012

Error: (02/08/2015 09:07:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (02/08/2015 09:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 08:19:15 PM) (Source: scores) (EventID: 0) (User: )
Description: Service failed on stop: 301: Interrupted.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3253.42 MB
Available physical RAM: 1803.73 MB
Total Pagefile: 6505.12 MB
Available Pagefile: 4686.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.27 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:522.66 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:9.61 GB) NTFS
Drive e: (22 Jul 2014) (CDROM) (Total:4.38 GB) (Free:2.51 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         

Alt 10.02.2015, 19:31   #12
sunjojo
/// Malwareteam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Ok, das sieht doch jetzt schon wieder fast gut aus . Du müsstest deutlich weniger Werbung angezeigt bekommen, wenn du deine Browser öffnest.


Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S2 8df1bcd0; c:\Program Files\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-08] ()
Startup: C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Extension: Re-markit - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 [2013-11-15]
FF Extension: Plus-HD-1.3c - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com [2015-02-07]
S1 cbbjpzjo; \??\C:\Windows\system32\drivers\cbbjpzjo.sys [X]
S0 rjaty; System32\drivers\imofugc.sys [X]
2015-02-08 12:33 - 2015-02-09 18:31 - 00000000 ____D () C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}
2015-02-08 12:33 - 2015-02-09 18:30 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.38
2015-02-08 12:32 - 2015-02-09 18:30 - 00000000 ____D () C:\Users\Public\E3B468852C874837A8B554A1FA9071D5
2015-02-07 17:41 - 2014-08-19 19:21 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Qaoxxie
2015-02-07 17:41 - 2014-08-19 19:15 - 00000000 ____D () C:\ProgramData\AqjiJzed
Task: {496AC240-80AF-447B-BCD7-E913C55B1BA5} - System32\Tasks\{BFBC5E6D-AB99-48FB-A633-4AFBF761FA4D} => pcalua.exe -a C:\Users\Emily\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {F5BA07E2-72EE-4258-8F67-2171E541A678} - System32\Tasks\Security Center Update - 2034009945 => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Hast du jetzt noch irgendwelche Probleme zu beklagen (z.B. Werbung in Browsern, Firewall startet nicht, ...)?


Poste folgende Logfiles in deiner nächsten Antwort:
  • fixlog.txt
  • log.txt
  • FRST.txt
__________________
Gruß,

Jonas

Alt 11.02.2015, 17:47   #13
Nailimixam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Hey Jonas,
Nein es gibt zurzeit keinerlei Probleme mehr ! Danke vielmals dafür

Hier die logs:
fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-02-2015 01
Ran by Emily at 2015-02-11 16:13:38 Run:1
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S2 8df1bcd0; c:\Program Files\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-08] ()
Startup: C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Extension: Re-markit - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 [2013-11-15]
FF Extension: Plus-HD-1.3c - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com [2015-02-07]
S1 cbbjpzjo; \??\C:\Windows\system32\drivers\cbbjpzjo.sys [X]
S0 rjaty; System32\drivers\imofugc.sys [X]
2015-02-08 12:33 - 2015-02-09 18:31 - 00000000 ____D () C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4}
2015-02-08 12:33 - 2015-02-09 18:30 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.38
2015-02-08 12:32 - 2015-02-09 18:30 - 00000000 ____D () C:\Users\Public\E3B468852C874837A8B554A1FA9071D5
2015-02-07 17:41 - 2014-08-19 19:21 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Qaoxxie
2015-02-07 17:41 - 2014-08-19 19:15 - 00000000 ____D () C:\ProgramData\AqjiJzed
Task: {496AC240-80AF-447B-BCD7-E913C55B1BA5} - System32\Tasks\{BFBC5E6D-AB99-48FB-A633-4AFBF761FA4D} => pcalua.exe -a C:\Users\Emily\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {F5BA07E2-72EE-4258-8F67-2171E541A678} - System32\Tasks\Security Center Update - 2034009945 => C:\Users\Emily\AppData\Roaming\Qaoxxie\hahuot.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720

*****************

8df1bcd0 => Service deleted successfully.
C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. 
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\135 => Moved successfully.
C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com => Moved successfully.
cbbjpzjo => Service deleted successfully.
rjaty => Service deleted successfully.
C:\ProgramData\{77cf8ef5-0d0e-c1c0-77cf-f8ef50d03bd4} => Moved successfully.
C:\Program Files\Optimizer Pro 3.38 => Moved successfully.
C:\Users\Public\E3B468852C874837A8B554A1FA9071D5 => Moved successfully.
C:\Users\Emily\AppData\Roaming\Qaoxxie => Moved successfully.
C:\ProgramData\AqjiJzed => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{496AC240-80AF-447B-BCD7-E913C55B1BA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{496AC240-80AF-447B-BCD7-E913C55B1BA5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BFBC5E6D-AB99-48FB-A633-4AFBF761FA4D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BFBC5E6D-AB99-48FB-A633-4AFBF761FA4D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5BA07E2-72EE-4258-8F67-2171E541A678}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5BA07E2-72EE-4258-8F67-2171E541A678}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2034009945 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2034009945" => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.


The system needed a reboot. 

==== End of Fixlog 16:13:39 ====
         
log.txt:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b536ee049e85c345970e34fecae58421
# engine=22422
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-11 04:41:33
# local_time=2015-02-11 05:41:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8709 175304084 0 0
# scanned=153984
# found=220
# cleaned=0
# scan_time=3243
sh=1D35C5005E8B2CBE463BE8840D8B519BCBDAEE3D ft=1 fh=57608bffe13529a4 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-2221341230-3600195835-1468495209-1001\$R6WE68G\_Setupx.dll"
sh=AA8FF80CB504D6C7CD680D0F098A3896E680A8E9 ft=1 fh=4fc511e7f3924f0b vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir"
sh=AA8FF80CB504D6C7CD680D0F098A3896E680A8E9 ft=1 fh=4fc511e7f3924f0b vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir"
sh=D5639EC96BB23E91CCC655C4E765797930866676 ft=1 fh=611e9e9c9165914e vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir"
sh=AA8FF80CB504D6C7CD680D0F098A3896E680A8E9 ft=1 fh=4fc511e7f3924f0b vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir"
sh=609D8E76D3CC9811543AE9FF60C99FA238755DEB ft=1 fh=ae6efe48edf4869d vn="Variante von Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir"
sh=FEC645D6BF74FD011FA9EE2075478E9E059B3EEF ft=1 fh=258f8231b82cc0cb vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir"
sh=E59C40DBDFFBFC64CB01080F85ADB47515919AAD ft=1 fh=25b1bb1ca23e3ee4 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=61999ADB14A580A2D965FB8E6AA0AC31B61CF3C1 ft=1 fh=54b10837e69fea4a vn="Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir"
sh=7589639BBD0B6B0B2A054F7DFDBA593FD29024C8 ft=1 fh=695860d343b88911 vn="Variante von Win32/DealPly.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir"
sh=9C2787DC9E576D2E41708DE8C1BEB33DEB15D61E ft=1 fh=c7caabdcdebc939d vn="Variante von Win32/Toolbar.CrossRider.AG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\4503c635-3e57-4083-ab3f-d96f93597eb9.exe.vir"
sh=8D57ED223372029604A58E28A836C2C8C2E9704A ft=1 fh=7d230d90e957aef6 vn="Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-11.exe.vir"
sh=FD00BCA35C8591EF1E845A20D483DED135151FDF ft=1 fh=b7c4b1882a9d9679 vn="Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-2.exe.vir"
sh=8D57ED223372029604A58E28A836C2C8C2E9704A ft=1 fh=7d230d90e957aef6 vn="Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-3.exe.vir"
sh=04D4C54F52BC74CCF1A4E83F85B14286243BD504 ft=1 fh=80ca5f910089e023 vn="Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-4.exe.vir"
sh=6434B75488BF75D37A371694C2F858776CA362C7 ft=1 fh=152a1c9c1a78823e vn="Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da-5.exe.vir"
sh=6B4362E535A0BCF1E4C81A297E07DF557480BF74 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da.crx.vir"
sh=AC216A957B0E8F56D00ED4818EAF98B3F061A662 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da.xpi.vir"
sh=259F6A6A0A48FA2D7A3BA87BD79C9B7D2AD01B13 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\6b1b9178-2152-4f31-89ec-d1c64de256da_.xpi.vir"
sh=3FD221495EC5445B4CD23E81CB5AAB5236F5AD4F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\7ca3042b-9ed4-4eb1-a697-0a7d537e6c18.crx.vir"
sh=6B4362E535A0BCF1E4C81A297E07DF557480BF74 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\b016e406-0d37-4013-a459-fa5f39829182.crx.vir"
sh=4522FF99A4C4C9DFA2052C2E29E63E5D58C219FA ft=1 fh=43f36c18abce6610 vn="Variante von Win32/Toolbar.CrossRider.AL evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\Browsers Apps-bg.exe.vir"
sh=1CDF8704E1FA09D6E112F1EB3AC9270AC2998D5D ft=1 fh=1a54a32b92a89dcf vn="Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\Browsers Apps-bho.dll.vir"
sh=42BC4467BA787D6FF595AC8AAEC40498DE9A1155 ft=1 fh=841443a6fd0099b3 vn="Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\Browsers Apps-codedownloader.exe.vir"
sh=7F2A3D482E96FA628D93730AFAF277C15D2F1F7F ft=1 fh=670e1a428a992442 vn="Variante von Win32/Toolbar.CrossRider.AW evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\Uninstall.exe.vir"
sh=0B9C2E4B33F8B9D1B6F24E59751338A421AC4426 ft=1 fh=e08f2cd1b954de4b vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Browsers Apps\utils.exe.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\uninstall.exe.vir"
sh=741518CA17409E0C108EA202464829E6C664ED1E ft=1 fh=52477f93f91d8732 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=0144DAD6530EDBF83280FF7B7ACE933567C6AF13 ft=1 fh=1852f3471a1c93e3 vn="Win32/AdWare.Yontoo.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\Y2Desktop.Updater.exe.vir"
sh=35F99C843B7AE9A4EA9039D0EB2C604012C1C610 ft=1 fh=c71c0011107b1fae vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\cosstminn\FQ7ipqPJviI.exe.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=4EDACB162E79B13F82774B4D1951DDAD8C518115 ft=1 fh=eba317b2b14505a9 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=EEA5DA42D4BBD9D95EC87F167D7B8CA37C34380C ft=1 fh=c71c001150440d8f vn="Variante von Win32/AdWare.MultiPlug.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\RegULArDeeaals\2Ki.exe.vir"
sh=08F655DCDE8449EF57A3FA5CC2FA9B2535633869 ft=1 fh=82f7a571cc924085 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Systweak\Advanced System Protector\updates\aspsetup_update.exe.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=1CBE4131517EA02318B4E507FFBF2DC13C9C1640 ft=1 fh=c39ecf1f8dcb1733 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"
sh=B2555C0BADDF0837A51D44D34CB8D78B2B22B91D ft=1 fh=8aacdf23ffe8d7a9 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"
sh=22A3F74C8FA3BAF363B26F1CED92FA6E048F4A9E ft=1 fh=210043307b82281e vn="Variante von Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"
sh=5918876B66D0E8BD574EA9B07E3E774B4D3D919F ft=1 fh=1bef8d0f35b0bd2e vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"
sh=77918B0878255FC1383E41084977C8CF7CD463D9 ft=1 fh=c71c00119ea191b0 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=4B438C9B64DD27C64140EC83EA5020B761BA94B3 ft=1 fh=c35f7b16075203da vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=84FE61ACEE90134C6BFBD3CECF1FB07BC22C997C ft=1 fh=dc261decc3a37fad vn="Variante von Win32/DealPly.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\digitalsite\UpdateProc\UpdateTask.exe.vir"
sh=0903A766E581AACA95D4CD6AA88BBCD97D419B2D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\firefoxmini@go.im.xpi.vir"
sh=77603C73753651529C22CF2ECB5B977FCD4D7E35 ft=1 fh=b873605b24f73a7b vn="Variante von MSIL/WebCake.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\Yontoo\YontooDesktop.exe.vir"
sh=7B439FB6CD9AE4A46F402F0A44DB0B22F3479CE6 ft=1 fh=739fca2ab5e7f1a8 vn="Variante von Win32/BrowseFox.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emily\AppData\Roaming\Yontoo\dat\DIBS.dat.vir"
sh=12883B42F1321524DFC99A0C433A2306154469CE ft=1 fh=6c051e8af692ba0f vn="Variante von Win32/Agent.WGA Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\score.exe.vir"
sh=615447E6F302CC41089D7C1EA09F4F007330C8A3 ft=1 fh=42c5de6a5b8e8081 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=5CC86FE93E7A871C52C8F9CE44AE0F5D01D5B6D9 ft=1 fh=91f916f1ca21642a vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Optimizer Pro 3.38\OptimizerPro.exe"
sh=9D8D0015189F1FB80B7C20518A941011736A1C64 ft=1 fh=f20030823d0ba1bd vn="Variante von Win32/OptimizerPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Optimizer Pro 3.38\OptProHelper.dll"
sh=1AA97E63ABBB08E9E3E06C3FED249D8FD7B4CFB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\UNGEDRJW444405@LS70886362.com\extensionData\plugins\91.js"
sh=69965658CBE50E2BDADB72755BB94332A4D5F971 ft=1 fh=b5c5c236bb0c961e vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\AddonNP.exe.vir"
sh=43A123C825F2DB7104D75DA73B6B71C0A2B320DA ft=1 fh=36bf59f3c65f5b85 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\NewVideoPlayer.exe.vir"
sh=8F6E476776CD4FA44D506E22250FA6E5CC3082E3 ft=1 fh=079aa239846523ec vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\NewVideoPlayerUpdater.exe.vir"
sh=E519ED8E680E82B608957A593691208AF95AFC36 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\manifest.json.vir"
sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\script.js.vir"
sh=DBAE067FA9F72487D9331D77AFE14E3C6D77AE6F ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir"
sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir"
sh=08120C49FFCC10FFF09C4965E1CCC99F08EC06E3 ft=1 fh=c4065e695ff8e78d vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\NewPlayer\references\NewPlayerChecker.exe.vir"
sh=599A62BB9002AAD8D9D86A13A271D2A392560620 ft=1 fh=c71c0011cd782379 vn="Variante von Win32/AdWare.PricePeep.A Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\PricePeep\prICepeep.dll.vir"
sh=B018ADBCA951AC0EB0757AFFD7EAB8FC0228CA91 ft=1 fh=fda9a5748d3eb594 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Probit Software\Easy Speed PC\ESPCSmartScan.exe.vir"
sh=35B91359601850759FE50DCE27B038418D33E80E ft=1 fh=a4817a2a71291fe2 vn="Win32/Toolbar.SearchSuite.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll.vir"
sh=59E30A83FC710528D0A8A5EEF8CFEFFEFFE17881 ft=1 fh=98c3f5977377438a vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\datamngr.dll.vir"
sh=AD24D72F8876F45CB18DEF319804D546C92E904B ft=1 fh=ab949da295df187e vn="Variante von Win32/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe.vir"
sh=B9EA675D8106F830BAF07501A498BCB94DB97A75 ft=1 fh=5e7e7dc0a08ecdd0 vn="Variante von Win32/Toolbar.SearchSuite.R evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\DnsBHO.dll.vir"
sh=155EFD07D8D9E403412371E6057D4AC4F95D9C98 ft=1 fh=49a75721ee6af88a vn="Variante von Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll.vir"
sh=327B4D7CE381BB22132DEEEE770830A5CD855B04 ft=1 fh=c71c0011acd358ec vn="Variante von Win32/Toolbar.SearchSuite.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\installhelper.dll.vir"
sh=785BAA44888EA404E503E828E8A963CF107E450D ft=1 fh=c71c0011aedbd345 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll.vir"
sh=35B966343014852B925997600B1400F656AC2BC0 ft=1 fh=c71c001125a516b4 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll.vir"
sh=D85044E04626EE9ABB7CBE23EB21462118B9532C ft=1 fh=c71c0011f9f90ab1 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll.vir"
sh=AE5E307560B0AA3903C934D565EB8265A164693F ft=1 fh=c71c00110a465468 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll.vir"
sh=96C1C8A9E53D94CACA348AD548F2ED3DB4ECB596 ft=1 fh=c71c00117e2a3620 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll.vir"
sh=8B12CBBA703C8BD13656F760B39E2334298AA75A ft=1 fh=c71c00116ecb61ab vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll.vir"
sh=0A080A481AA4638269BEC117BC0DF55DE989AFBD ft=1 fh=c71c0011273ceb73 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF16.dll.vir"
sh=9683ABB8D38F5EA1738D595BCF871966C231A204 ft=1 fh=c71c0011dfa83c27 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF17.dll.vir"
sh=8910FC4F7320E6B689ECEC5BDCFD20B2D8C22BA6 ft=1 fh=c71c0011cd123c27 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF18.dll.vir"
sh=56A2213459FE27FAD705242321C47257CDDDF12D ft=1 fh=c71c00116a6f70f9 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll.vir"
sh=294BCF6E5DA692300C76DB67476B925AF3A7A5DC ft=1 fh=c71c001137b4187c vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll.vir"
sh=D5D390992E9A9DFA36F1314D30D3E44A01949745 ft=1 fh=c71c0011febf293c vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll.vir"
sh=E2B05D8BF5DDDB4324C4DFB9B3C1A74241D66BD7 ft=1 fh=c71c001104691cfa vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll.vir"
sh=30D40E57570F161FA7A193E822EEFB9481010C6B ft=1 fh=c71c0011926aa342 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll.vir"
sh=1CCE7EB841FA770FD4CAF733DB9CDF7FDA6449DD ft=1 fh=c71c0011dfd7aceb vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll.vir"
sh=8151222086D8598B10D9E150897897BB2FC6C17C ft=1 fh=c71c0011d919f634 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll.vir"
sh=BFDC3839ACE19D582651CBDBCA401D85ACB87CEE ft=1 fh=c71c0011ea55d4ef vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe.vir"
sh=E02E52D8D6D4809A43A0747AD2D43EA571EFAF81 ft=1 fh=28dc55d634c41655 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll.vir"
sh=AEE777C33B56057601631AB4644C0978BCA2A1C8 ft=1 fh=42e798c3bb668ec2 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultstb.dll.vir"
sh=064680D54E8FBA2D06E2A5E35060BB16B3636C3B ft=1 fh=4ae2a46f410a297c vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=E6BF88B3390FEA12DB1F6F150800B531FEDADB01 ft=1 fh=4a10605500753c35 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=40B63087012BF7DA70AE82BD473BCCFDD93BF8F5 ft=1 fh=027554fe6efee6bd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=584265F2BA0B47696184876335BAF6E175C81BEF ft=1 fh=2f2b206b1a22bc74 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=2D9A7EAF0637343E63C8622AA99C16E817A0F204 ft=1 fh=79672f4490f328fb vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=6CDD189837D5C70B6F11EC1467DFC06B5B1DAB56 ft=1 fh=8d9f8b9dd40f9b55 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=295FC6612C9C97760937DF651A963A44C99CD0C0 ft=1 fh=aaec07ed4cd90b5d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=1281BC2E05EBA5C4AEA26227C68ABBBF6ED9A2BC ft=1 fh=78661b0bb1b930fe vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=2510D5FD078002C413DAA2B68FEBA3E9AC8BDE80 ft=1 fh=b3c45eb818ca1528 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=E18E67AF494118B8B73EC4EC2269E89AA9C18237 ft=1 fh=d7d3a79201d8389a vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=519D351E7D451CF8965426034C27558B024323A9 ft=1 fh=ee3584189238a1b3 vn="Variante von Win32/Toolbar.Besttoolbars.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Speed Analysis 2\ScRIpthost.dll.vir"
sh=03DBFA1572019E6B0A7745CA443E74CCA8FEEFFD ft=1 fh=c71c0011e74d8dee vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SupTab\SuPTab.dll.vir"
sh=DF42B242EADAD093ACC54961BB0C38670EAD848F ft=1 fh=a6df0048ea629c0a vn="Variante von Win32/Toolbar.Besttoolbars.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Zula Games\ScRIpthost.dll.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=181AC2B9057F4DDC5D1A2E7CD5EFEAC269C15F1C ft=1 fh=9e0b256bf3bd13ec vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\nst139B.tmp.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\108_icm_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\120_luck_m.js.vir"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=E2AAC0A6807AABEFDD15388FE0DF40EDD826084E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=89A2473F8804B70DE1D0953DFDD5D3F4D970FB7C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=631D51C0D12FBED68BBF95F6E6505F2CE3692BAB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\108_icm_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\120_luck_m.js.vir"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=E2AAC0A6807AABEFDD15388FE0DF40EDD826084E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=89A2473F8804B70DE1D0953DFDD5D3F4D970FB7C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=631D51C0D12FBED68BBF95F6E6505F2CE3692BAB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\108_icm_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\120_luck_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=E2AAC0A6807AABEFDD15388FE0DF40EDD826084E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=B78A18D3D82E3FB5057E12E1DB7FAD86C538E687 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=0541B9683E2C0FE8FA316A14FBFE39F8B6B25340 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=34C172F21F03BA75D0ECA4AB4687596BBE5963ED ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\91.js.vir"
sh=0E9341513B2301CFF2630A188567E0CDFEDE6DE2 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ii.obkb@m-dlr.com\content\bg.js.vir"
sh=745D9E2C15B9F297D137FE3B8C604B285303669A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\extensions\ioiqoj7-eb@ffreoeyeuuvhp-.com\content\bg.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=C0D3F36522FE4821B06D93F242E24F871643E4BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fbfjohmndljgjipdpobaahcdinhjoclh\2.0\O6wjqEsJ.js.vir"
sh=AA36B059945D6670093606079029A1D95535A8D2 ft=1 fh=1ff55921747a3893 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFYR4D6X\Setup[1].exe"
sh=D87AFBC2EE869E294517FDA1D5B0756B1466B0DF ft=1 fh=5066bc0bb3c35ed5 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\23IX2TXH\setup[1].exe"
sh=2B2E9BF5CEEC740AF537FAC859DAE71334295C53 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHL Trojaner" ac=I fn="C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6LCV346O\8twy0q1cod[1].htm"
sh=DC0F743421D79250BC0A46E0407FD9EACFC7CCFD ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NFT Trojaner" ac=I fn="C:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9S8336K0\wmeuqn6lm8[1].htm"
sh=AA36B059945D6670093606079029A1D95535A8D2 ft=1 fh=1ff55921747a3893 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Emily\AppData\Local\temp\nsv8CDD.tmp"
sh=E5D7080471FFE7DB9DC0600FA01FC4AAB5C2B290 ft=1 fh=5f007986cda230ad vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Emily\AppData\Local\temp\optprosetup.exe"
sh=4847D7866FD98E323B9D3F313E3C63BDEFB58708 ft=1 fh=3f72015d81b1b6a0 vn="Variante von Win32/SoftPulse.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Emily\Downloads\Player.exe"
sh=6BC17F637711C4EBF329BBD8FBA845C373A1C299 ft=1 fh=d95d4f54d0a56649 vn="Win32/Wajam.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63RKJ3WJ\wajam_update[1].066"
sh=D9BC4A8300516B14ED7E084CFEDA4D9625C7726E ft=1 fh=f77004a6a7cc6f37 vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71C9F72W\update-util[1].exe"
sh=329A982A1B2E7D8BD3AEB7FECC339640F08032F4 ft=1 fh=a14a1a98964039e4 vn="Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71C9F72W\WIE_2.23.2.8[1]"
sh=D9BC4A8300516B14ED7E084CFEDA4D9625C7726E ft=1 fh=f77004a6a7cc6f37 vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFOIG2L2\update-util[1].exe"
         
FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 01
Ran by Emily (administrator) on EMILY-PC on 11-02-2015 17:43:36
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
() C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-04-28] (Apple Computer, Inc.)
HKLM\...\Run: [tvjbmonitor] => C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [53248 2006-12-26] ()
HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-09] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/O1DPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech                  )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2010-07-26] (NVIDIA Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 a2dda; \??\C:\Users\Emily\Desktop\MBRMastr.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Emily\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 16:19 - 2015-02-11 16:19 - 00000000 ____D () C:\Program Files\ESET
2015-02-11 16:18 - 2015-02-11 16:19 - 02347384 _____ (ESET) C:\Users\Emily\Downloads\esetsmartinstaller_deu.exe
2015-02-09 20:22 - 2015-02-09 20:22 - 00000000 ____D () C:\Windows\system32\SPReview
2015-02-09 18:57 - 2015-02-09 18:57 - 00040338 _____ () C:\mbam.txt
2015-02-09 18:19 - 2015-02-09 18:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-09 18:19 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 18:19 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-08 20:43 - 2015-02-08 20:43 - 00051874 _____ () C:\Users\Emily\Desktop\AdwCleaner[S0].txt
2015-02-08 20:16 - 2015-02-08 20:19 - 00000000 ____D () C:\AdwCleaner
2015-02-08 12:37 - 2014-09-15 01:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-07 17:29 - 2015-02-11 16:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 17:29 - 2015-02-09 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 17:29 - 2015-02-08 20:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-07 17:27 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 12:03 - 2015-02-07 12:03 - 00158779 _____ () C:\ComboFix.txt
2015-02-07 11:58 - 2015-02-07 11:58 - 00141616 _____ () C:\Windows\Minidump\020715-19718-01.dmp
2015-02-07 11:36 - 2015-02-07 12:03 - 00000000 ____D () C:\Qoobox
2015-02-07 11:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-07 11:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-07 11:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-07 11:35 - 2015-02-07 12:03 - 00000000 ____D () C:\Windows\erdnt
2015-02-07 11:35 - 2015-02-07 11:35 - 05611380 ____R (Swearware) C:\Users\Emily\Desktop\ComboFix.exe
2015-02-07 11:34 - 2015-02-07 11:35 - 05611380 _____ (Swearware) C:\Users\Emily\Downloads\ComboFix.exe
2015-02-07 11:33 - 2015-02-07 11:33 - 00788728 _____ (Emsisoft GmbH) C:\Users\Emily\Downloads\mbrmastr.exe
2015-02-07 11:33 - 2015-02-07 11:33 - 00017904 _____ (Emsi Software GmbH) C:\Users\Emily\Downloads\MBRMastr.sys
2015-02-06 23:13 - 2015-02-07 11:58 - 300521773 _____ () C:\Windows\MEMORY.DMP
2015-02-06 23:13 - 2015-02-07 11:58 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 23:13 - 2015-02-06 23:13 - 00141616 _____ () C:\Windows\Minidump\020615-23010-01.dmp
2015-02-06 22:33 - 2015-02-11 17:43 - 00000000 ____D () C:\FRST
2015-02-06 22:32 - 2015-02-08 20:19 - 00000000 ___RD () C:\Users\Emily\Desktop\Emilys Programme
2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 _____ () C:\Users\Emily\defogger_reenable
2015-02-06 21:19 - 2015-02-06 22:58 - 00000000 ____D () C:\689882de6eaabdefc8
2015-02-06 19:58 - 2015-02-11 17:43 - 00000000 ____D () C:\Users\Emily\Desktop\AntiVirus Programme
2015-02-06 19:54 - 2015-02-06 19:54 - 00000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:51 - 2015-02-06 19:51 - 00000000 ____D () C:\found.000
2015-02-06 19:46 - 2015-02-06 19:46 - 00000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}
2015-02-05 19:40 - 2015-02-05 19:40 - 00000000 ____D () C:\Program Files\VS Revo Group

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 17:28 - 2011-04-28 20:27 - 01642680 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 17:22 - 2013-10-07 15:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 16:21 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 16:21 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 16:16 - 2013-08-06 16:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Skype
2015-02-11 16:14 - 2014-05-02 15:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-11 16:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 16:14 - 2009-07-14 05:39 - 00089146 _____ () C:\Windows\setupact.log
2015-02-11 16:13 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-11 16:13 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-11 15:52 - 2010-07-07 19:31 - 00123760 _____ () C:\Windows\PFRO.log
2015-02-09 19:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-09 18:35 - 2013-11-15 17:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-09 18:34 - 2011-05-20 12:37 - 00120360 _____ () C:\Users\Emily\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 18:32 - 2009-07-14 05:33 - 00424232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-09 17:58 - 2011-05-20 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-09 17:41 - 2010-07-06 21:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 20:26 - 2013-10-07 15:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-08 20:26 - 2013-10-07 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-08 20:19 - 2013-05-05 14:39 - 00001027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-08 20:02 - 2013-09-28 16:08 - 00000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2015-02-07 17:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Globalization
2015-02-07 12:07 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\mozilla firefox
2015-02-07 11:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-07 11:52 - 2009-07-14 03:03 - 59768832 _____ () C:\Windows\system32\config\software.bak
2015-02-07 11:52 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-07 11:51 - 2009-07-14 03:03 - 17563648 _____ () C:\Windows\system32\config\system.bak
2015-02-07 11:51 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2015-02-07 11:26 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-06 22:58 - 2014-03-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.0
2015-02-06 22:58 - 2013-08-04 15:10 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\.minecraft
2015-02-06 22:58 - 2013-05-11 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
2015-02-06 22:58 - 2013-02-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fessie
2015-02-06 22:58 - 2012-11-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-02-06 22:58 - 2010-08-09 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-06 22:58 - 2010-08-09 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack
2015-02-06 22:58 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-06 22:54 - 2011-11-06 17:20 - 00000000 ____D () C:\Program Files\Purplehills
2015-02-06 22:54 - 2011-04-28 22:44 - 00000000 ____D () C:\Program Files\Trend
2015-02-06 22:54 - 2011-04-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
2015-02-06 22:54 - 2010-08-09 13:53 - 00000000 ____D () C:\Program Files\Realtek
2015-02-06 22:53 - 2013-05-11 08:35 - 00000000 ____D () C:\Program Files\LEGO Media
2015-02-06 22:53 - 2012-01-11 17:55 - 00000000 ___RD () C:\MSOCache
2015-02-06 22:53 - 2011-04-28 22:31 - 00000000 ____D () C:\Program Files\Disney Interactive Studios
2015-02-06 22:53 - 2010-08-09 13:13 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-06 22:53 - 2010-08-09 13:11 - 00000000 ____D () C:\Program Files\Medion MediaPack
2015-02-06 22:30 - 2011-04-28 20:33 - 00000000 ____D () C:\Users\Emily
2015-02-06 21:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-05 20:29 - 2010-08-09 13:53 - 00000000 ___HD () C:\Program Files\Temp

==================== Files in the root of some directories =======

2011-06-18 18:20 - 2011-06-18 18:20 - 0018392 _____ () C:\Users\Emily\AppData\Roaming\UserTile.png
2013-09-28 16:08 - 2015-02-08 20:02 - 0000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2014-01-03 18:58 - 2014-01-03 18:58 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-09-28 16:08 - 2014-02-01 15:57 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-TTL.DAT
2014-08-19 20:10 - 2014-08-19 20:10 - 0007605 _____ () C:\Users\Emily\AppData\Local\Resmon.ResmonCfg
2015-02-06 19:54 - 2015-02-06 19:54 - 0000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:46 - 2015-02-06 19:46 - 0000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}

Some content of TEMP:
====================
C:\Users\Emily\AppData\Local\temp\optprosetup.exe
C:\Users\Emily\AppData\Local\temp\Quarantine.exe
C:\Users\Emily\AppData\Local\temp\setup.exe
C:\Users\Emily\AppData\Local\temp\sqlite3.dll
C:\Users\Emily\AppData\Local\temp\uninst1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-09 19:30

==================== End Of Log ============================
         
--- --- ---


LG Nailimixam

Alt 11.02.2015, 19:02   #14
sunjojo
/// Malwareteam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Ok, das sieht jetzt schon fast wieder schön aus. Jedoch hast du total veraltete Programme, welche in hohes Sicherheitsrisiko darstellen. Daher werden wir jetzt noch dein System wieder auf den aktuellen Stand bringen .


Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Emily\Downloads\Player.exe
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 2
Installiere das Service Pack 1 für Windows 7 anhand folgender Anleitung: Installieren von Windows 7 Service Pack 1 (SP1). Lies dir die Anweisungen unter Vorbereitungen durch und befolge die Schritte unter Installieren von SP1 über Windows Update (empfohlen).

Schritt 3
Lade dir bitte den Internet Explorer 11 herunter und installiere diesen. Auch wenn du den Internet Explorer nicht primär verwenden solltest, ist es trotzdem wichtig, diesen aktuell zu halten.

Schritt 4
Nachdem du jetzt deine Systemkomponenten wieder up-to-date haben, updaten wir noch weitere Programme, bzw. deinstallieren veraltete Versionen:
Deinstallieren veralteter Software
  • Java(TM) 6 Update 21
Gehe dafür auf:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Software
Windows Vista/7: Start -> Systemsteuerung -> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) -> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)
und wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8).

Java Version 8 Update 31
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( 8 Update 31 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.

Adobe Reader Version XI (11.0.10)
Firefox 35.0.1
Gehe auf Hilfe -> "Über Firefox" und lasse die neusten Updates suchen.

Schritt 5
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.


Poste folgende Logfiles in deiner nächsten Antwort:
  • FRST.txt
__________________
Gruß,

Jonas

Alt 12.02.2015, 17:36   #15
Nailimixam
 
Win 7: Schwarzbildschirm nach Start des Computers - Standard

Win 7: Schwarzbildschirm nach Start des Computers



Hey Jonas,
eigentlich hat alles geklappt nur konnte ich nicht Windows updaten da jedesmal eine Fehlermeldung am Ende der Instalation erschien.
Dewgen konnte ich auch nicht den Internet Explorer aktualiesieren...
Hier sind die Beiden Files:
Fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-02-2015 02
Ran by Emily at 2015-02-12 16:21:28 Run:2
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Emily\Downloads\Player.exe
EmptyTemp:
*****************

C:\Users\Emily\Downloads\Player.exe => Moved successfully.
EmptyTemp: => Removed 526.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 16:23:01 ====
         
FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by Emily (administrator) on EMILY-PC on 12-02-2015 17:32:11
Running from C:\Users\Emily\Desktop\AntiVirus Programme
Loaded Profiles: UpdatusUser & Emily (Available profiles: UpdatusUser & Emily)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
() C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-04-28] (Apple Computer, Inc.)
HKLM\...\Run: [tvjbmonitor] => C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [53248 2006-12-26] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-2221341230-3600195835-1468495209-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-12] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2221341230-3600195835-1468495209-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2221341230-3600195835-1468495209-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=052913&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @talk.google.com/O1DPlugin -> C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2221341230-3600195835-1468495209-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emily\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emily\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\o792a2zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech                  )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2010-07-26] (NVIDIA Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 a2dda; \??\C:\Users\Emily\Desktop\MBRMastr.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Emily\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 17:29 - 2015-02-12 17:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-12 17:29 - 2015-02-12 17:29 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-02-12 17:29 - 2015-02-12 17:29 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-12 17:21 - 2015-02-12 17:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-12 17:21 - 2015-02-12 17:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-12 17:21 - 2015-02-12 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-12 17:21 - 2015-02-12 17:21 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-12 17:20 - 2015-02-12 17:20 - 00639912 _____ (Oracle Corporation) C:\Users\Emily\Downloads\jxpiinstall.exe
2015-02-12 17:15 - 2015-02-12 17:16 - 37059280 _____ (Microsoft Corporation) C:\Users\Emily\Downloads\IE11-Windows6.1-x86-de-de.exe
2015-02-12 16:46 - 2015-02-12 16:46 - 00000000 ____D () C:\Windows\system32\SPReview
2015-02-11 16:19 - 2015-02-11 16:19 - 00000000 ____D () C:\Program Files\ESET
2015-02-11 16:18 - 2015-02-11 16:19 - 02347384 _____ (ESET) C:\Users\Emily\Downloads\esetsmartinstaller_deu.exe
2015-02-09 18:57 - 2015-02-09 18:57 - 00040338 _____ () C:\mbam.txt
2015-02-09 18:19 - 2015-02-09 18:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-09 18:19 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 18:19 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-08 20:16 - 2015-02-08 20:19 - 00000000 ____D () C:\AdwCleaner
2015-02-08 12:37 - 2014-09-15 01:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-07 17:29 - 2015-02-12 16:26 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 17:29 - 2015-02-09 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 17:29 - 2015-02-08 20:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-07 17:27 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 12:03 - 2015-02-07 12:03 - 00158779 _____ () C:\ComboFix.txt
2015-02-07 11:58 - 2015-02-07 11:58 - 00141616 _____ () C:\Windows\Minidump\020715-19718-01.dmp
2015-02-07 11:36 - 2015-02-07 12:03 - 00000000 ____D () C:\Qoobox
2015-02-07 11:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-07 11:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-07 11:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-07 11:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-07 11:35 - 2015-02-07 12:03 - 00000000 ____D () C:\Windows\erdnt
2015-02-07 11:35 - 2015-02-07 11:35 - 05611380 ____R (Swearware) C:\Users\Emily\Desktop\ComboFix.exe
2015-02-07 11:34 - 2015-02-07 11:35 - 05611380 _____ (Swearware) C:\Users\Emily\Downloads\ComboFix.exe
2015-02-07 11:33 - 2015-02-07 11:33 - 00788728 _____ (Emsisoft GmbH) C:\Users\Emily\Downloads\mbrmastr.exe
2015-02-07 11:33 - 2015-02-07 11:33 - 00017904 _____ (Emsi Software GmbH) C:\Users\Emily\Downloads\MBRMastr.sys
2015-02-06 23:13 - 2015-02-07 11:58 - 300521773 _____ () C:\Windows\MEMORY.DMP
2015-02-06 23:13 - 2015-02-07 11:58 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 23:13 - 2015-02-06 23:13 - 00141616 _____ () C:\Windows\Minidump\020615-23010-01.dmp
2015-02-06 22:33 - 2015-02-12 17:32 - 00000000 ____D () C:\FRST
2015-02-06 22:32 - 2015-02-08 20:19 - 00000000 ___RD () C:\Users\Emily\Desktop\Emilys Programme
2015-02-06 22:30 - 2015-02-06 22:30 - 00000000 _____ () C:\Users\Emily\defogger_reenable
2015-02-06 21:19 - 2015-02-06 22:58 - 00000000 ____D () C:\689882de6eaabdefc8
2015-02-06 19:58 - 2015-02-12 17:32 - 00000000 ____D () C:\Users\Emily\Desktop\AntiVirus Programme
2015-02-06 19:54 - 2015-02-06 19:54 - 00000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:51 - 2015-02-06 19:51 - 00000000 ____D () C:\found.000
2015-02-06 19:46 - 2015-02-06 19:46 - 00000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}
2015-02-05 19:40 - 2015-02-05 19:40 - 00000000 ____D () C:\Program Files\VS Revo Group

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 17:31 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\mozilla firefox
2015-02-12 17:29 - 2011-12-21 12:44 - 00000000 ____D () C:\Users\Emily\AppData\Local\Adobe
2015-02-12 17:29 - 2010-07-06 22:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-12 17:29 - 2010-07-06 22:27 - 00000000 ____D () C:\Program Files\Adobe
2015-02-12 17:22 - 2013-10-07 15:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 17:21 - 2010-07-09 16:52 - 00000000 ____D () C:\Program Files\Java
2015-02-12 17:21 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 17:21 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 17:16 - 2013-11-15 18:21 - 00002504 _____ () C:\Windows\IE11_main.log
2015-02-12 16:49 - 2011-04-28 20:27 - 01859574 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 16:25 - 2010-07-07 19:31 - 00124094 _____ () C:\Windows\PFRO.log
2015-02-12 16:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 16:25 - 2009-07-14 05:39 - 00089258 _____ () C:\Windows\setupact.log
2015-02-11 19:40 - 2013-11-15 17:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 19:40 - 2011-05-20 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 19:40 - 2010-07-06 22:03 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 19:40 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 16:16 - 2013-08-06 16:01 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Skype
2015-02-11 16:14 - 2014-05-02 15:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-11 16:13 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-11 16:13 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-09 19:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-09 18:34 - 2011-05-20 12:37 - 00120360 _____ () C:\Users\Emily\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 18:32 - 2009-07-14 05:33 - 00424232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-09 17:41 - 2010-07-06 21:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 20:26 - 2013-10-07 15:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-08 20:26 - 2013-10-07 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-08 20:19 - 2013-05-05 14:39 - 00001027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-08 20:02 - 2013-09-28 16:08 - 00000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2015-02-07 17:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Globalization
2015-02-07 11:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-07 11:52 - 2009-07-14 03:03 - 59768832 _____ () C:\Windows\system32\config\software.bak
2015-02-07 11:52 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-07 11:51 - 2009-07-14 03:03 - 17563648 _____ () C:\Windows\system32\config\system.bak
2015-02-07 11:51 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2015-02-07 11:26 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-06 22:58 - 2014-03-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.0
2015-02-06 22:58 - 2013-08-04 15:10 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\.minecraft
2015-02-06 22:58 - 2013-05-11 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
2015-02-06 22:58 - 2013-02-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fessie
2015-02-06 22:58 - 2012-11-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-02-06 22:58 - 2010-08-09 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
2015-02-06 22:58 - 2010-08-09 13:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-06 22:58 - 2010-08-09 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack
2015-02-06 22:58 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 22:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-06 22:54 - 2011-11-06 17:20 - 00000000 ____D () C:\Program Files\Purplehills
2015-02-06 22:54 - 2011-04-28 22:44 - 00000000 ____D () C:\Program Files\Trend
2015-02-06 22:54 - 2011-04-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
2015-02-06 22:54 - 2010-08-09 13:53 - 00000000 ____D () C:\Program Files\Realtek
2015-02-06 22:53 - 2013-05-11 08:35 - 00000000 ____D () C:\Program Files\LEGO Media
2015-02-06 22:53 - 2012-01-11 17:55 - 00000000 ___RD () C:\MSOCache
2015-02-06 22:53 - 2011-04-28 22:31 - 00000000 ____D () C:\Program Files\Disney Interactive Studios
2015-02-06 22:53 - 2010-08-09 13:13 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-06 22:53 - 2010-08-09 13:11 - 00000000 ____D () C:\Program Files\Medion MediaPack
2015-02-06 22:30 - 2011-04-28 20:33 - 00000000 ____D () C:\Users\Emily
2015-02-06 21:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-05 20:29 - 2010-08-09 13:53 - 00000000 ___HD () C:\Program Files\Temp

==================== Files in the root of some directories =======

2011-06-18 18:20 - 2011-06-18 18:20 - 0018392 _____ () C:\Users\Emily\AppData\Roaming\UserTile.png
2013-09-28 16:08 - 2015-02-08 20:02 - 0000181 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2014-01-03 18:58 - 2014-01-03 18:58 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-09-28 16:08 - 2014-02-01 15:57 - 0000005 _____ () C:\Users\Emily\AppData\Roaming\WBPU-TTL.DAT
2014-08-19 20:10 - 2014-08-19 20:10 - 0007605 _____ () C:\Users\Emily\AppData\Local\Resmon.ResmonCfg
2015-02-06 19:54 - 2015-02-06 19:54 - 0000000 _____ () C:\Users\Emily\AppData\Local\{E4B1F347-B7C4-4284-A73C-420E7EF7A75E}
2015-02-06 19:46 - 2015-02-06 19:46 - 0000000 _____ () C:\Users\Emily\AppData\Local\{F7B647A1-F642-40DB-B932-2963EFFCFED0}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-09 19:30

==================== End Of Log ============================
         
--- --- ---


LG Nailimixam

Antwort

Themen zu Win 7: Schwarzbildschirm nach Start des Computers
32-bit, antivirus, blackscreen nach windows start, bonjour, browser, computer, desktop, device driver, euro, firefox, flash player, google, helper, home, homepage, iexplore.exe, installation, kennworteingabe, launch, mozilla, newtab, nvpciflt.sys, object, realtek, registry, scan, schach, schwarzbildschirm, security, software, svchost.exe, system, werbung, win 7, windows



Ähnliche Themen: Win 7: Schwarzbildschirm nach Start des Computers


  1. WLAN-Netz bleibt selbst nach Zurücksetzen des Computers in der Liste der gesicherten Netze
    Plagegeister aller Art und deren Bekämpfung - 26.10.2015 (3)
  2. Meldung help file decrypt bei Start des Computers
    Plagegeister aller Art und deren Bekämpfung - 19.08.2015 (21)
  3. Physikalischer Speicher nach Start bei 40% und nach längerer Benutzung bei über 85%
    Log-Analyse und Auswertung - 13.07.2015 (29)
  4. Computers fährt nach hier empfohlenen Programmen nicht mehr hoch !
    Alles rund um Windows - 28.02.2015 (12)
  5. Windows: White Screen nach hochfahren des Computers
    Plagegeister aller Art und deren Bekämpfung - 24.03.2014 (22)
  6. RunDll Fehlermeldung beim Start des Computers
    Plagegeister aller Art und deren Bekämpfung - 14.02.2014 (14)
  7. Sicherheitscenter ist beim Start des Computers immer deaktiviert Windows 7
    Log-Analyse und Auswertung - 01.10.2013 (5)
  8. Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da
    Log-Analyse und Auswertung - 11.09.2013 (32)
  9. SoftwareUpdater.ui.exe will sich kurz nach dem Hochfahren des Computers öffnen
    Log-Analyse und Auswertung - 10.08.2013 (11)
  10. wssetup.exe von Perion Network Ltd. fragt nach jedem Hochfahren des Computers nach Bestätigung
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (10)
  11. Weißer Bildschirm nach Hochfahren des Computers. Windows XP Home Edition
    Plagegeister aller Art und deren Bekämpfung - 19.01.2013 (9)
  12. Nach Start Fehler nach Laden xxxx.dll Modul wurde nicht gefunden
    Log-Analyse und Auswertung - 19.09.2011 (6)
  13. Extremes Problem - Schwarzbildschirm bei Spielen
    Log-Analyse und Auswertung - 16.02.2011 (18)
  14. Abschalten des Computers nach einiger Zeit, Windows 7
    Log-Analyse und Auswertung - 02.03.2010 (0)
  15. ise32 Meldung bei Start des Computers
    Plagegeister aller Art und deren Bekämpfung - 06.05.2009 (2)
  16. Trojaner auch nach Formatierung und Neuinstallation des Computers vorhanden! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2009 (2)
  17. Nach dem Start
    Alles rund um Windows - 12.04.2006 (2)

Zum Thema Win 7: Schwarzbildschirm nach Start des Computers - Hallo zusammen, Mein PC lässt sich seit ein paar Monaten nach dem Start und der Kennworteingabe nicht mehr richtig steuern, da, anstatt dem Desktop nur noch ein Blackscreen zusehen ist... - Win 7: Schwarzbildschirm nach Start des Computers...
Archiv
Du betrachtest: Win 7: Schwarzbildschirm nach Start des Computers auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.