| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Quick Start NewTab" entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.04.2014, 22:23
| #1 |
 |  "Quick Start NewTab" entfernen Hallo liebe Community, Ich habe mir heute ein Spiel gedownloadet und anscheinend ein wenig Arbeit mitbekommen. Als erstes wars ein Browservirus, das 2. mal wieder. für diese könnte ich auf Chip.de lösungen finden und sie somit entfernen/deinstallieren. Jetzt stehe ich aber bei Quick Start NewTab an! Habe hier im Forum schonmal eine grobe Anleitung gelesen und Malewarebytes Anti Maleware installiert und scannen lassen, hier der LogFile: <?xml version="1.0" encoding="UTF-16"?> -<mbam-log> -<header> <date>2014/04/13 22:58:40 +0200</date> <log>mbam-log-2014-04-13 (22-48-49).xml</log> <isadmin>yes</isadmin> </header> -<engine> <version>2.00.1.1004</version> <rules-database>v2014.04.13.08</rules-database> <swissarmy-database>v2014.03.27.01</swissarmy-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Sebastian</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>248658</objects> <time>589</time> <processes>3</processes> <modules>1</modules> <keys>95</keys> <values>4</values> <datas>17</datas> <folders>41</folders> <files>148</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <shuriken>enabled</shuriken> <pup>enabled</pup> <pum>enabled</pum> </options> -<items> -<process> <path>C:\ProgramData\WPM\wprotectmanager.exe</path> <vendor>PUP.Optional.WpManager</vendor> <action>delete-on-reboot</action> <pid>2984</pid> <hash>03d9d653c1ba0e2820ac05552ad71ce4</hash> </process> -<process> <path>C:\ProgramData\IePluginService\PluginService.exe</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>delete-on-reboot</action> <pid>2780</pid> <hash>66763aefd0ab8babbcbc163a44bd2ad6</hash> </process> -<process> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <pid>2896</pid> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </process> -<module> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </module> -<key> <path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm</path> <vendor>PUP.Optional.WpManager</vendor> <action>success</action> <hash>03d9d653c1ba0e2820ac05552ad71ce4</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WPM</path> <vendor>PUP.Optional.WpManager</vendor> <action>success</action> <hash>03d9d653c1ba0e2820ac05552ad71ce4</hash> </key> -<key> <path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>success</action> <hash>66763aefd0ab8babbcbc163a44bd2ad6</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}</path> <vendor>PUP.Optional.QuickShare.A</vendor> <action>success</action> <hash>528a52d72f4cbe78ccb4e7605ca6aa56</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}</path> <vendor>PUP.Optional.QuickShare.A</vendor> <action>success</action> <hash>528a52d72f4cbe78ccb4e7605ca6aa56</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3CFAF932-A9CB-4E59-99A0-FE04E9DF9328}</path> <vendor>PUP.Optional.NetTock.A</vendor> <action>success</action> <hash>b62608215427cc6a4fc854be12f0ab55</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CFAF932-A9CB-4E59-99A0-FE04E9DF9328}</path> <vendor>PUP.Optional.NetTock.A</vendor> <action>success</action> <hash>b62608215427cc6a4fc854be12f0ab55</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\TYPELIB\{363BB65D-1747-4826-B445-1DA6244E2037}</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{363BB65D-1747-4826-B445-1DA6244E2037}</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>6d6f46e391eacd698326de8c4db56b95</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>2bb130f9354646f00f9a86e422e0669a</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>a13b5acf116a0d29f0b97af02bd79967</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>2bb175b4087364d22d7bf2781ee413ed</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>4696c861fb80e84e0b9e3e2cf40e35cb</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>9745f534037873c3c6e3185203ffaf51</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>32aa67c28fec73c324854a2003ffc53b</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>d00cb079c4b72115cddc432742c0966a</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>23b9a980b9c28da94d5c14560cf6a759</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>a03c2702205b42f4b4f50268c43ed22e</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>20bc03267b00b97d4564ea80847e8779</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>14c8e5441a61dc5abeeb6bff12f00bf5</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>8b51d05997e483b3c5e4bcaec93906fa</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>5884bb6ebcbfe84efcadec7eb64c5fa1</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>e5f7ec3db6c5d75f38712149fc061ee2</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>f4e8a1880b70b086654446240002ec14</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>09d383a64e2d95a1b6f3bcaea95944bc</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>7e5e28012853072fa801d991d0326d93</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>bb2155d45a21b185e5c44a208a78669a</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>459738f1b2c93600a7021a50b15151af</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>9f3d03261d5e56e010995e0c08fa03fd</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>716b5acf68131d192980b4b6cf3312ee</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>697338f1df9c49ed25843e2cc53d20e0</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>fedee346245725111f8afa70a85a9f61</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>20bca782afcc89ad9a0f51192bd706fa</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>a4382900b9c27abcfdac5e0c4eb4c739</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>b428b178f586da5cfeabf2787b872ed2</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>0dcf8b9e98e30b2b19906cfe847e19e7</hash> </key> -<key> <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path> <vendor>PUP.Optional.Qone8</vendor> <action>success</action> <hash>845830f98bf04fe71521108afb08a957</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\DealPlyLive</path> <vendor>PUP.Optional.DealPly.A</vendor> <action>success</action> <hash>8c50b17885f6ae882ca2266906fdd828</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\InstallIQ</path> <vendor>PUP.Optional.InstallBrain.A</vendor> <action>success</action> <hash>4d8f9c8d9cdfe45216f9bbb707fb7f81</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware</path> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>success</action> <hash>e1fbdb4e1c5f3cfa9f82e08b0cf68977</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>6e6e67c277043303dccd4e1cd131857b</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>4498f237403b1521911874f6877b9a66</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>34a82bfeeb90ac8a2d7c3c2efd05ce32</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>d903e9400f6c9d990a9eb0ba15ed8977</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>bb21ce5b0e6d072f2a7ff27825dd16ea</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>9943d8510f6c211500a9343662a035cb</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>bf1d56d3295222146b3edd8d33cfd729</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>16c686a3512a94a206a3f872bf43d62a</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>25b781a87b00f83eb9f068026d9545bb</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>4795c861106b92a4edbc3a307c867f81</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>d5072cfdee8db97d9514fa70e31f4ab6</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>508c5ccd92e97fb71297b2b8b54dee12</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>4d8f01289edd73c3a2076307719107f9</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>dc000623abd0cf672e7b8cde49b9a858</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>f3e9cb5ea3d825112089fe6cd32fa15f</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>34a8e940f08b3402a70286e4649ee11f</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>d9038f9a6d0e6ccadfca600a6f93ba46</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>a73546e39ae10e289f0afd6d6b97c937</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>974566c39ddecd69efbab6b4d42ef808</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>29b3eb3e0b7062d45752b0ba5ca6e21e</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>34a806237cff290d7f2a5317ca38cb35</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>28b49891512a39fd1c8da4c68b7726da</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>499384a594e771c578311e4c877bc23e</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>be1ecf5a95e6c175d9d0f476fb079868</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>914b4edb601b1026357427438a78817f</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>1cc0c0693348b4820f9ae684bb4742be</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>1dbf8d9cbebd360018916bff48bae020</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>904c41e8304b54e2acfd3b2fb74b1ce4</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path> <vendor>PUP.Optional.Qone8</vendor> <action>success</action> <hash>07d5d4550b706ccabf7776244ab9a65a</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller</path> <vendor>PUP.Optional.BundleInstaller.A</vendor> <action>success</action> <hash>fedea089601b50e615a15f1651b13cc4</hash> </key> -<key> <path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pricemeterliveUpdate</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </key> -<key> <path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pricemeterliveUpdatem</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </key> -<key> <path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRICEMETERLIVEUPDATE.EXE</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRICEMETERLIVEUPDATE.EXE</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path> <vendor>PUP.Optional.InstallCore.A</vendor> <action>success</action> <hash>617bef3a3348340270bfbcbc36ccbc44</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path> <vendor>PUP.Optional.InstallCore.A</vendor> <action>success</action> <hash>d606012857245dd9d694f29cd92a718f</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path> <vendor>PUP.Optional.Qone8</vendor> <action>success</action> <hash>f6e609202f4c5dd9cf66d7c3c73c8f71</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89449F37-4AB2-46ED-A566-BB3A7797701B}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{89449F37-4AB2-46ED-A566-BB3A7797701B}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F509ADC2-B40E-470F-A7B7-45191486B5CB}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F509ADC2-B40E-470F-A7B7-45191486B5CB}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<value> <path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path> <valuename>quick_start@gmail.com</valuename> <vendor>PUP.Optional.QuickStart.A</vendor> <action>success</action> <valuedata>C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\extensions\quick_start@gmail.com</valuedata> <hash>924a50d9c1ba65d1c7179fcc837f03fd</hash> </value> -<value> <path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM</path> <valuename>ImagePath</valuename> <vendor>PUP.Optional.WpManager.A</vendor> <action>success</action> <valuedata>C:\ProgramData\WPM\wprotectmanager.exe -service</valuedata> <hash>bf1d6cbd5d1e54e21202e0bfdd26e917</hash> </value> -<value> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path> <valuename>tb</valuename> <vendor>PUP.Optional.InstallCore.A</vendor> <action>success</action> <valuedata>0R2Y1I1P1N0J1U1C</valuedata> <hash>d606012857245dd9d694f29cd92a718f</hash> </value> -<value> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path> <valuename>ProxyServer</valuename> <vendor>PUM.Bad.Proxy</vendor> <action>success</action> <valuedata>http=127.0.0.1:13828</valuedata> <hash>0bd1bd6c9fdc75c189d106a1f310c838</hash> </value> -<data> <path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path> <valuename/> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>iexplore.exe</gooddata> <hash>29b390997803a98dfff8b46209fbb64a</hash> </data> -<data> <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Start Page</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>www.google.com</gooddata> <hash>b8245ccdd2a92b0bc13a73a3d1339070</hash> </data> -<data> <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Default_Search_URL</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/web/?type=ds&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW&q={searchTerms}</valuedata> <baddata>hxxp://istart.webssearches.com/web/?type=ds&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW&q={searchTerms}</baddata> <gooddata>www.google.com</gooddata> <hash>27b585a4b4c773c315e5070f7f851be5</hash> </data> -<data> <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Default_Page_URL</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>www.google.com</gooddata> <hash>efedd4555c1fe84ef702070f64a013ed</hash> </data> -<data> <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path> <valuename>DefaultScope</valuename> <vendor>PUP.Optional.Qone8</vendor> <action>replaced</action> <valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata> <baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata> <gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata> <hash>904ce2477cff39fdd90ef030768e11ef</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path> <valuename/> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>iexplore.exe</gooddata> <hash>07d57dac7506013554a3c551ce368779</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Start Page</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>www.google.com</gooddata> <hash>8c502900116aa690f60532e406fe7888</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Default_Search_URL</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/web/?type=ds&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW&q={searchTerms}</valuedata> <baddata>hxxp://istart.webssearches.com/web/?type=ds&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW&q={searchTerms}</baddata> <gooddata>www.google.com</gooddata> <hash>6379b07984f716205e9c30e6da2a0bf5</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Default_Page_URL</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>www.google.com</gooddata> <hash>8458cc5de893d462ac4d66b041c3c838</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path> <valuename>DefaultScope</valuename> <vendor>PUP.Optional.Qone8</vendor> <action>replaced</action> <valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata> <baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata> <gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata> <hash>18c49a8f572460d62fb8bf619a6abe42</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL</path> <valuename>Default</valuename> <vendor>PUP.Optional.SnapDo.A</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mwsk,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mwsk,&q={searchTerms}</baddata> <gooddata>www.google.com</gooddata> <hash>a9330d1c6f0c82b47e70120483814cb4</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Search Page</valuename> <vendor>PUP.Optional.Snapdo</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</baddata> <gooddata>hxxp://www.google.com</gooddata> <hash>c5170c1d1e5d221494c37fa1e2227987</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Start Page</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>www.google.com</gooddata> <hash>09d340e9fa8151e5ba05d24f7e86639d</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Search Bar</valuename> <vendor>PUP.Optional.Snapdo</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</baddata> <gooddata>hxxp://www.google.com</gooddata> <hash>0bd16cbdabd03006aea844dcff05d32d</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH</path> <valuename>Default_Search_URL</valuename> <vendor>PUP.Optional.Snapdo</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</baddata> <gooddata>hxxp://www.google.com</gooddata> <hash>cd0fad7cd9a2f04674e565bbf21217e9</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH</path> <valuename>SearchAssistant</valuename> <vendor>PUP.Optional.Snapdo</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</baddata> <gooddata>hxxp://www.google.com</gooddata> <hash>32aa17121a6166d02a305fc1dd276799</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL</path> <valuename>Default</valuename> <vendor>PUP.Optional.SnapDo.A</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</baddata> <gooddata>www.google.com</gooddata> <hash>ab319297493279bd08e78c8a3fc53cc4</hash> </data> -<folder> <path>C:\Program Files (x86)\SupTab</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\img</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\img\weather</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\en-US</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\es-419</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\es-ES</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-BE</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-CA</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-CH</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-FR</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-LU</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\it-CH</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\it-IT</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\pl</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\pt</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\pt-BR</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\ru</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\ru-MO</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\tr-TR</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\vi-VI</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\zh-CN</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\zh-TW</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Local\WeatherAlerts</path> <vendor>PUP.Optional.WeatherAlerts</vendor> <action>success</action> <hash>6874ba6f82f946f0f1f988d434cecf31</hash> </folder> -<folder> <path>C:\ProgramData\IePluginService</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>delete-on-reboot</action> <hash>f2eab9706813f93d255b7fde986a5da3</hash> </folder> -<folder> <path>C:\ProgramData\IePluginService\update</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>success</action> <hash>f2eab9706813f93d255b7fde986a5da3</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Roaming\webssearches</path> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>success</action> <hash>38a416136d0e0c2a3d7b80e1986afe02</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Roaming\webssearches\images</path> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>success</action> <hash>38a416136d0e0c2a3d7b80e1986afe02</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Roaming\webssearches\log</path> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>success</action> <hash>38a416136d0e0c2a3d7b80e1986afe02</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater\UpdateProc</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\CrashReports</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Download</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Install</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Offline</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Offline\{81687F83-A633-4063-8C92-7C0DCAFFF90B}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\core.exe</path> <vendor>Adware.Bundle</vendor> <action>delete-on-reboot</action> <hash>eeee77b233486dc90e27f91dad54d62a</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\melc.exe</path> <vendor>Adware.Bundle</vendor> <action>delete-on-reboot</action> <hash>815bd752dba096a084b1cf472ad77b85</hash> </file> -<file> <path>C:\ProgramData\WPM\wprotectmanager.exe</path> <vendor>PUP.Optional.WpManager</vendor> <action>delete-on-reboot</action> <hash>03d9d653c1ba0e2820ac05552ad71ce4</hash> </file> -<file> <path>C:\ProgramData\IePluginService\PluginService.exe</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>delete-on-reboot</action> <hash>66763aefd0ab8babbcbc163a44bd2ad6</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\SupTab.dll</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\SupTab\SupTab.dll</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>6676ed3c1d5e78be86c4171ee81817e9</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\20575733.exe</path> <vendor>PUP.Optional.SafeInstall.A</vendor> <action>success</action> <hash>716be742a6d586b02f7b143279883cc4</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\21323253.exe</path> <vendor>PUP.Optional.SafeInstall.A</vendor> <action>success</action> <hash>a636cf5ad1aa81b5eac0bb8b946da15f</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\MediaPlayer__5647_il380.exe</path> <vendor>PUP.Optional.Amonetize.A</vendor> <action>success</action> <hash>3ba1c2674b303afcdd7cb38936cad12f</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\fox.exe</path> <vendor>Adware.Bundle</vendor> <action>success</action> <hash>9646ec3df9828fa767ce869050b1738d</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\svhosts.exe</path> <vendor>Adware.Bundle</vendor> <action>success</action> <hash>27b5c762fa81af8742f36bab6e932bd5</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\instloffer.exe</path> <vendor>PUP.Optional.Vittalia</vendor> <action>success</action> <hash>924aae7b34471e18e6e8ff759d6414ec</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\fullpackage_temp1397417104\alilog.dll</path> <vendor>PUP.Optional.SkyTech.A</vendor> <action>success</action> <hash>489441e8c4b761d5da3833fffe02f709</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\fullpackage_temp1397417104\package1.zip</path> <vendor>PUP.Optional.SkyTech.A</vendor> <action>success</action> <hash>1dbf79b0d8a3ea4cd73b89a9cb35827e</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\fullpackage_temp1397417104\tmp\SupTab.exe</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>success</action> <hash>b12b0f1aaecdc47298e09cb4728fe31d</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\fullpackage_temp1397417104\tmp\wpm.exe</path> <vendor>PUP.Optional.WpManager</vendor> <action>success</action> <hash>ae2e36f3d9a2ed49527a3e1cbc45ef11</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\Phx8E12\DesktopWeatherAlertsSetup.exe</path> <vendor>PUP.Optional.WeatherAlerts.A</vendor> <action>success</action> <hash>49930e1bb4c7df5718588fbaa16303fd</hash> </file> -<file> <path>C:\Users\Sebastian\Downloads\installer_microsoft_picture_it_9_0_Deutsch.exe</path> <vendor>PUP.Optional.Vittalia</vendor> <action>success</action> <hash>c715f33695e6e94d1db34807bc4539c7</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\41\a18467.exe</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </file> -<file> <path>C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>f8e425044d2ef442d2d88bdf976b8080</hash> </file> -<file> <path>C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>0bd137f2f28991a5e3c78ddd49b98779</hash> </file> -<file> <path>C:\Windows\Tasks\PriceMeterUpdater.job</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>8b5155d48cef46f0eac1e28829d9d42c</hash> </file> -<file> <path>C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml</path> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>success</action> <hash>fce087a286f5f442b370016a37cb58a8</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\searchplugins\Web Search.xml</path> <vendor>PUP.Optional.WebSearch.A</vendor> <action>success</action> <hash>31ab8c9d95e6f93dc621a7c619e93fc1</hash> </file> -<file> <path>C:\Windows\System32\roboot64.exe</path> <vendor>PUP.Optional.PCPerformer.A</vendor> <action>success</action> <hash>e1fb27020e6d54e226c3bdb4cc36867a</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\install.data</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\uninstall.exe</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\WebDataJs</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\data.html</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\indexIE.html</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\indexIE8.html</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\main.css</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\ver.txt</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\arrow.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\default_add_logo.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\default_logo.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\googlelogo.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\googlelogo2.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\google_trends.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\icon128.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\icon16.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\icon48.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\loading.gif</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\logo32.ico</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\search.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\sliders.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\weather\0.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\common.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\ga.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\ie8.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\js.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\library.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\xagainit.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Windows\Tasks\PassShow Update.job</path> <vendor>PUP.Optional.PassShow.A</vendor> <action>success</action> <hash>9448b6732e4d1a1cb75dec8c23dfbf41</hash> </file> -<file> <path>C:\Windows\Tasks\AmiUpdXp.job</path> <vendor>PUP.Software.Updater</vendor> <action>success</action> <hash>d00cc2676e0d7cba4784334c27dbe818</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </file> -<file> <path>C:\ProgramData\IePluginService\update\conf</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>success</action> <hash>f2eab9706813f93d255b7fde986a5da3</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater\UpdateProc\config.dat</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater\UpdateProc\info.dat</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater\UpdateProc\STTL.DAT</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater\UpdateProc\TTL.DAT</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_de.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_el.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_en-GB.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_en.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_es-419.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_es.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_et.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fa.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fi.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fil.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fr.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_gu.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hi.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hr.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hu.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_id.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_it.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_iw.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ja.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_kn.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ko.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_lt.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_lv.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ml.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_mr.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ms.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_nl.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_no.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pl.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pt-BR.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pt-PT.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ro.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_am.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ar.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_bg.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_bn.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ca.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_cs.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sk.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sl.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sr.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sv.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sw.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ta.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_te.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_th.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_tr.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_uk.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ur.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_vi.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_zh-CN.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_zh-TW.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdate.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateBroker.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateHandler.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateHelper.msi</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateOnDemand.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\psmachine.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\psuser.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_da.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_is.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ru.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\rundll32.exe</path> <vendor>Heuristics.Reserved.Word.Exploit</vendor> <action>success</action> <hash>38a42dfc0774de58903fec35966ec040</hash> </file> </items> </mbam-log> Dann noch mit ADWCLeaner drüber, hier der logFile: # AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 23:16:02 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 7 Professional N Service Pack 1 (64 bits) # Benutzername : Sebastian - SEBASTIAN-PC # Gestartet von : C:\Users\Sebastian\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\WPM Ordner Gelöscht : C:\Program Files (x86)\smart pc cleaner Ordner Gelöscht : C:\Users\SEBAST~1\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\SupTab Ordner Gelöscht : C:\Users\Sebastian\Documents\smart pc cleaner Datei Gelöscht : C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk Datei Gelöscht : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\user.js ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\SmartBar Schlüssel Gelöscht : HKLM\Software\IePlugin Schlüssel Gelöscht : HKLM\Software\supTab Schlüssel Gelöscht : HKLM\Software\supWPM Schlüssel Gelöscht : HKLM\Software\Vittalia Schlüssel Gelöscht : HKLM\Software\Wpm ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\prefs.js ] Zeile gelöscht : user_pref("extensions.helperbar.BackPageActive", true); Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true); Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3); Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0); Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 13); Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1397239562309"); Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15); Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "126436"); Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "at"); Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "vertitechnologyybch"); Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/www.superfish.com\\\\\\/ws\\\\\\/[...] Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false"); Zeile gelöscht : user_pref("extensions.helperbar.installationid", "da50b1bf-5fd6-ed05-535b-a3825fd7922b"); Zeile gelöscht : user_pref("extensions.helperbar.installdate", "13/04/2014"); Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1397412362"); Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1397412373194"); Zeile gelöscht : user_pref("extensions.helperbar.publisher", "vertitechnologyyb"); ************************* AdwCleaner[R0].txt - [6583 octets] - [13/04/2014 23:14:15] AdwCleaner[S0].txt - [5722 octets] - [13/04/2014 23:16:02] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5782 octets] ########## Wie gehts jetzt weiter? mfg Sebastian |
|
14.04.2014, 07:47
| #2 |
| /// Malwareteam   | "Quick Start NewTab" entfernen Hallo
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
14.04.2014, 23:18
| #3 |
| | "Quick Start NewTab" entfernen Servus, danke für die schnelle Hilfe!
__________________Normal: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by Sebastian (administrator) on SEBASTIAN-PC on 15-04-2014 00:13:35 Running from C:\Users\Sebastian\Desktop Windows 7 Professional N Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\PassShow-soft\PassShowZTw158.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe (Realtek) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWlan.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\Program Files (x86)\PassShow-soft\PassShowZTwzBw.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Dropbox, Inc.) C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-06] (Microsoft Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-1609159171-3726035027-2611498187-1000\...\Run: [PriceMeterW] => "C:\Users\Sebastian\AppData\Local\PriceMeter\pricemeterw.exe" HKU\S-1-5-21-1609159171-3726035027-2611498187-1000\...\MountPoints2: {bf4338b3-4965-11e3-8b45-00252233bbc3} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1609159171-3726035027-2611498187-1000\...\MountPoints2: {bf433ad0-4965-11e3-8b45-00252233bbc3} - D:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1609159171-3726035027-2611498187-1000\...\MountPoints2: {c7015693-2dba-11e3-a0e1-806e6f6e6963} - D:\Setup.exe Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE14222FE4557CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default FF Homepage: www.google.at FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube HD - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2013-10-07] FF Extension: 1-Click YouTube Video Downloader - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-10-07] FF Extension: Adblock Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-06] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 PassShow; C:\Program Files (x86)\PassShow-soft\PassShowZTw158.exe [131584 2014-04-13] () R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2009-07-10] (Realtek) R2 RealtekUSB; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [36864 2007-07-28] (Realtek) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-15 00:13 - 2014-04-15 00:13 - 00011377 _____ () C:\Users\Sebastian\Desktop\FRST.txt 2014-04-15 00:13 - 2014-04-15 00:13 - 00000000 ____D () C:\FRST 2014-04-15 00:12 - 2014-04-15 00:12 - 02054144 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe 2014-04-14 15:36 - 2014-04-14 15:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-14 15:36 - 2014-04-14 15:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-14 14:54 - 2014-04-14 14:54 - 00006716 _____ () C:\Users\Sebastian\Downloads\All_Unlocked.zip 2014-04-13 23:19 - 2014-04-13 23:19 - 00005886 _____ () C:\Users\Sebastian\Desktop\AdwCleaner[S0].txt 2014-04-13 23:13 - 2014-04-13 23:16 - 00000000 ____D () C:\AdwCleaner 2014-04-13 23:12 - 2014-04-13 23:12 - 01426178 _____ () C:\Users\Sebastian\Desktop\adwcleaner.exe 2014-04-13 22:59 - 2014-04-13 22:58 - 00147356 _____ () C:\Users\Sebastian\Desktop\malewarelog.xml 2014-04-13 22:23 - 2014-04-14 22:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-13 22:23 - 2014-04-13 22:23 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-13 22:23 - 2014-04-13 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-13 22:23 - 2014-04-13 22:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-13 22:23 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-13 22:23 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-13 22:23 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-13 22:18 - 2014-04-13 22:18 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sebastian\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2014-04-13 22:05 - 2014-04-13 22:05 - 00003174 _____ () C:\Windows\System32\Tasks\{B3F1DDD1-0F5F-4DB1-A25C-44046648AB80} 2014-04-13 21:54 - 2014-04-14 21:55 - 00000398 _____ () C:\Windows\Tasks\PassShow_wd.job 2014-04-13 21:54 - 2014-04-14 21:20 - 00000000 ____D () C:\Program Files (x86)\PassShow-soft 2014-04-13 21:54 - 2014-04-13 21:54 - 00002994 _____ () C:\Windows\System32\Tasks\PassShow_wd 2014-04-13 21:54 - 2014-04-13 21:54 - 00000000 ____D () C:\Program Files (x86)\VIO Player 2014-04-13 21:27 - 2014-04-13 21:27 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-13 21:24 - 2014-04-13 22:58 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\41 2014-04-13 21:07 - 2014-04-14 23:44 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\NFS Underground 2 2014-04-13 21:06 - 2004-10-26 01:37 - 05987981 _____ () C:\Users\Sebastian\Desktop\speed2.exe 2014-04-13 21:03 - 2014-04-13 21:03 - 00002208 _____ () C:\Users\Public\Desktop\Need for Speed Underground 2.lnk 2014-04-13 20:54 - 2014-04-13 20:54 - 00000000 ____D () C:\Program Files (x86)\EA GAMES 2014-04-13 20:29 - 2014-04-13 22:05 - 00001164 _____ () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-13 20:21 - 2014-04-13 20:21 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-13 20:20 - 2014-04-13 20:21 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp 2014-04-11 21:25 - 2014-04-11 21:25 - 28351555 _____ () C:\Users\Sebastian\Desktop\▶ My BMW E30 ALPINA C2 2.5 track car teaser - YouTube [720p].mp4 2014-04-11 17:04 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-11 17:04 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-11 17:04 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-11 17:04 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-11 17:03 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-11 17:03 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-11 17:03 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-11 17:03 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-11 17:03 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-11 17:03 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-11 17:03 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-11 17:03 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-11 17:03 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-11 17:03 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-11 17:03 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-11 17:03 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-11 17:03 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-11 17:03 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-11 17:03 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-11 17:03 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-11 17:03 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 22:06 - 2014-04-08 22:06 - 00041804 _____ () C:\Users\Sebastian\Desktop\Stückholzheizung & Pufferspeicher.pptx 2014-04-02 16:48 - 2014-04-02 16:48 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Users\Sebastian\Documents\My Games 2014-04-02 16:39 - 2014-04-02 16:39 - 00002315 _____ () C:\Users\Public\Desktop\Goat Simulator.lnk 2014-04-02 16:39 - 2014-04-02 16:39 - 00000000 ____D () C:\Program Files (x86)\Goat Simulator 2014-04-02 16:20 - 2014-04-02 16:20 - 00000000 ____D () C:\Users\Sebastian\Desktop\schön 2014-03-30 21:41 - 2014-03-30 21:41 - 00000000 ____D () C:\Windows\de 2014-03-30 21:41 - 2014-03-30 21:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-03-30 21:40 - 2014-03-30 21:41 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-03-30 21:39 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2014-03-30 21:39 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-03-30 21:39 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-03-30 21:39 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2014-03-30 21:39 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-03-30 21:39 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2014-03-30 21:39 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-03-30 21:39 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2014-03-30 21:37 - 2014-03-30 21:42 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Windows Live 2014-03-30 21:34 - 2014-03-30 21:36 - 142602520 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\wlsetup-all_16.4.3508.0205.exe 2014-03-30 21:03 - 2014-04-03 03:01 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-03-30 21:02 - 2014-04-03 03:00 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-03-30 21:02 - 2014-04-03 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-03-30 21:00 - 2014-03-30 21:01 - 13697720 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\mseinstall(1).exe 2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 19:34 - 2014-03-30 19:37 - 00000000 ____D () C:\Users\Sebastian\Desktop\Driftsession 31.01.2014 2014-03-26 17:38 - 2014-03-30 19:37 - 00000078 _____ () C:\Users\Sebastian\AppData\Roaming\WB.CFG 2014-03-26 16:42 - 2014-03-26 16:43 - 00000000 ____D () C:\Users\Sebastian\Desktop\alt 2014-03-26 16:42 - 2014-03-26 16:42 - 00000000 ____D () C:\Users\Sebastian\Desktop\mopeds 2014-03-26 16:41 - 2014-04-02 16:47 - 00000000 ____D () C:\Users\Sebastian\Desktop\schule 2014-03-26 16:40 - 2014-03-30 20:59 - 00003688 _____ () C:\Windows\System32\Tasks\pricemeterwatcher 2014-03-26 16:40 - 2014-03-30 20:59 - 00003680 _____ () C:\Windows\System32\Tasks\pricemetertask 2014-03-26 16:37 - 2014-03-26 16:37 - 00003324 _____ () C:\Windows\System32\Tasks\pricemeterdownloader 2014-03-26 16:37 - 2014-03-26 16:37 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DVDVideoSoft 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\PriceMeterLiveUpdate 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-03-26 16:35 - 2014-03-26 16:35 - 00634288 _____ () C:\Users\Sebastian\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe 2014-03-26 16:19 - 2014-03-26 16:25 - 301111156 _____ () C:\Users\Sebastian\Downloads\Reparaturanleitungen_E30_www.e30-forever.de.rar 2014-03-26 14:29 - 2014-03-26 14:29 - 10452996 _____ () C:\Users\Sebastian\Downloads\Photos_downloaded_by_AirDroid(11).zip ==================== One Month Modified Files and Folders ======= 2014-04-15 00:13 - 2014-04-15 00:13 - 00011377 _____ () C:\Users\Sebastian\Desktop\FRST.txt 2014-04-15 00:13 - 2014-04-15 00:13 - 00000000 ____D () C:\FRST 2014-04-15 00:12 - 2014-04-15 00:12 - 02054144 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe 2014-04-14 23:44 - 2014-04-13 21:07 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\NFS Underground 2 2014-04-14 23:39 - 2013-10-05 14:39 - 01548942 _____ () C:\Windows\WindowsUpdate.log 2014-04-14 23:17 - 2013-10-06 11:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-14 22:01 - 2014-04-13 22:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-14 21:55 - 2014-04-13 21:54 - 00000398 _____ () C:\Windows\Tasks\PassShow_wd.job 2014-04-14 21:47 - 2009-07-14 06:50 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-14 21:47 - 2009-07-14 06:50 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-14 21:44 - 2013-10-06 12:30 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-04-14 21:44 - 2013-10-06 12:30 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-04-14 21:44 - 2009-07-14 07:12 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-14 21:40 - 2013-10-28 20:34 - 00000000 ___RD () C:\Users\Sebastian\Dropbox 2014-04-14 21:40 - 2013-10-28 20:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Dropbox 2014-04-14 21:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-14 21:39 - 2009-07-14 06:56 - 00031615 _____ () C:\Windows\setupact.log 2014-04-14 21:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-14 21:20 - 2014-04-13 21:54 - 00000000 ____D () C:\Program Files (x86)\PassShow-soft 2014-04-14 15:36 - 2014-04-14 15:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-14 15:36 - 2014-04-14 15:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-14 14:54 - 2014-04-14 14:54 - 00006716 _____ () C:\Users\Sebastian\Downloads\All_Unlocked.zip 2014-04-13 23:19 - 2014-04-13 23:19 - 00005886 _____ () C:\Users\Sebastian\Desktop\AdwCleaner[S0].txt 2014-04-13 23:16 - 2014-04-13 23:13 - 00000000 ____D () C:\AdwCleaner 2014-04-13 23:16 - 2013-10-05 18:42 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-13 23:12 - 2014-04-13 23:12 - 01426178 _____ () C:\Users\Sebastian\Desktop\adwcleaner.exe 2014-04-13 23:00 - 2013-10-06 12:26 - 00159188 _____ () C:\Windows\PFRO.log 2014-04-13 22:58 - 2014-04-13 22:59 - 00147356 _____ () C:\Users\Sebastian\Desktop\malewarelog.xml 2014-04-13 22:58 - 2014-04-13 21:24 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\41 2014-04-13 22:58 - 2009-07-14 07:38 - 00000000 ____D () C:\Windows\Performance 2014-04-13 22:23 - 2014-04-13 22:23 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-13 22:23 - 2014-04-13 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-13 22:23 - 2014-04-13 22:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-13 22:18 - 2014-04-13 22:18 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sebastian\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2014-04-13 22:05 - 2014-04-13 22:05 - 00003174 _____ () C:\Windows\System32\Tasks\{B3F1DDD1-0F5F-4DB1-A25C-44046648AB80} 2014-04-13 22:05 - 2014-04-13 20:29 - 00001164 _____ () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-13 22:05 - 2013-10-05 14:44 - 00001425 _____ () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-13 21:54 - 2014-04-13 21:54 - 00002994 _____ () C:\Windows\System32\Tasks\PassShow_wd 2014-04-13 21:54 - 2014-04-13 21:54 - 00000000 ____D () C:\Program Files (x86)\VIO Player 2014-04-13 21:27 - 2014-04-13 21:27 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-13 21:27 - 2013-10-09 18:01 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-13 21:03 - 2014-04-13 21:03 - 00002208 _____ () C:\Users\Public\Desktop\Need for Speed Underground 2.lnk 2014-04-13 21:03 - 2013-11-09 12:00 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-04-13 20:54 - 2014-04-13 20:54 - 00000000 ____D () C:\Program Files (x86)\EA GAMES 2014-04-13 20:51 - 2009-07-14 06:50 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-13 20:49 - 2013-10-06 09:58 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\uTorrent 2014-04-13 20:28 - 2013-10-05 16:22 - 00109280 _____ () C:\Users\Sebastian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-13 20:21 - 2014-04-13 20:21 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-13 20:21 - 2014-04-13 20:20 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp 2014-04-13 20:21 - 2013-11-09 22:44 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\HTC 2014-04-13 20:21 - 2013-11-09 22:38 - 00000000 ____D () C:\ProgramData\HTC 2014-04-13 20:17 - 2013-10-05 14:44 - 00000000 ___RD () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-11 23:35 - 2013-10-09 19:17 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-11 23:34 - 2013-10-06 10:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 23:33 - 2013-10-06 10:34 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-11 22:26 - 2014-02-25 22:56 - 00000000 ____D () C:\Users\Sebastian\Desktop\mein e30 2014-04-11 21:25 - 2014-04-11 21:25 - 28351555 _____ () C:\Users\Sebastian\Desktop\▶ My BMW E30 ALPINA C2 2.5 track car teaser - YouTube [720p].mp4 2014-04-08 22:06 - 2014-04-08 22:06 - 00041804 _____ () C:\Users\Sebastian\Desktop\Stückholzheizung & Pufferspeicher.pptx 2014-04-03 09:51 - 2014-04-13 22:23 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-13 22:23 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-13 22:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-03 03:01 - 2014-03-30 21:03 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-03 03:00 - 2014-03-30 21:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-03 03:00 - 2014-03-30 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-02 16:48 - 2014-04-02 16:48 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Users\Sebastian\Documents\My Games 2014-04-02 16:47 - 2014-03-26 16:41 - 00000000 ____D () C:\Users\Sebastian\Desktop\schule 2014-04-02 16:39 - 2014-04-02 16:39 - 00002315 _____ () C:\Users\Public\Desktop\Goat Simulator.lnk 2014-04-02 16:39 - 2014-04-02 16:39 - 00000000 ____D () C:\Program Files (x86)\Goat Simulator 2014-04-02 16:20 - 2014-04-02 16:20 - 00000000 ____D () C:\Users\Sebastian\Desktop\schön 2014-03-31 21:58 - 2013-10-27 23:12 - 00000000 ____D () C:\Users\Sebastian\Downloads\Neuer Ordner (2) 2014-03-31 21:13 - 2013-10-05 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-31 03:16 - 2014-04-11 17:04 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-11 17:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-11 17:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-11 17:04 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-30 21:42 - 2014-03-30 21:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Windows Live 2014-03-30 21:41 - 2014-03-30 21:41 - 00000000 ____D () C:\Windows\de 2014-03-30 21:41 - 2014-03-30 21:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-03-30 21:41 - 2014-03-30 21:40 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-03-30 21:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-03-30 21:38 - 2013-10-27 19:10 - 00010506 _____ () C:\Windows\DirectX.log 2014-03-30 21:36 - 2014-03-30 21:34 - 142602520 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\wlsetup-all_16.4.3508.0205.exe 2014-03-30 21:33 - 2013-11-26 19:49 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-03-30 21:01 - 2014-03-30 21:00 - 13697720 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\mseinstall(1).exe 2014-03-30 20:59 - 2014-03-26 16:40 - 00003688 _____ () C:\Windows\System32\Tasks\pricemeterwatcher 2014-03-30 20:59 - 2014-03-26 16:40 - 00003680 _____ () C:\Windows\System32\Tasks\pricemetertask 2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 19:37 - 2014-03-30 19:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Driftsession 31.01.2014 2014-03-30 19:37 - 2014-03-26 17:38 - 00000078 _____ () C:\Users\Sebastian\AppData\Roaming\WB.CFG 2014-03-26 16:43 - 2014-03-26 16:42 - 00000000 ____D () C:\Users\Sebastian\Desktop\alt 2014-03-26 16:42 - 2014-03-26 16:42 - 00000000 ____D () C:\Users\Sebastian\Desktop\mopeds 2014-03-26 16:37 - 2014-03-26 16:37 - 00003324 _____ () C:\Windows\System32\Tasks\pricemeterdownloader 2014-03-26 16:37 - 2014-03-26 16:37 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DVDVideoSoft 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\PriceMeterLiveUpdate 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-03-26 16:35 - 2014-03-26 16:35 - 00634288 _____ () C:\Users\Sebastian\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe 2014-03-26 16:25 - 2014-03-26 16:19 - 301111156 _____ () C:\Users\Sebastian\Downloads\Reparaturanleitungen_E30_www.e30-forever.de.rar 2014-03-26 14:29 - 2014-03-26 14:29 - 10452996 _____ () C:\Users\Sebastian\Downloads\Photos_downloaded_by_AirDroid(11).zip Some content of TEMP: ==================== C:\Users\Sebastian\AppData\Local\Temp\2520425.exe C:\Users\Sebastian\AppData\Local\Temp\271nohh3x3427.jpg.exe C:\Users\Sebastian\AppData\Local\Temp\511nohh3x3451.jpg.exe C:\Users\Sebastian\AppData\Local\Temp\7za.exe C:\Users\Sebastian\AppData\Local\Temp\AutoRun.exe C:\Users\Sebastian\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Sebastian\AppData\Local\Temp\PriceMeterUpdateVer.exe C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe C:\Users\Sebastian\AppData\Local\Temp\setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-11 18:18 ==================== End Of Log ============================ Additional: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by Sebastian at 2014-04-15 00:14:12
Running from C:\Users\Sebastian\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{AC53C6A4-1CC4-48A5-91F3-565BB7978B22}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.31.325 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.31.325 - DVDVideoSoft Ltd.)
Google Update Helper (x32 Version: 1.3.23.0 - PriceMeter) Hidden
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
Paintball2 Alpha build 38 (HKLM-x32\...\Paintball2) (Version: Alpha build 38 - Digital Paint)
PassShow (HKLM-x32\...\D5C320BC-AE5F-BFA2-18C1-C6FAD2F7C387) (Version: - PassShow-software) <==== ATTENTION
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Ralink Wireless LAN Card (HKLM-x32\...\{E91E8912-769D-42F0-8408-0E329443BABC}) (Version: 1.00.01 - RALINK)
REALTEK USB Wireless LAN Driver and Utility (HKLM-x32\...\{BE686891-3C56-4714-AFEF-341A7867BA80}) (Version: Package:1.00.0018 Driver:6.1108.1108.2007 UI:0.0.0.0 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0139 - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8E076AE6-4E29-4056-A13F-70CC8F433FB5}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version: - Microsoft)
Update for PriceMeter (HKCU\...\PriceMeterUpdater) (Version: - Update for PriceMeter) <==== ATTENTION
VIO Player version 2.0 (HKLM-x32\...\{BD85D232-E96C-4E66-AA73-37B85925CB23}_is1) (Version: 2.0 - VIO PLayer)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
==================== Restore Points =========================
18-03-2014 21:39:00 Windows Update
23-03-2014 19:58:39 Windows Update
30-03-2014 17:39:22 Windows Update
30-03-2014 19:37:36 Windows Live Essentials
30-03-2014 19:38:33 DirectX wurde installiert
30-03-2014 19:39:00 DirectX wurde installiert
30-03-2014 19:39:23 DirectX wurde installiert
30-03-2014 19:40:20 WLSetup
03-04-2014 01:00:12 Windows Update
06-04-2014 14:42:59 Windows Update
11-04-2014 15:03:34 Windows Update
11-04-2014 21:32:36 Windows Update
14-04-2014 13:35:33 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {084B89D5-4F81-471C-A755-53AFD40B4A50} - System32\Tasks\pricemeterdownloader => C:\Users\Sebastian\AppData\Local\PriceMeter\pricemeterd.exe
Task: {1B5A9758-3207-45D7-87CB-09BEE7751A33} - System32\Tasks\pricemetertask => C:\Users\Sebastian\AppData\Local\PriceMeter\pricemeter.exe
Task: {282C047E-69B6-4910-99CE-6C0DBE30FB17} - System32\Tasks\PassShow_wd => C:\Program Files (x86)\PassShow-soft\PassShowZTwzBw.exe [2014-04-13] () <==== ATTENTION
Task: {8516C06A-92D6-40D3-80E1-4543DC8A8D3B} - System32\Tasks\pricemeterwatcher => C:\Users\Sebastian\AppData\Local\PriceMeter\pricemeterw.exe
Task: {F1BA0AC6-12E1-4EBA-95D5-EDEC7C5BED80} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PassShow_wd.job => C:\Program Files (x86)\PassShow-soft\PassShowZTwzBw.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-10-08 10:34 - 2013-10-08 10:34 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-13 21:54 - 2014-04-13 21:54 - 00131584 _____ () C:\Program Files (x86)\PassShow-soft\PassShowZTw158.exe
2012-12-07 19:27 - 2012-12-07 19:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-04-13 21:54 - 2014-04-13 21:54 - 00077312 _____ () C:\Program Files (x86)\PassShow-soft\PassShowZTwzBw.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-08 10:34 - 2013-10-08 10:34 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-13 21:54 - 2014-04-13 21:54 - 00133120 _____ () C:\Program Files (x86)\PassShow-soft\PassShowZTw158.dll
2013-10-05 18:36 - 2009-08-28 17:38 - 00131072 _____ () C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-05 15:20 - 2006-10-27 14:30 - 00131072 _____ () C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\EnumDevLib.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-30 20:30 - 2014-03-30 20:30 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 18:17 - 2014-03-12 18:17 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2014 08:18:24 PM) (Source: Microsoft-Windows-RestartManager) (User: Sebastian-PC)
Description: Die Anwendung oder der Dienst "linmsl" konnte nicht heruntergefahren werden.
Error: (03/30/2014 09:12:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.
Error: (02/16/2014 05:11:51 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 324
Startzeit: 01cf2b246508f89c
Endzeit: 34
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: a7fb5fd6-971c-11e3-bca4-00252233bbc3
Error: (01/17/2014 05:57:55 PM) (Source: MsiInstaller) (User: Sebastian-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011006}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (01/04/2014 10:07:02 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a30
Startzeit: 01cf098563267ccd
Endzeit: 27
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: c45fc6a5-757b-11e3-83c1-00252233bbc3
Error: (12/18/2013 09:52:47 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 9d8
Startzeit: 01cefc29a3ca588a
Endzeit: 345
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: c87fafe6-681d-11e3-8cf2-00252233bbc3
Error: (11/22/2013 11:20:46 PM) (Source: Application Hang) (User: )
Description: Programm DllHost.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16f0
Startzeit: 01cee7c8a8cc1ecf
Endzeit: 16
Anwendungspfad: C:\Windows\system32\DllHost.exe
Berichts-ID: f09977fd-53bb-11e3-89b9-00252233bbc3
Error: (11/09/2013 01:02:13 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16720 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e0c
Startzeit: 01cedd3b205be52e
Endzeit: 7
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (11/09/2013 00:39:54 PM) (Source: MsiInstaller) (User: Sebastian-PC)
Description: Product: AMD Media Foundation Decoders -- Error 1904.Module C:\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll failed to register. HRESULT -2147024770. Contact your support personnel.
Error: (11/09/2013 00:38:23 PM) (Source: MsiInstaller) (User: Sebastian-PC)
Description: Product: AMD Drag and Drop Transcoding -- Error 1904.Module C:\Program Files (x86)\Common Files\ATI Technologies\Multimedia\AMDMFTVideoDecoder_32.dll failed to register. HRESULT -2147024770. Contact your support personnel.
System errors:
=============
Error: (04/14/2014 09:39:14 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (04/14/2014 09:39:29 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 14.04.2014 um 21:31:28 unerwartet heruntergefahren.
Error: (04/14/2014 08:12:28 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (04/14/2014 02:33:51 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (04/13/2014 11:18:30 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (04/13/2014 11:00:54 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (04/13/2014 10:04:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update Surftastic" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/13/2014 08:50:48 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (04/13/2014 08:48:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update NetTock" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/13/2014 07:56:47 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Microsoft Office Sessions:
=========================
Error: (04/13/2014 08:18:24 PM) (Source: Microsoft-Windows-RestartManager)(User: Sebastian-PC)
Description: 1C:\Program Files (x86)\LPT\linmsl.exelinmsl0511785360
Error: (03/30/2014 09:12:51 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
Error: (02/16/2014 05:11:51 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756732401cf2b246508f89c34C:\Windows\Explorer.EXEa7fb5fd6-971c-11e3-bca4-00252233bbc3
Error: (01/17/2014 05:57:55 PM) (Source: MsiInstaller)(User: Sebastian-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)
Error: (01/04/2014 10:07:02 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567a3001cf098563267ccd27C:\Windows\Explorer.EXEc45fc6a5-757b-11e3-83c1-00252233bbc3
Error: (12/18/2013 09:52:47 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175679d801cefc29a3ca588a345C:\Windows\Explorer.EXEc87fafe6-681d-11e3-8cf2-00252233bbc3
Error: (11/22/2013 11:20:46 PM) (Source: Application Hang)(User: )
Description: DllHost.exe6.1.7600.1638516f001cee7c8a8cc1ecf16C:\Windows\system32\DllHost.exef09977fd-53bb-11e3-89b9-00252233bbc3
Error: (11/09/2013 01:02:13 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16720e0c01cedd3b205be52e7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (11/09/2013 00:39:54 PM) (Source: MsiInstaller)(User: Sebastian-PC)
Description: Product: AMD Media Foundation Decoders -- Error 1904.Module C:\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll failed to register. HRESULT -2147024770. Contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/09/2013 00:38:23 PM) (Source: MsiInstaller)(User: Sebastian-PC)
Description: Product: AMD Drag and Drop Transcoding -- Error 1904.Module C:\Program Files (x86)\Common Files\ATI Technologies\Multimedia\AMDMFTVideoDecoder_32.dll failed to register. HRESULT -2147024770. Contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 4095.3 MB
Available physical RAM: 1975.81 MB
Total Pagefile: 8188.79 MB
Available Pagefile: 5712.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:118.61 GB) NTFS
Drive d: (NFSUG2_DISK1) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 38843C19)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
15.04.2014, 10:04
| #4 |
| /// Malwareteam | "Quick Start NewTab" entfernen Hallo dann gehen wir die Baustelle einmal an. Du in deinen Tempfiles einiges an Bildern die keine Bilder sonder Programme sind. Code:
ATTFilter C:\Users\***\AppData\Local\Temp\271nohh3x3427.jpg.exe
C:\Users\***\AppData\Local\Temp\511nohh3x3451.jpg.exe
Schritt 1: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Update for PriceMeter (HKCU\...\PriceMeterUpdater) (Version: - Update for PriceMeter) <==== ATTENTION
PassShow (HKLM-x32\...\D5C320BC-AE5F-BFA2-18C1-C6FAD2F7C387) (Version: - PassShow-software) <==== ATTENTION
Task: C:\Windows\Tasks\PassShow_wd.job => C:\Program Files (x86)\PassShow-soft\PassShowZTwzBw.exe <==== ATTENTION
Task: {282C047E-69B6-4910-99CE-6C0DBE30FB17} - System32\Tasks\PassShow_wd => C:\Program Files (x86)\PassShow-soft\PassShowZTwzBw.exe [2014-04-13] () <==== ATTENTION
C:\Program Files (x86)\PassShow-soft\
C:\Users\***\AppData\Local\Temp\271nohh3x3427.jpg.exe
C:\Users\***\AppData\Local\Temp\511nohh3x3451.jpg.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 3: Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4: ESET Online Scanner
Schritt 5: erstelle ein neues FRST Logfile und poste es hier |
|
15.04.2014, 16:37
| #5 |
| | "Quick Start NewTab" entfernen Servus, nach dem Neustart bei Punkt 1 kann ich nun mit dem PC nichtmehr ins Internet, weil "der Proxy-Server die Verbindung verweigert". Wie kann ich das Lösen? Kann natürlich erst dann mit dem eigentlichen Arbeiten anfangen  Mfg |
|
16.04.2014, 13:14
| #6 |
| /// Malwareteam | "Quick Start NewTab" entfernen Hi hattest du selbst einen Proxy Server eingestellt? Welchen Browser verwendest du?
__________________ --> "Quick Start NewTab" entfernen Geändert von Aneri (16.04.2014 um 13:27 Uhr) |
|
16.04.2014, 15:22
| #7 |
| /// Malwareteam | "Quick Start NewTab" entfernen Folge der anleitung etwas abgewandelt. erstelle das Script auf einem anderen Rechner und kopiere es per USB-Stick auf den Rechner der infiziert ist. PROXY RESET Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Geändert von Aneri (16.04.2014 um 15:59 Uhr) |
|
16.04.2014, 21:51
| #8 |
| | "Quick Start NewTab" entfernen Dankeschön! Hier der Fixlog vom Proxy: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-04-2014
Ran by Sebastian at 2014-04-16 19:10:38 Run:2
Running from C:\Users\Sebastian\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: Internet Explorer Proxy is enabled.
ProxyServer: http=127.0.0.1:13828
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
==== End of Fixlog ====
FixLog von Nr 1: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-04-2014 01
Ran by Sebastian at 2014-04-16 19:23:08 Run:3
Running from C:\Users\Sebastian\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Update for PriceMeter (HKCU\...\PriceMeterUpdater) (Version: - Update for PriceMeter) <==== ATTENTION
PassShow (HKLM-x32\...\D5C320BC-AE5F-BFA2-18C1-C6FAD2F7C387) (Version: - PassShow-software) <==== ATTENTION
Task: C:\Windows\Tasks\PassShow_wd.job => C:\Program Files (x86)\PassShow-soft\PassShowZTwzBw.exe <==== ATTENTION
Task: {282C047E-69B6-4910-99CE-6C0DBE30FB17} - System32\Tasks\PassShow_wd => C:\Program Files (x86)\PassShow-soft\PassShowZTwzBw.exe [2014-04-13] () <==== ATTENTION
C:\Program Files (x86)\PassShow-soft\
C:\Users\***\AppData\Local\Temp\271nohh3x3427.jpg.exe
C:\Users\***\AppData\Local\Temp\511nohh3x3451.jpg.exe
*****************
C:\Windows\Tasks\PassShow_wd.job not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{282C047E-69B6-4910-99CE-6C0DBE30FB17} => Key deleted successfully.
C:\Windows\System32\Tasks\PassShow_wd not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PassShow_wd => Key deleted successfully.
"C:\Program Files (x86)\PassShow-soft" => File/Directory not found.
"C:\Users\***\AppData\Local\Temp\271nohh3x3427.jpg.exe" => File/Directory not found.
"C:\Users\***\AppData\Local\Temp\511nohh3x3451.jpg.exe" => File/Directory not found.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d7d6f6dc4838de49a8910cbce5103c45
# engine=17916
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-16 06:54:58
# local_time=2014-04-16 08:54:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1473297 149304348 0 0
# scanned=35492
# found=2
# cleaned=0
# scan_time=1931
sh=C44865B072CDCAE94BB4500D0FF2CA91FC7F0F88 ft=1 fh=bbe65f71b981bb14 vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\PassShow-soft\PassShowZTwzBw.exe.xBAD"
sh=9321EF62E1A21AAE3F4C4EB5BE0F12F76F375D6D ft=1 fh=548c65a70f69891a vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\PassShow-soft\Uninstall.exe.xBAD"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d7d6f6dc4838de49a8910cbce5103c45
# engine=17916
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-16 08:29:40
# local_time=2014-04-16 10:29:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1478979 149310030 0 0
# scanned=140728
# found=3
# cleaned=0
# scan_time=5643
sh=C44865B072CDCAE94BB4500D0FF2CA91FC7F0F88 ft=1 fh=bbe65f71b981bb14 vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\PassShow-soft\PassShowZTwzBw.exe.xBAD"
sh=9321EF62E1A21AAE3F4C4EB5BE0F12F76F375D6D ft=1 fh=548c65a70f69891a vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\PassShow-soft\Uninstall.exe.xBAD"
sh=C7CF6F62C6579B1EA5FB8B77AD4DAC91A7F61542 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.VB.QLS trojan" ac=I fn="C:\Users\Sebastian\Desktop\schön\neu\Need For Speed Underground 2\Need For Speed Underground 2 cd1.iso"
Erneuter FRST Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02 Ran by Sebastian (administrator) on SEBASTIAN-PC on 16-04-2014 22:49:25 Running from C:\Users\Sebastian\Desktop Windows 7 Professional N Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWlan.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Dropbox, Inc.) C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-06] (Microsoft Corporation) HKU\S-1-5-21-1609159171-3726035027-2611498187-1000\...\Run: [PriceMeterW] => "C:\Users\Sebastian\AppData\Local\PriceMeter\pricemeterw.exe" HKU\S-1-5-21-1609159171-3726035027-2611498187-1000\...\MountPoints2: {93e82d8e-68c3-11e3-842d-00252233bbc3} - E:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1609159171-3726035027-2611498187-1000\...\MountPoints2: {bf4338b3-4965-11e3-8b45-00252233bbc3} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1609159171-3726035027-2611498187-1000\...\MountPoints2: {bf433ad0-4965-11e3-8b45-00252233bbc3} - D:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1609159171-3726035027-2611498187-1000\...\MountPoints2: {c7015693-2dba-11e3-a0e1-806e6f6e6963} - D:\Setup.exe Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE14222FE4557CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default FF Homepage: www.google.at FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube HD - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2013-10-07] FF Extension: 1-Click YouTube Video Downloader - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-10-07] FF Extension: Adblock Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-06] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2009-07-10] (Realtek) R2 RealtekUSB; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [36864 2007-07-28] (Realtek) S2 PassShow; C:\Program Files (x86)\PassShow-soft\PassShowZTw158.exe [X] ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 22:49 - 2014-04-16 22:49 - 00000000 ____D () C:\Users\Sebastian\Desktop\FRST-OlderVersion 2014-04-16 20:53 - 2014-04-16 20:54 - 00000000 ____D () C:\Users\Sebastian\Desktop\moped 2014-04-16 20:19 - 2014-04-16 20:19 - 02347384 _____ (ESET) C:\Users\Sebastian\Desktop\esetsmartinstaller_enu.exe 2014-04-16 19:59 - 2014-04-16 19:59 - 00001605 _____ () C:\Users\Sebastian\Desktop\mbam.txt 2014-04-16 19:24 - 2014-04-16 19:25 - 00448512 _____ (OldTimer Tools) C:\Users\Sebastian\Desktop\TFC.exe 2014-04-15 00:14 - 2014-04-15 00:15 - 00033182 _____ () C:\Users\Sebastian\Desktop\Addition.txt 2014-04-15 00:13 - 2014-04-16 22:49 - 00010981 _____ () C:\Users\Sebastian\Desktop\FRST.txt 2014-04-15 00:13 - 2014-04-16 22:49 - 00000000 ____D () C:\FRST 2014-04-15 00:12 - 2014-04-16 22:49 - 02158592 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe 2014-04-14 15:36 - 2014-04-14 15:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-14 15:36 - 2014-04-14 15:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-14 14:54 - 2014-04-14 14:54 - 00006716 _____ () C:\Users\Sebastian\Downloads\All_Unlocked.zip 2014-04-13 23:19 - 2014-04-13 23:19 - 00005886 _____ () C:\Users\Sebastian\Desktop\AdwCleaner[S0].txt 2014-04-13 23:13 - 2014-04-13 23:16 - 00000000 ____D () C:\AdwCleaner 2014-04-13 23:12 - 2014-04-13 23:12 - 01426178 _____ () C:\Users\Sebastian\Desktop\adwcleaner.exe 2014-04-13 22:59 - 2014-04-13 22:58 - 00147356 _____ () C:\Users\Sebastian\Desktop\malewarelog.xml 2014-04-13 22:23 - 2014-04-16 21:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-13 22:23 - 2014-04-13 22:23 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-13 22:23 - 2014-04-13 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-13 22:23 - 2014-04-13 22:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-13 22:23 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-13 22:23 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-13 22:23 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-13 22:18 - 2014-04-13 22:18 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sebastian\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2014-04-13 22:05 - 2014-04-13 22:05 - 00003174 _____ () C:\Windows\System32\Tasks\{B3F1DDD1-0F5F-4DB1-A25C-44046648AB80} 2014-04-13 21:54 - 2014-04-13 21:54 - 00000000 ____D () C:\Program Files (x86)\VIO Player 2014-04-13 21:27 - 2014-04-13 21:27 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-13 21:24 - 2014-04-13 22:58 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\41 2014-04-13 21:07 - 2014-04-16 20:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\NFS Underground 2 2014-04-13 21:06 - 2004-10-26 01:37 - 05987981 _____ () C:\Users\Sebastian\Desktop\speed2.exe 2014-04-13 21:03 - 2014-04-13 21:03 - 00002208 _____ () C:\Users\Public\Desktop\Need for Speed Underground 2.lnk 2014-04-13 20:54 - 2014-04-13 20:54 - 00000000 ____D () C:\Program Files (x86)\EA GAMES 2014-04-13 20:29 - 2014-04-13 22:05 - 00001164 _____ () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-13 20:21 - 2014-04-13 20:21 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-11 21:25 - 2014-04-11 21:25 - 28351555 _____ () C:\Users\Sebastian\Desktop\▶ My BMW E30 ALPINA C2 2.5 track car teaser - YouTube [720p].mp4 2014-04-11 17:04 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-11 17:04 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-11 17:04 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-11 17:04 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-11 17:03 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-11 17:03 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-11 17:03 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-11 17:03 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-11 17:03 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-11 17:03 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-11 17:03 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-11 17:03 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-11 17:03 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-11 17:03 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-11 17:03 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-11 17:03 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-11 17:03 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-11 17:03 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-11 17:03 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-11 17:03 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-11 17:03 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 22:06 - 2014-04-08 22:06 - 00041804 _____ () C:\Users\Sebastian\Desktop\Stückholzheizung & Pufferspeicher.pptx 2014-04-02 16:48 - 2014-04-02 16:48 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Users\Sebastian\Documents\My Games 2014-04-02 16:39 - 2014-04-02 16:39 - 00002315 _____ () C:\Users\Public\Desktop\Goat Simulator.lnk 2014-04-02 16:39 - 2014-04-02 16:39 - 00000000 ____D () C:\Program Files (x86)\Goat Simulator 2014-04-02 16:20 - 2014-04-02 16:20 - 00000000 ____D () C:\Users\Sebastian\Desktop\schön 2014-03-30 21:41 - 2014-03-30 21:41 - 00000000 ____D () C:\Windows\de 2014-03-30 21:41 - 2014-03-30 21:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-03-30 21:40 - 2014-03-30 21:41 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-03-30 21:39 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2014-03-30 21:39 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-03-30 21:39 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-03-30 21:39 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2014-03-30 21:39 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-03-30 21:39 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2014-03-30 21:39 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-03-30 21:39 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2014-03-30 21:37 - 2014-03-30 21:42 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Windows Live 2014-03-30 21:34 - 2014-03-30 21:36 - 142602520 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\wlsetup-all_16.4.3508.0205.exe 2014-03-30 21:03 - 2014-04-03 03:01 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-03-30 21:02 - 2014-04-03 03:00 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-03-30 21:02 - 2014-04-03 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-03-30 21:00 - 2014-03-30 21:01 - 13697720 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\mseinstall(1).exe 2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 19:34 - 2014-03-30 19:37 - 00000000 ____D () C:\Users\Sebastian\Desktop\Driftsession 31.01.2014 2014-03-26 17:38 - 2014-03-30 19:37 - 00000078 _____ () C:\Users\Sebastian\AppData\Roaming\WB.CFG 2014-03-26 16:42 - 2014-03-26 16:43 - 00000000 ____D () C:\Users\Sebastian\Desktop\alt 2014-03-26 16:42 - 2014-03-26 16:42 - 00000000 ____D () C:\Users\Sebastian\Desktop\mopeds 2014-03-26 16:41 - 2014-04-02 16:47 - 00000000 ____D () C:\Users\Sebastian\Desktop\schule 2014-03-26 16:40 - 2014-03-30 20:59 - 00003688 _____ () C:\Windows\System32\Tasks\pricemeterwatcher 2014-03-26 16:40 - 2014-03-30 20:59 - 00003680 _____ () C:\Windows\System32\Tasks\pricemetertask 2014-03-26 16:37 - 2014-03-26 16:37 - 00003324 _____ () C:\Windows\System32\Tasks\pricemeterdownloader 2014-03-26 16:37 - 2014-03-26 16:37 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DVDVideoSoft 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\PriceMeterLiveUpdate 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-03-26 16:35 - 2014-03-26 16:35 - 00634288 _____ () C:\Users\Sebastian\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe 2014-03-26 16:19 - 2014-03-26 16:25 - 301111156 _____ () C:\Users\Sebastian\Downloads\Reparaturanleitungen_E30_www.e30-forever.de.rar 2014-03-26 14:29 - 2014-03-26 14:29 - 10452996 _____ () C:\Users\Sebastian\Downloads\Photos_downloaded_by_AirDroid(11).zip ==================== One Month Modified Files and Folders ======= 2014-04-16 22:49 - 2014-04-16 22:49 - 00000000 ____D () C:\Users\Sebastian\Desktop\FRST-OlderVersion 2014-04-16 22:49 - 2014-04-15 00:13 - 00010981 _____ () C:\Users\Sebastian\Desktop\FRST.txt 2014-04-16 22:49 - 2014-04-15 00:13 - 00000000 ____D () C:\FRST 2014-04-16 22:49 - 2014-04-15 00:12 - 02158592 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe 2014-04-16 22:17 - 2013-10-06 11:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 21:11 - 2014-04-13 22:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 21:00 - 2013-10-05 14:39 - 01682872 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 20:54 - 2014-04-16 20:53 - 00000000 ____D () C:\Users\Sebastian\Desktop\moped 2014-04-16 20:49 - 2014-04-13 21:07 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\NFS Underground 2 2014-04-16 20:19 - 2014-04-16 20:19 - 02347384 _____ (ESET) C:\Users\Sebastian\Desktop\esetsmartinstaller_enu.exe 2014-04-16 20:06 - 2013-10-06 12:30 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-04-16 20:06 - 2013-10-06 12:30 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-04-16 20:06 - 2009-07-14 07:12 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-16 20:03 - 2009-07-14 06:50 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 20:03 - 2009-07-14 06:50 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 19:59 - 2014-04-16 19:59 - 00001605 _____ () C:\Users\Sebastian\Desktop\mbam.txt 2014-04-16 19:56 - 2013-10-28 20:34 - 00000000 ___RD () C:\Users\Sebastian\Dropbox 2014-04-16 19:56 - 2013-10-28 20:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Dropbox 2014-04-16 19:55 - 2013-10-06 12:26 - 00160610 _____ () C:\Windows\PFRO.log 2014-04-16 19:55 - 2009-07-14 07:38 - 00000000 ____D () C:\Windows\addins 2014-04-16 19:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 19:55 - 2009-07-14 06:56 - 00031839 _____ () C:\Windows\setupact.log 2014-04-16 19:25 - 2014-04-16 19:24 - 00448512 _____ (OldTimer Tools) C:\Users\Sebastian\Desktop\TFC.exe 2014-04-15 00:15 - 2014-04-15 00:14 - 00033182 _____ () C:\Users\Sebastian\Desktop\Addition.txt 2014-04-14 21:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-14 15:36 - 2014-04-14 15:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-14 15:36 - 2014-04-14 15:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-14 14:54 - 2014-04-14 14:54 - 00006716 _____ () C:\Users\Sebastian\Downloads\All_Unlocked.zip 2014-04-13 23:19 - 2014-04-13 23:19 - 00005886 _____ () C:\Users\Sebastian\Desktop\AdwCleaner[S0].txt 2014-04-13 23:16 - 2014-04-13 23:13 - 00000000 ____D () C:\AdwCleaner 2014-04-13 23:16 - 2013-10-05 18:42 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-13 23:12 - 2014-04-13 23:12 - 01426178 _____ () C:\Users\Sebastian\Desktop\adwcleaner.exe 2014-04-13 22:58 - 2014-04-13 22:59 - 00147356 _____ () C:\Users\Sebastian\Desktop\malewarelog.xml 2014-04-13 22:58 - 2014-04-13 21:24 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\41 2014-04-13 22:58 - 2009-07-14 07:38 - 00000000 ____D () C:\Windows\Performance 2014-04-13 22:23 - 2014-04-13 22:23 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-13 22:23 - 2014-04-13 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-13 22:23 - 2014-04-13 22:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-13 22:18 - 2014-04-13 22:18 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sebastian\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2014-04-13 22:05 - 2014-04-13 22:05 - 00003174 _____ () C:\Windows\System32\Tasks\{B3F1DDD1-0F5F-4DB1-A25C-44046648AB80} 2014-04-13 22:05 - 2014-04-13 20:29 - 00001164 _____ () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-13 22:05 - 2013-10-05 14:44 - 00001425 _____ () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-13 21:54 - 2014-04-13 21:54 - 00000000 ____D () C:\Program Files (x86)\VIO Player 2014-04-13 21:27 - 2014-04-13 21:27 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-13 21:27 - 2013-10-09 18:01 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-13 21:03 - 2014-04-13 21:03 - 00002208 _____ () C:\Users\Public\Desktop\Need for Speed Underground 2.lnk 2014-04-13 21:03 - 2013-11-09 12:00 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-04-13 20:54 - 2014-04-13 20:54 - 00000000 ____D () C:\Program Files (x86)\EA GAMES 2014-04-13 20:51 - 2009-07-14 06:50 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-13 20:49 - 2013-10-06 09:58 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\uTorrent 2014-04-13 20:28 - 2013-10-05 16:22 - 00109280 _____ () C:\Users\Sebastian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-13 20:21 - 2014-04-13 20:21 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-13 20:21 - 2013-11-09 22:44 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\HTC 2014-04-13 20:21 - 2013-11-09 22:38 - 00000000 ____D () C:\ProgramData\HTC 2014-04-13 20:17 - 2013-10-05 14:44 - 00000000 ___RD () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-11 23:35 - 2013-10-09 19:17 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-11 23:34 - 2013-10-06 10:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 23:33 - 2013-10-06 10:34 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-11 22:26 - 2014-02-25 22:56 - 00000000 ____D () C:\Users\Sebastian\Desktop\mein e30 2014-04-11 21:25 - 2014-04-11 21:25 - 28351555 _____ () C:\Users\Sebastian\Desktop\▶ My BMW E30 ALPINA C2 2.5 track car teaser - YouTube [720p].mp4 2014-04-08 22:06 - 2014-04-08 22:06 - 00041804 _____ () C:\Users\Sebastian\Desktop\Stückholzheizung & Pufferspeicher.pptx 2014-04-03 09:51 - 2014-04-13 22:23 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-13 22:23 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-13 22:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-03 03:01 - 2014-03-30 21:03 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-03 03:00 - 2014-03-30 21:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-03 03:00 - 2014-03-30 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-02 16:48 - 2014-04-02 16:48 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Users\Sebastian\Documents\My Games 2014-04-02 16:47 - 2014-03-26 16:41 - 00000000 ____D () C:\Users\Sebastian\Desktop\schule 2014-04-02 16:39 - 2014-04-02 16:39 - 00002315 _____ () C:\Users\Public\Desktop\Goat Simulator.lnk 2014-04-02 16:39 - 2014-04-02 16:39 - 00000000 ____D () C:\Program Files (x86)\Goat Simulator 2014-04-02 16:20 - 2014-04-02 16:20 - 00000000 ____D () C:\Users\Sebastian\Desktop\schön 2014-03-31 21:58 - 2013-10-27 23:12 - 00000000 ____D () C:\Users\Sebastian\Downloads\Neuer Ordner (2) 2014-03-31 21:13 - 2013-10-05 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-31 03:16 - 2014-04-11 17:04 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-11 17:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-11 17:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-11 17:04 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-30 21:42 - 2014-03-30 21:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Windows Live 2014-03-30 21:41 - 2014-03-30 21:41 - 00000000 ____D () C:\Windows\de 2014-03-30 21:41 - 2014-03-30 21:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-03-30 21:41 - 2014-03-30 21:40 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-03-30 21:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-03-30 21:38 - 2013-10-27 19:10 - 00010506 _____ () C:\Windows\DirectX.log 2014-03-30 21:36 - 2014-03-30 21:34 - 142602520 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\wlsetup-all_16.4.3508.0205.exe 2014-03-30 21:33 - 2013-11-26 19:49 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-03-30 21:01 - 2014-03-30 21:00 - 13697720 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\mseinstall(1).exe 2014-03-30 20:59 - 2014-03-26 16:40 - 00003688 _____ () C:\Windows\System32\Tasks\pricemeterwatcher 2014-03-30 20:59 - 2014-03-26 16:40 - 00003680 _____ () C:\Windows\System32\Tasks\pricemetertask 2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 19:37 - 2014-03-30 19:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Driftsession 31.01.2014 2014-03-30 19:37 - 2014-03-26 17:38 - 00000078 _____ () C:\Users\Sebastian\AppData\Roaming\WB.CFG 2014-03-26 16:43 - 2014-03-26 16:42 - 00000000 ____D () C:\Users\Sebastian\Desktop\alt 2014-03-26 16:42 - 2014-03-26 16:42 - 00000000 ____D () C:\Users\Sebastian\Desktop\mopeds 2014-03-26 16:37 - 2014-03-26 16:37 - 00003324 _____ () C:\Windows\System32\Tasks\pricemeterdownloader 2014-03-26 16:37 - 2014-03-26 16:37 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DVDVideoSoft 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\PriceMeterLiveUpdate 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate 2014-03-26 16:37 - 2014-03-26 16:37 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-03-26 16:35 - 2014-03-26 16:35 - 00634288 _____ () C:\Users\Sebastian\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe 2014-03-26 16:25 - 2014-03-26 16:19 - 301111156 _____ () C:\Users\Sebastian\Downloads\Reparaturanleitungen_E30_www.e30-forever.de.rar 2014-03-26 14:29 - 2014-03-26 14:29 - 10452996 _____ () C:\Users\Sebastian\Downloads\Photos_downloaded_by_AirDroid(11).zip ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-11 18:18 ==================== End Of Log ============================ |
|
17.04.2014, 09:07
| #9 |
| /// Malwareteam | "Quick Start NewTab" entfernen Hallo tritt das Ursprüngliche Problem mit Quick Start NewTab noch auf? Downloade Dir bitte  SecurityCheck und:
|
|
21.04.2014, 09:01
| #10 |
| /// Malwareteam | "Quick Start NewTab" entfernen ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen. |
|
21.04.2014, 17:29
| #11 |
| | "Quick Start NewTab" entfernen Servus, nein hat sich nicht erledigt, war nur lange nicht beim PC! Allerdings kann ich jetzt SecurityCheck nicht downloaden... Ich klicke wie bei den vorigen files drauf, und ich komme wieder auf die Ursprungsansicht von SecurityCheck auf filepony.de O.o mfg |
|
22.04.2014, 09:24
| #12 |
| /// Malwareteam | "Quick Start NewTab" entfernen ok der Fehler tritt bei mir auch auf. Vergessen wir das Tool erstmal. Macht der Rechner sonst noch Probleme? |
|
22.04.2014, 17:48
| #13 |
| | "Quick Start NewTab" entfernen Ich konnte bis jetzt nichts mehr feststellen, weder werbung noch sonstige ungereimtheiten. Mfg |
|
22.04.2014, 20:38
| #14 |
| /// Malwareteam | "Quick Start NewTab" entfernen wunderbar dann räumen wir noch auf ... und du bekommst einige Tips von mir (optional) Schritt 1: Die Reihenfolge ist hier entscheidend.
Schritt 2: Wunderbar dein System ist soweit ich das sehen kann sauber.  Hier noch ein paar Tipps zur Absicherung deines Systems. Benutzerkonto Einstellungen: Wir sehen immer wieder User mit Administratorrechten. Hier kann jeder Nutzer eines Windowsrechners schon die erste Türe schließen. Arbeite mit einem eingeschränkten Benutzerkonto anstelle eines Kontos mit Administratorrechten. Diese sind für das tägliche Arbeiten nicht nötig, und solltest du einmal Software installieren wollen wirst du im normalfall nach deinem Passwort gefragt. Solltest du Hilfe bei der Erstellung eines "eingeschränkten Kontos" benötigen helfe ich dir gern weiter. Systemupdates: Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Besonders Java erfährt zur Zeit regelmäßig sicherheitsrelevante Updates Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Antivirensoftware Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen alternatives Browsen Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. Wenn du möchtest, kannst du das Trojaner Board Forum mit einer kleinen Spende unterstützen. |
|
23.04.2014, 18:54
| #15 |
| | "Quick Start NewTab" entfernen Servus, habe deine Nachricht mal grob überflogen und werde morgen Abend alles genau ausführen und die Tipps in Zukunft beherzigen. Danach werde ich mich nochmal bei dir (wenn gewünscht per PN) melden. Bzgl der Spende werde ich sehen was sich machen lässt, da mir hier ja schnell, ausführlich und vorallem freundlich geholfen wurde! Danke schonmal für deine wertvolle Zeit und deine tollen Beschreibungen für einen absoluten Anfänger! mfg Todeskostn |
|
| Themen zu "Quick Start NewTab" entfernen |
| c:\windows\system32\roboot64.exe, chip.de, dateien, explorer, firefox, gelöscht, helper, iexplore.exe, install.exe, internet, internet explorer, logfile, microsoft, newtab, ordner, pup.optional.pricemeter.a, quick_start, registrierungsdatenbank, rootkits, rundll, rundll32.exe, service.exe, software, system32, temp, win32/adware.addlyrics.aj, win32/trojandownloader.vb.qls, windows |
Gruß Aneri 
Linear-Darstellung
