Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Friend Checker, Conduit Search, seltsames Browser Verhalten

Friend Checker, Conduit Search, seltsames Browser Verhalten


Log-Analyse und Auswertung: Friend Checker, Conduit Search, seltsames Browser Verhalten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.04.2014, 22:35   #1
awk
 
Friend Checker, Conduit Search, seltsames Browser Verhalten - Frage

Friend Checker, Conduit Search, seltsames Browser Verhalten


Hallo,

seit einigen Wochen - Beginn nicht erinnerbar - habe ich bei jeder ca. fünften Seite in Firefox Popups von FriendChecker. Das Tollste ist: sie spielen jetzt auch Ton ab und sind durchweg personalisert (REWE, Mozilla Umfrage etc.)

Dazu wollte ich eine Software namens Conduit Search und websteroids deinstallieren, doch das gelang mir nicht ganz.

Neuinstallation von Firefox brachte nichts, da ich die Nutzerdaten komplett übernahm.

Bei Suche nach FriendChecker entfernen zeigt mir Google heute viele Seiten, die AntiSpam Software anbieten aber offensichtlich auto-übersetzte Englische Seiten sind. Ich vertraue ihnen nicht.
Entfernen FriendsChecker.com Popups-Infektion in einfachen Schritten ~ Neueste Malware und Spyware zu entfernen
FriendsChecker Anleitung zum Entfernen

Fragen:
1. Wie kommt das zu mir
2. Wie bekommt das meine Interessen und personalisiert Werbung?
3. Stimmt die aussage auf o.g. englischen Seiten, das Programm klaue Passwörter? Wie gefährlich ist das? Installiert es unkontrolliert Programme?

4. Was soll ich sonst noch tun, ist ja einiges gefunden worden von mbam

Ich mag bald mein System resetten, doch wenn ich die ungereinigten User Daten übernehme (Einstellungen, Dateien, Desktop etc. ) habe ich Angst, eine Infektion zu verschleppen.

5. Wie gehe ich mit den gefundenen Malware um in meinen Backups? Muss ich unerkennbare Infektionen von eigenen Dateien befürchten?

Mit Dank und Gruß
Andreas awk

P.S.: Die AVG Secure Search und SNIP! Plugins habe ich bewusst installiert, auch den Preisfinder. Ist an denen etwas schlecht?
Dadurch sind die Listen recht lang und für mich nicht gut durchschaubar, was weg muss
-

Alt 17.04.2014, 09:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Friend Checker, Conduit Search, seltsames Browser Verhalten - Standard

Friend Checker, Conduit Search, seltsames Browser Verhalten


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 23.04.2014, 22:12   #3
awk
 
Friend Checker, Conduit Search, seltsames Browser Verhalten - Frage

Friend Checker, Conduit Search, seltsames Browser Verhalten


Hallo und Danke!
Habe leider Probleme mit FSRT. Startet als Admin, doch nichts geschieht. Die erste Meldung bleibt stehen ewig und Fenster lässt sich nicht SChließen. Nur mit Taskmanager.
Ich nutzte keine Virenscanner oder so, KiSi 2014 ist ausgeschaltet. Wirkt aber mglw. trotzdem beschränkend auf Kommandozeilen-Ausführung. Windows Total Protection Tool ist an.
Werde Farbars nochmal testen über USBStick beim Hochfahren.

Gruß AWK

Ergebnisse der anderen Scanner:

ESET:
Code:
ATTFilter
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe	a variant of MSIL/Adware.PullUpdate.A application
C:\ProgramData\Updater\Uninstall.exe	a variant of MSIL/Adware.PullUpdate.A application
C:\Sandbox\Andreas\DefaultBox\user\all\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application
C:\Sandbox\Andreas\DefaultBox\user\all\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application
C:\Sandbox\Andreas\DefaultBox\user\current\AppData\Local\Temp\YontooSetup-Silent.exe	Win32/Adware.Yontoo application
C:\Sandbox\Andreas\DefaultBox\user\current\AppData\Local\Temp\YontooLayers\background.html	JS/Adware.Yontoo.B application
C:\Sandbox\Andreas\DefaultBox\user\current\AppData\Local\Temp\YontooLayers\yl.js	JS/Adware.Yontoo.A application
C:\Users\All Users\InternetUpdater\InternetUpdaterService.exe	a variant of MSIL/Adware.PullUpdate.A application
C:\Users\All Users\Updater\Uninstall.exe	a variant of MSIL/Adware.PullUpdate.A application
C:\Users\Andreas\AppData\Local\Temp\sdDfLhN1.exe.part	Win32/Adware.1ClickDownload.AM application
C:\Users\Andreas\AppData\Local\Temp\tbsTMP.exe	multiple threats
C:\Users\Andreas\AppData\Local\Temp\{E66453AB-7A72-489F-93FA-459B0E04AC0C}\setup.exe	multiple threats
C:\Users\Andreas\Downloads\kleine_haie_1080bps.mp4.exe	Win32/Adware.MediaFinder.B application
C:\Users\Andreas\Local Settings\Temp\sdDfLhN1.exe.part	Win32/Adware.1ClickDownload.AM application
C:\Users\Andreas\Local Settings\Temp\tbsTMP.exe	multiple threats
C:\Users\Andreas\Local Settings\Temp\{E66453AB-7A72-489F-93FA-459B0E04AC0C}\setup.exe	multiple threats
mbam:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 16.04.2014
Scan Time: 23:27:40
Logfile: 2014-04-16 mbam log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.16.10
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Andreas

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393676
Time Elapsed: 26 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.InternetUpdaterService.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, 2088, , [17f3c06bee8ddf57ec7d2f1b98692ed2]

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.InternetUpdaterService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\InternetUpdater, , [17f3c06bee8ddf57ec7d2f1b98692ed2], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [3fcbbf6c473440f672eac4529a6822de], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [ad5d73b8c9b256e082a8d244738fde22], 
PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], 
PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], 
PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], 
PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], 
PUP.Optional.InternetUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InternetUpdater, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.Websteroids.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Websteroids, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, , [f91152d92c4f8aac6f82d5be946fbd43], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [c44644e76417b482c41ef377a85a8779], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [a36731fa9ae18ea826ca97fc1de644bc], 

Registry Values: 8
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 1590556208227549183, , [f91152d92c4f8aac6f82d5be946fbd43]
PUP.Optional.InternetUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INTERNETUPDATER|ImagePath, "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe", , [7595be6d9fdcef47b4c804799e648878]
Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62]
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\Updater.exe, , [a8623dee3249b086f9cb217e996a9e62]
Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62]
Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62]
Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1590556208227549183, , [a36731fa9ae18ea826ca97fc1de644bc]

Registry Data: 2
Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),,[c7439a91e59655e19c0de43f44c030d0]
PUM.Hijack.CMDPrompt, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD, 1, Good: (0), Bad: (1),,[fe0ca289ea91ad891ad12af6ff0506fa]

Folders: 16
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\IE, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\CT3323737, , [0a00f833f5866ec817bcaab37e84d62a], 
PUP.Optional.Searchagent, C:\ProgramData\RHelpers, , [bb4f2902d5a61d1916881b43936fea16], 
PUP.Optional.Searchagent, C:\ProgramData\RHelpers\ChromeHelper, , [bb4f2902d5a61d1916881b43936fea16], 
PUP.Optional.Searchagent, C:\ProgramData\RHelpers\FirefoxHelper, , [bb4f2902d5a61d1916881b43936fea16], 
PUP.Optional.Searchagent, C:\ProgramData\RHelpers\IeHelper, , [bb4f2902d5a61d1916881b43936fea16], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com, , [e624e6450b70be7846514e158e74a15f], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome, , [e624e6450b70be7846514e158e74a15f], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content, , [e624e6450b70be7846514e158e74a15f], 

Files: 69
PUP.Optional.InternetUpdaterService.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, , [17f3c06bee8ddf57ec7d2f1b98692ed2], 
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe, , [11f9e74476052e0848e184b8f40c6b95], 
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe, , [8d7d79b227543df9f7321c20ff018977], 
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\IeHelper\IeHelper.exe, , [6f9b56d5d1aa4cea76b31824996730d0], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsgE9FB.exe, , [b05a6bc0ed8e1521e01b849f3ec350b0], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsrA119.exe, , [0208d754f78437ffb5461013ca3757a9], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nst63AB.exe, , [b951fa315f1c74c2db204dd66c956997], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsw9B1F.exe, , [65a5a685a9d2d363b54652d1ab569769], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nswEE50.exe, , [d931e942bdbe58de92696cb7857c20e0], 
PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\SPSetup.exe, , [56b4de4d5d1edf574d9d0e0aa061d030], 
PUP.Optional.AdLyrics, C:\Users\Andreas\AppData\Local\Temp\tbsTMP.exe, , [7199c06b047747ef380cb35842bfe41c], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsb96F9.exe, , [9476b97282f968ce4fac7fa48f7206fa], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsbF218.exe, , [fd0d0229730867cf8f6c061d60a1f50b], 
PUP.Optional.Somoto.A, C:\Users\Andreas\AppData\Local\Temp\HWzKBmCC.exe.part, , [e12962c9c8b376c0070096a207f93bc5], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaA3A2.exe, , [33d742e983f8d95d38c327fc06fba060], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaC9B9.exe, , [0bff86a595e6013550abe24129d8da26], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsb568.exe, , [51b9f6357506db5bad4ea87bf011cb35], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsdA26B.exe, , [957533f81e5d89adcb30ed369b66ed13], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst59E8.exe, , [14f6f03b6516c3738f6c37eca0619868], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstC009.exe, , [a06aae7d5e1d043240bbda49a35eab55], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv263A.exe, , [07032dfe8af17abce91277acc23f5fa1], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv9EF1.exe, , [7595ca618cef5bdb55a6be655da44fb1], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvA113.exe, , [f31757d4e29947efb14ae04322df936d], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvCCF4.exe, , [a367b7745526f541d2298b98e51c9070], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz6CCF.exe, , [18f2939857241125b84326fdf011956b], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg3212.exe, , [da300625324948eeac4fa57ec14008f8], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg8BEF.exe, , [a466fa31e09ba393d922de45d03160a0], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsgB565.exe, , [b65434f7d1aa0f2713e86bb80af79b65], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk743F.exe, , [9f6b0328205b41f54caff231f20fb54b], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk9A20.exe, , [9278b17a72092610639867bce918c53b], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nskA8C7.exe, , [08022506ff7c72c435c6111234cd8977], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl3608.exe, , [ac5e8c9f760541f575861d06fc05ed13], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nso5DBF.exe, , [47c31c0fec8f64d2d62535ee9f6248b8], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nspA934.exe, , [9476d457176474c23dbe9e85837ea45c], 
PUP.Optional.Bundlore, C:\Users\Andreas\Downloads\setup (1).exe, , [8a80270447347bbbb0969e83ba46de22], 
PUP.Adware.Agent, C:\Users\Andreas\Downloads\kleine_haie_1080bps.mp4.exe, , [45c513184734c86e336237d00df304fc], 
PUP.Optional.InstallIQ.A, C:\Users\Andreas\Downloads\frzfonts.exe, , [37d374b70d6ea393578265abf40dd927], 
PUP.Optional.OpenCandy, C:\Users\Andreas\Downloads\MyPhoneExplorer_Setup_1.8.4.exe, , [4ac0bc6f12696acc91ef0f3a33d112ee], 
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdater.ico, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\app.dat, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\data.dat, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\Uninstall.exe, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\app.dat, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Uninstall.exe, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Websteroids.ico, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\common.crx, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\announce.js, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\background.html, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\common.js, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\contentscript.js, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon.png, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon128.png, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon16.png, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon48.png, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\iframecontentscript.js, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\manifest.json, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome.manifest, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\install.rdf, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content\main.js, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content\overlay.xul, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\IE\common.dll, , [5cae161592e9eb4b36593c42d32fa45c], 
Worm.AutoIT, C:\Win\names.txt, , [d33746e58dee87afac7809b89d658c74], 
Trojan.Agent, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62], 
PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\CT3323737\ddt.csf, , [0a00f833f5866ec817bcaab37e84d62a], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome.manifest, , [e624e6450b70be7846514e158e74a15f], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\install.rdf, , [e624e6450b70be7846514e158e74a15f], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content\main.js, , [e624e6450b70be7846514e158e74a15f], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content\overlay.xul, , [e624e6450b70be7846514e158e74a15f], 

Physical Sectors: 0
(No malicious items detected)


(end)
ADW CLeaner:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 16.04.2014
Scan Time: 23:27:40
Logfile: 2014-04-16 mbam log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.16.10
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Andreas

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393676
Time Elapsed: 26 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.InternetUpdaterService.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, 2088, , [17f3c06bee8ddf57ec7d2f1b98692ed2]

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.InternetUpdaterService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\InternetUpdater, , [17f3c06bee8ddf57ec7d2f1b98692ed2], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [3fcbbf6c473440f672eac4529a6822de], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [ad5d73b8c9b256e082a8d244738fde22], 
PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], 
PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], 
PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], 
PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], 
PUP.Optional.InternetUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InternetUpdater, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.Websteroids.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Websteroids, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, , [f91152d92c4f8aac6f82d5be946fbd43], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [c44644e76417b482c41ef377a85a8779], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [a36731fa9ae18ea826ca97fc1de644bc], 

Registry Values: 8
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 1590556208227549183, , [f91152d92c4f8aac6f82d5be946fbd43]
PUP.Optional.InternetUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INTERNETUPDATER|ImagePath, "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe", , [7595be6d9fdcef47b4c804799e648878]
Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62]
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\Updater.exe, , [a8623dee3249b086f9cb217e996a9e62]
Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62]
Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62]
Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1590556208227549183, , [a36731fa9ae18ea826ca97fc1de644bc]

Registry Data: 2
Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),,[c7439a91e59655e19c0de43f44c030d0]
PUM.Hijack.CMDPrompt, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD, 1, Good: (0), Bad: (1),,[fe0ca289ea91ad891ad12af6ff0506fa]

Folders: 16
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\IE, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\CT3323737, , [0a00f833f5866ec817bcaab37e84d62a], 
PUP.Optional.Searchagent, C:\ProgramData\RHelpers, , [bb4f2902d5a61d1916881b43936fea16], 
PUP.Optional.Searchagent, C:\ProgramData\RHelpers\ChromeHelper, , [bb4f2902d5a61d1916881b43936fea16], 
PUP.Optional.Searchagent, C:\ProgramData\RHelpers\FirefoxHelper, , [bb4f2902d5a61d1916881b43936fea16], 
PUP.Optional.Searchagent, C:\ProgramData\RHelpers\IeHelper, , [bb4f2902d5a61d1916881b43936fea16], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com, , [e624e6450b70be7846514e158e74a15f], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome, , [e624e6450b70be7846514e158e74a15f], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content, , [e624e6450b70be7846514e158e74a15f], 

Files: 69
PUP.Optional.InternetUpdaterService.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, , [17f3c06bee8ddf57ec7d2f1b98692ed2], 
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe, , [11f9e74476052e0848e184b8f40c6b95], 
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe, , [8d7d79b227543df9f7321c20ff018977], 
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\IeHelper\IeHelper.exe, , [6f9b56d5d1aa4cea76b31824996730d0], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsgE9FB.exe, , [b05a6bc0ed8e1521e01b849f3ec350b0], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsrA119.exe, , [0208d754f78437ffb5461013ca3757a9], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nst63AB.exe, , [b951fa315f1c74c2db204dd66c956997], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsw9B1F.exe, , [65a5a685a9d2d363b54652d1ab569769], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nswEE50.exe, , [d931e942bdbe58de92696cb7857c20e0], 
PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\SPSetup.exe, , [56b4de4d5d1edf574d9d0e0aa061d030], 
PUP.Optional.AdLyrics, C:\Users\Andreas\AppData\Local\Temp\tbsTMP.exe, , [7199c06b047747ef380cb35842bfe41c], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsb96F9.exe, , [9476b97282f968ce4fac7fa48f7206fa], 
PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsbF218.exe, , [fd0d0229730867cf8f6c061d60a1f50b], 
PUP.Optional.Somoto.A, C:\Users\Andreas\AppData\Local\Temp\HWzKBmCC.exe.part, , [e12962c9c8b376c0070096a207f93bc5], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaA3A2.exe, , [33d742e983f8d95d38c327fc06fba060], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaC9B9.exe, , [0bff86a595e6013550abe24129d8da26], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsb568.exe, , [51b9f6357506db5bad4ea87bf011cb35], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsdA26B.exe, , [957533f81e5d89adcb30ed369b66ed13], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst59E8.exe, , [14f6f03b6516c3738f6c37eca0619868], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstC009.exe, , [a06aae7d5e1d043240bbda49a35eab55], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv263A.exe, , [07032dfe8af17abce91277acc23f5fa1], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv9EF1.exe, , [7595ca618cef5bdb55a6be655da44fb1], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvA113.exe, , [f31757d4e29947efb14ae04322df936d], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvCCF4.exe, , [a367b7745526f541d2298b98e51c9070], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz6CCF.exe, , [18f2939857241125b84326fdf011956b], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg3212.exe, , [da300625324948eeac4fa57ec14008f8], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg8BEF.exe, , [a466fa31e09ba393d922de45d03160a0], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsgB565.exe, , [b65434f7d1aa0f2713e86bb80af79b65], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk743F.exe, , [9f6b0328205b41f54caff231f20fb54b], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk9A20.exe, , [9278b17a72092610639867bce918c53b], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nskA8C7.exe, , [08022506ff7c72c435c6111234cd8977], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl3608.exe, , [ac5e8c9f760541f575861d06fc05ed13], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nso5DBF.exe, , [47c31c0fec8f64d2d62535ee9f6248b8], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nspA934.exe, , [9476d457176474c23dbe9e85837ea45c], 
PUP.Optional.Bundlore, C:\Users\Andreas\Downloads\setup (1).exe, , [8a80270447347bbbb0969e83ba46de22], 
PUP.Adware.Agent, C:\Users\Andreas\Downloads\kleine_haie_1080bps.mp4.exe, , [45c513184734c86e336237d00df304fc], 
PUP.Optional.InstallIQ.A, C:\Users\Andreas\Downloads\frzfonts.exe, , [37d374b70d6ea393578265abf40dd927], 
PUP.Optional.OpenCandy, C:\Users\Andreas\Downloads\MyPhoneExplorer_Setup_1.8.4.exe, , [4ac0bc6f12696acc91ef0f3a33d112ee], 
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdater.ico, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\app.dat, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\data.dat, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\Uninstall.exe, , [cf3b07240d6edd59e398cfae51b19070], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\app.dat, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Uninstall.exe, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Websteroids.ico, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\common.crx, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\announce.js, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\background.html, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\common.js, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\contentscript.js, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon.png, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon128.png, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon16.png, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon48.png, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\iframecontentscript.js, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\manifest.json, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome.manifest, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\install.rdf, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content\main.js, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content\overlay.xul, , [5cae161592e9eb4b36593c42d32fa45c], 
PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\IE\common.dll, , [5cae161592e9eb4b36593c42d32fa45c], 
Worm.AutoIT, C:\Win\names.txt, , [d33746e58dee87afac7809b89d658c74], 
Trojan.Agent, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62], 
PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\CT3323737\ddt.csf, , [0a00f833f5866ec817bcaab37e84d62a], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome.manifest, , [e624e6450b70be7846514e158e74a15f], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\install.rdf, , [e624e6450b70be7846514e158e74a15f], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content\main.js, , [e624e6450b70be7846514e158e74a15f], 
PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content\overlay.xul, , [e624e6450b70be7846514e158e74a15f], 

Physical Sectors: 0
(No malicious items detected)


(end)
__________________
Alt 24.04.2014, 12:45   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Friend Checker, Conduit Search, seltsames Browser Verhalten - Standard

Friend Checker, Conduit Search, seltsames Browser Verhalten


FRST löschen ud neu laen, auf den Desktop, dann von dort laufne lassen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.04.2014, 22:44   #5
awk
 
Friend Checker, Conduit Search, seltsames Browser Verhalten - Standard

Friend Checker, Conduit Search, seltsames Browser Verhalten


Danke.
FRST läuft nun, Lösung war: GEht nicht wenn die DOS-Einngabe blockiert ist z.B. durch ein Schutzprogramm.

Ich hatte noch weitere 4 Fragen gestellt. Da es sich wohl "nur" um ein bösartiges Addon/ Adware handelt, stelle meine Verseuchungs-Angst zurück.

Meine Frage bleibt offen, ob ein sauberes Backup der Broser wieder möglich wird. Für Neuinstallation des Rechners bräuchte ich dieses (von allen 4 Browsern -
jaja, kompliziert, aaber jeder kann halt was anderes gut)

Mit Dank und Gruß
awk

PS: WOMIT habe ich mir das alles eingefangen???

Hier die Logs:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014
Ran by Andreas (administrator) on ANDREAS-PC on 27-04-2014 22:16:30
Running from C:\Users\Andreas\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Salfeld Computer) C:\Windows\tray\wintmr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SANDBOXIE L.T.D) C:\Users\Andreas\SYSTEMprogramme\SbieCtrl.exe
(Google Inc.) C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe
(Dominik Reichl) C:\Program Files\KeePass Password Safe\KeePass.exe
() C:\Program Files\Ditto\Ditto.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Salfeld Computer) C:\Program Files\Salfeld\Kisi\kisiset.exe
(Salfeld Computer) C:\Windows\system32\cc32\webtmr.exe
(Mozilla Foundation) C:\Program Files\Mozilla Thunderbird\crashreporter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1640504 2009-08-20] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [MVS Splash] => C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-04] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-04] (ActivIdentity)
HKLM\...\Run: [File Sanitizer] => c:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11258368 2009-07-15] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-08-05] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ChicoSys] => C:\Windows\system32\cc32\webtmr.exe [6484352 2009-07-14] (Salfeld Computer)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [486264 2013-12-19] (Updater)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [6864256 2009-07-14] (Salfeld Computer)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-08-13] (Hewlett-Packard)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [SandboxieControl] => C:\Users\Andreas\SYSTEMprogramme\SbieCtrl.exe [442640 2011-11-23] (SANDBOXIE L.T.D)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Google Update] => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-01] (Google Inc.)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [KeePass Password Safe] => C:\Program Files\KeePass Password Safe\KeePass.exe [2117632 2014-04-06] (Dominik Reichl)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [PC Suite Tray] => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1350144 2012-01-03] ()
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [6864256 2009-07-14] (Salfeld Computer)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [486264 2013-12-19] (Updater)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\system: [DisableClock] 1
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {5b5d81a5-8e33-11e1-902b-0009dd5029c9} - D:\Install.exe
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {91848a7a-159c-11e2-934a-705ab697ae61} - D:\setup.exe -a
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {a4f2663e-f5ae-11e2-963e-705ab697ae61} - G:\LGAutoRun.exe
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-08-13] (Hewlett-Packard)
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Run: [CCWinTray] => C:\windows\tray\wintmr.exe [6864256 2009-07-14] (Salfeld Computer)
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [486264 2013-12-19] (Updater)
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\Explorer: [RestrictRun] 0
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_DE&c=92&bd=all&pf=cmnb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP24D0FC69-CA1C-434F-83A3-000B2DD50441&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP24D0FC69-CA1C-434F-83A3-000B2DD50441&q={searchTerms}&SSPV=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {742E88D5-9010-46AA-AC14-40BADE3E90B8} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {91343ACB-EAA6-4986-A05A-36A9DE6932D8} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={AA84BBDD-C5EB-42FB-9AE5-F26FF3EC83F4}&mid=ef0ba35e35954242925b6c8602ac96fb-42c36a3c1954536467068e2918f4380efc067446&lang=de&ds=wa011&pr=&d=2012-10-22 23:38:44&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {997329D0-5E79-4A8B-878A-8713D269A659} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C4BA47D3-A495-4814-8EE6-FE7C750E03B2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C6CA7969-6616-494A-B8C9-403353196BE3} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: OpenLastClosedTab.LastClosedTab - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll No File
Toolbar: HKLM - &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\Program Files\TOOLS\Linkman\LinkmanCom.dll (Outertech)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.335.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-XChange\PDF XChange Lite\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-XChange\PDF XChange Lite\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andreas\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andreas\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\bidvoynet-de.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\duckduckgo-1.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\google-video.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\idealode.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\mailcom-search.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\medikamentade.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\people-search.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\testberichtede.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\youtube-ssl.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: QuickFox Notes - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\amin.eft_bmnotes@gmail.com [2013-11-26]
FF Extension: bug682944 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\bug682944@alice0775 [2012-05-18]
FF Extension: Pocket - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\isreaditlater@ideashower.com [2013-06-29]
FF Extension: KeeFox - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\keefox@chris.tomlinson [2014-03-22]
FF Extension: Rain Alarm Extension - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\rain-alarm@mdiener.de [2014-03-25]
FF Extension: screen-reader-simulator - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\screen-reader-simulator@gaiamobile.org [2014-04-24]
FF Extension: Websteroids - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\support@websteroidsapp.com [2014-04-23]
FF Extension: AddThis - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2012-10-02]
FF Extension: WOT - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Snip It! Button for eBay - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{aab35b56-0206-4472-9993-9cb5c09bb722} [2012-09-30]
FF Extension: DownloadHelper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Evernote Web Clipper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-22]
FF Extension: billiger.de Sparberater - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\ciuvo-extension@billiger.de.xpi [2013-04-25]
FF Extension: Firebug - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-28]
FF Extension: Email This! Bookmarklet Extension - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\gmailthis@lazyrussian.com.xpi [2011-09-13]
FF Extension: DuckDuckGo Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-04-16]
FF Extension: Lazarus: Form Recovery - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\lazarus@interclue.com.xpi [2011-12-14]
FF Extension: People Lookup - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\mail@sayemislam.com.xpi [2012-01-30]
FF Extension: Clearly - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\readable@evernote.com.xpi [2013-05-29]
FF Extension: Save Session - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\savesession@noasobi.net.xpi [2011-11-25]
FF Extension: ScrapBook Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\scrapbookplus@addons.mozilla.org.xpi [2011-09-13]
FF Extension: 如意淘:同款比价,价格曲线,降价提醒 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\shoppingassist@ookong.com.xpi [2012-03-12]
FF Extension: Stealthy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\stealthyextension@gmail.com.xpi [2011-12-08]
FF Extension: WEB.DE MailCheck - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\toolbar@web.de.xpi [2012-01-04]
FF Extension: WikiLook - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\wikilook@testpilot.xpi [2013-04-16]
FF Extension: YouTube to MP3 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-10-17]
FF Extension: All-in-One Sidebar - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2011-09-12]
FF Extension: Session Manager - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012-04-28]
FF Extension: Webutation - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2014-04-23]
FF Extension: FlashGot - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-19]
FF Extension: Unhide Passwords - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2011-12-14]
FF Extension: ebayitemdescriptionshowsellerloc - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{38fc2fbc-9500-46e7-8bc5-b128acd9e143}.xpi [2012-03-12]
FF Extension: Speed Dial - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-12-14]
FF Extension: OperaView - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}.xpi [2011-09-12]
FF Extension: ImTranslator - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-09-12]
FF Extension: Easy YouTube Video Downloader - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-10-17]
FF Extension: Ecosia - The search engine that plants trees - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-02-25]
FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-12]
FF Extension: BetterPrivacy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-03-12]
FF Extension: Tab Mix Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-11-25]
FF Extension: DownThemAll! - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-09-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013-02-20]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ []
FF HKCU\...\Firefox\Extensions: [{576c7366-d9f6-439a-a42d-06940409e125}] - C:\Program Files\TubeSaver\130.xpi

Chrome: 
=======
CHR RestoreOnStartup: "https://www.google.com/calendar/render?tab=mc"
CHR DefaultSearchKeyword: ecosia.org
CHR DefaultSearchProvider: Ecosia
CHR DefaultSearchURL: hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Andreas\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Andreas\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andreas\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Angry Birds) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-03]
CHR Extension: (Poper Blocker) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2013-08-23]
CHR Extension: (Hotah) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnjgpdehkocfilimigpgedggkneaacc [2014-01-31]
CHR Extension: (Strict Workflow) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2013-08-23]
CHR Extension: (Google Calendar) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-03]
CHR Extension: (Polycraft) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2014-01-31]
CHR Extension: (Planetarium) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-01-03]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-02-25]
CHR Extension: (Air Hockey) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojagedhadegobocpaokaifiacjiolph [2013-08-20]
CHR Extension: (Timer) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhclmngbkkejbdfjmicnkmoggfpehein [2014-01-03]
CHR Extension: (The Old Reader) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhdpibondcndkgpoobpnndbbelpidhpk [2014-01-03]
CHR Extension: (Murder Files) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-01-31]
CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-01-03]
CHR Extension: (Cut the Rope) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2014-01-03]
CHR Extension: (Any.do Extension) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-08-23]
CHR Extension: (Evernote Web) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-08-28]
CHR Extension: (Pocket) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-01-03]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Any.do) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2014-01-24]
CHR Extension: (Bubble Santa) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbokbbbgkgifjmmbokbdiimcffphbgha [2014-01-03]
CHR Extension: (Accurate Ruler) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemefhlbiinkcopbapnfghcnjhlgceof [2014-01-03]
CHR Extension: (SpeakIt!) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2014-01-03]
CHR Extension: (Evernote Web Clipper) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-08-28]
CHR Extension: (Calculator) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppilpeehmlhboiknckikefgpdkpnhkgc [2014-01-24]
CHR HKLM\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\ProgramData\Websteroids\Chrome\common.crx [2013-12-19]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx [2013-12-19]
CHR HKLM\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files\TubeSaver\130.crx [2013-12-19]
CHR StartMenuInternet: Google Chrome - C:\Users\Andreas\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-04] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [303184 2009-09-03] (DigitalPersona, Inc.)
R2 EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [14144 2009-06-03] (McAfee, Inc.)
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-08-17] (Hewlett-Packard Ltd)
S3 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-10] (Hewlett-Packard)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [95800 2009-08-20] (Hewlett-Packard)
S3 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-08-26] (Hewlett-Packard Development Company, L.P)
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [96312 2009-08-20] (Hewlett-Packard)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277024 2009-08-13] (McAfee, Inc.)
R2 HPFSService; c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [293376 2009-07-15] (Hewlett-Packard)
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-15] (Parallel Lines Development, LLC)
S2 ksupmgr; C:\Windows\system32\ksupmgr.exe [765592 2010-08-25] (Salfeld Computer)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe [144704 2009-06-03] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 SbieSvc; C:\Users\Andreas\SYSTEMprogramme\SbieSvc.exe [72976 2011-11-23] (SANDBOXIE L.T.D)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0879317fde6173f1\STacSV.exe [221266 2009-08-05] (IDT, Inc.)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 myAgtSvc; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" /ServiceStart [X]
S2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-05-22] (AVG Technologies)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-08-17] (Hewlett-Packard Development Company L.P.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
R3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [48128 2009-09-05] (REDC)
R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [40016 2009-08-13] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [110448 2009-08-13] ()
R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51728 2009-08-13] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [13184 2009-08-13] (McAfee, Inc.)
R3 SbieDrv; C:\Users\Andreas\SYSTEMprogramme\SbieDrv.sys [131856 2011-11-23] (SANDBOXIE L.T.D)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-27 22:16 - 2014-04-27 22:18 - 00041116 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-04-27 22:15 - 2014-04-27 22:17 - 00000655 _____ () C:\Windows\system32\cchservice.err
2014-04-27 22:08 - 2014-04-27 22:08 - 00000000 ____D () C:\Users\Andreas\Desktop\FRST-OlderVersion
2014-04-24 11:16 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-24 11:16 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-24 11:16 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-24 11:16 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-24 11:16 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-24 11:16 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-24 11:16 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-24 11:16 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-24 11:16 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-24 11:16 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-24 11:16 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-24 11:16 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-24 11:16 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-24 11:16 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-24 11:16 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-24 11:16 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-24 11:16 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-24 11:16 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-24 11:16 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-24 11:16 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-24 11:16 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-24 11:16 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-24 11:16 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-24 11:16 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-24 11:16 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-24 11:16 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 23:09 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-23 23:09 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 23:09 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 23:09 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 23:08 - 2014-04-23 23:09 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-23 22:57 - 2014-04-23 23:03 - 00000000 ____D () C:\Users\Andreas\Downloads\software media
2014-04-23 21:50 - 2014-04-27 22:08 - 01049600 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2014-04-23 21:23 - 2014-04-27 22:16 - 00000000 ____D () C:\FRST
2014-04-16 23:04 - 2014-04-16 23:06 - 00000000 ____D () C:\AdwCleaner
2014-04-16 23:02 - 2014-04-16 23:02 - 00000000 ____D () C:\Program Files\ESET
2014-04-16 22:34 - 2014-04-16 22:34 - 01891395 _____ (Dominik Reichl ) C:\Users\Andreas\Desktop\KeePass-1.27-Setup.exe
2014-04-16 22:14 - 2014-04-16 23:01 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 21:58 - 2014-04-16 21:58 - 00001197 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\Program Files\AntiPEST
2014-04-16 21:58 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 21:58 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 21:58 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 21:55 - 2014-04-16 21:57 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-16 21:24 - 2014-04-23 21:17 - 00000000 ____D () C:\Users\Andreas\Downloads\AntiPEST
2014-04-10 21:02 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:55 - 2014-04-09 07:55 - 00000000 ____D () C:\Users\TEST\AppData\Local\Microsoft Corporation
2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\ATI
2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\TEST\AppData\Local\ATI
2014-04-09 07:53 - 2014-04-10 22:41 - 00146904 _____ () C:\Users\TEST\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-09 07:52 - 2014-04-09 07:52 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Hewlett-Packard
2014-04-09 07:52 - 2014-04-09 07:52 - 00000000 ____D () C:\Users\TEST\AppData\Local\Hewlett-Packard
2014-04-09 07:51 - 2014-04-09 07:51 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Apple Computer
2014-04-09 07:51 - 2014-04-09 07:51 - 00000000 ____D () C:\Users\TEST\AppData\Local\PDFC
2014-04-09 07:50 - 2014-04-09 07:50 - 00001419 _____ () C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-09 07:50 - 2014-04-09 07:50 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Salfeld
2014-04-09 07:50 - 2014-04-09 07:50 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Adobe
2014-04-09 07:49 - 2014-04-09 07:50 - 00000000 ____D () C:\Users\TEST
2014-04-09 07:49 - 2014-04-09 07:49 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Motorola
2014-04-09 07:49 - 2013-06-26 23:13 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Macromedia
2014-04-09 07:49 - 2011-09-26 21:09 - 00000000 ____D () C:\Users\TEST\AppData\Local\Microsoft Help
2014-04-09 07:49 - 2009-07-27 09:37 - 00000020 ___SH () C:\Users\TEST\ntuser.ini
2014-04-09 07:49 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-09 07:49 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

2014-04-27 22:19 - 2013-02-14 13:28 - 00000000 ___HD () C:\ProgramData\Device
2014-04-27 22:18 - 2014-04-27 22:16 - 00041116 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-04-27 22:17 - 2014-04-27 22:15 - 00000655 _____ () C:\Windows\system32\cchservice.err
2014-04-27 22:16 - 2014-04-23 21:23 - 00000000 ____D () C:\FRST
2014-04-27 22:16 - 2012-04-15 19:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 22:15 - 2012-04-11 08:21 - 00000016 _____ () C:\Windows\system32\excltmp~.dat
2014-04-27 22:15 - 2011-10-01 13:52 - 00000261 _____ () C:\NET.INI
2014-04-27 22:11 - 2012-01-20 18:35 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 22:11 - 2011-11-29 21:13 - 00004720 _____ () C:\Windows\Sandboxie.ini
2014-04-27 22:09 - 2012-01-20 18:35 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-27 22:08 - 2014-04-27 22:08 - 00000000 ____D () C:\Users\Andreas\Desktop\FRST-OlderVersion
2014-04-27 22:08 - 2014-04-23 21:50 - 01049600 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2014-04-27 22:02 - 2011-10-01 13:52 - 00000000 ___HD () C:\Program Files\Common Files\System Shared
2014-04-27 22:02 - 2011-10-01 03:35 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA.job
2014-04-27 22:01 - 2011-11-16 03:47 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA.job
2014-04-27 22:01 - 2011-11-16 03:47 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core.job
2014-04-27 22:01 - 2011-10-01 03:35 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core.job
2014-04-27 09:40 - 2012-10-22 23:35 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Ditto
2014-04-26 15:01 - 2010-10-13 22:23 - 01699403 _____ () C:\Windows\WindowsUpdate.log
2014-04-26 14:59 - 2009-10-01 03:18 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-26 14:57 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-26 14:57 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-26 14:52 - 2009-10-01 03:20 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-26 14:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 14:50 - 2009-07-14 06:39 - 00408482 _____ () C:\Windows\setupact.log
2014-04-23 23:09 - 2014-04-23 23:08 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-23 23:09 - 2013-10-22 23:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-23 23:09 - 2012-09-01 13:15 - 00000000 ____D () C:\Program Files\Java
2014-04-23 23:03 - 2014-04-23 22:57 - 00000000 ____D () C:\Users\Andreas\Downloads\software media
2014-04-23 22:59 - 2013-06-26 23:12 - 00000000 ____D () C:\Users\Andreas\Downloads\System Software
2014-04-23 21:17 - 2014-04-16 21:24 - 00000000 ____D () C:\Users\Andreas\Downloads\AntiPEST
2014-04-19 13:28 - 2012-08-08 09:05 - 00000000 ____D () C:\Users\Andreas\.tfo4
2014-04-18 22:21 - 2013-09-17 18:54 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2014-04-16 23:06 - 2014-04-16 23:04 - 00000000 ____D () C:\AdwCleaner
2014-04-16 23:02 - 2014-04-16 23:02 - 00000000 ____D () C:\Program Files\ESET
2014-04-16 23:01 - 2014-04-16 22:14 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 22:41 - 2011-12-20 01:04 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk
2014-04-16 22:41 - 2011-12-20 01:04 - 00001055 _____ () C:\Users\Andreas\Desktop\KeePass.lnk
2014-04-16 22:41 - 2011-12-20 01:04 - 00000000 ____D () C:\Program Files\KeePass Password Safe
2014-04-16 22:34 - 2014-04-16 22:34 - 01891395 _____ (Dominik Reichl ) C:\Users\Andreas\Desktop\KeePass-1.27-Setup.exe
2014-04-16 21:58 - 2014-04-16 21:58 - 00001197 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\Program Files\AntiPEST
2014-04-16 21:57 - 2014-04-16 21:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-16 21:07 - 2011-11-29 21:24 - 00000000 ____D () C:\Users\Andreas\Downloads\KeePass-1.20
2014-04-16 18:21 - 2009-10-01 03:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-16 18:19 - 2013-07-29 08:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-16 18:11 - 2011-11-14 23:57 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-14 20:13 - 2014-04-23 23:09 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-04-23 23:09 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-14 20:05 - 2014-04-23 23:09 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-14 20:04 - 2014-04-23 23:09 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-11 07:14 - 2011-12-19 22:33 - 00000000 ____D () C:\Program Files\StarMoney 8.0
2014-04-10 22:41 - 2014-04-09 07:53 - 00146904 _____ () C:\Users\TEST\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-09 07:55 - 2014-04-09 07:55 - 00000000 ____D () C:\Users\TEST\AppData\Local\Microsoft Corporation
2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\ATI
2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\TEST\AppData\Local\ATI
2014-04-09 07:52 - 2014-04-09 07:52 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Hewlett-Packard
2014-04-09 07:52 - 2014-04-09 07:52 - 00000000 ____D () C:\Users\TEST\AppData\Local\Hewlett-Packard
2014-04-09 07:51 - 2014-04-09 07:51 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Apple Computer
2014-04-09 07:51 - 2014-04-09 07:51 - 00000000 ____D () C:\Users\TEST\AppData\Local\PDFC
2014-04-09 07:50 - 2014-04-09 07:50 - 00001419 _____ () C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-09 07:50 - 2014-04-09 07:50 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Salfeld
2014-04-09 07:50 - 2014-04-09 07:50 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Adobe
2014-04-09 07:50 - 2014-04-09 07:49 - 00000000 ____D () C:\Users\TEST
2014-04-09 07:50 - 2009-07-14 06:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-09 07:50 - 2009-07-14 04:04 - 00000499 _____ () C:\Windows\win.ini
2014-04-09 07:49 - 2014-04-09 07:49 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Motorola
2014-04-04 13:18 - 2011-12-14 00:48 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2014-04-03 09:51 - 2014-04-16 21:58 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 21:58 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 21:58 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 22:15 - 2014-01-19 15:34 - 00000000 ____D () C:\Users\Andreas\Desktop\MONA PHOTOS
2014-03-31 09:35 - 2011-09-12 10:25 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 23:06 - 2013-01-22 18:30 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-03-30 23:06 - 2013-01-22 18:30 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-03-28 00:25 - 2012-05-18 17:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-28 00:25 - 2011-11-15 09:46 - 00020428 _____ () C:\Windows\PFRO.log

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\FileSystemView.dll
C:\Users\Andreas\AppData\Local\Temp\fox5325.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\nsb96F9.exe
C:\Users\Andreas\AppData\Local\Temp\nsbF218.exe
C:\Users\Andreas\AppData\Local\Temp\nsgE9FB.exe
C:\Users\Andreas\AppData\Local\Temp\nsrA119.exe
C:\Users\Andreas\AppData\Local\Temp\nst63AB.exe
C:\Users\Andreas\AppData\Local\Temp\nsw9B1F.exe
C:\Users\Andreas\AppData\Local\Temp\nswEE50.exe
C:\Users\Andreas\AppData\Local\Temp\proxy_util_w32.dll
C:\Users\Andreas\AppData\Local\Temp\setup{97E2961E-BFC3-4F89-8CD0-825CCBAC3110}.exe
C:\Users\Andreas\AppData\Local\Temp\SPSetup.exe
C:\Users\Andreas\AppData\Local\Temp\tbsTMP.exe
C:\Users\Andreas\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Monika\AppData\Local\Temp\fqqsc5od.dll
C:\Users\Monika\AppData\Local\Temp\rt507gxw.dll
C:\Users\Mr.Backup\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Mr.Backup\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\TEST\AppData\Local\Temp\o6hw5iub.dll
C:\Users\TEST\AppData\Local\Temp\rmmwricn.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 19:59

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


und
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014
Ran by Andreas at 2014-04-27 22:21:12
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
1.36 (HKLM\...\etope Lister_is1) (Version:  - Freshworx GmbH & Co.KG)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AbiWord 2.8.4 (HKLM\...\AbiWord2) (Version: 2.8.4 - AbiSource Developers)
ActivClient x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AM-DeadLink 4.6 (HKLM\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)
Analog Clock (HKCU\...\Analog Clock) (Version:  - Opera widgets)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{506C2F0A-2C04-BDA8-8B90-0A3DF65ED67E}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 1995397856.48.56.3607922 - Audible, Inc.)
Auktionatrix - der schnelle Weg zu eBay (HKLM\...\{02E8DF80-DFB9-4C56-8CB9-AFA1CE97AF9C}) (Version: 4.11.10.0 - Z-Dev)
BayDesigner - Deinstallation (HKLM\...\BayDesigner_is1) (Version: 1.35 - Mathias Gerlach [aborange.de])
BayWatcher Pro - Deinstallation (HKLM\...\BayWatcher_is1) (Version: 8.05 - Mathias Gerlach & Jochen Milchsack [aborange.de])
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.30.21.0 - Broadcom Corporation)
Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0909.1747.30091 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0909.1747.30091 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0909.1747.30091 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0909.1747.30091 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0909.1747.30091 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0909.1747.30091 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Czech (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Danish (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Dutch (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help English (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Finnish (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help French (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help German (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Greek (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Italian (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Japanese (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Korean (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Polish (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Russian (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Spanish (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Swedish (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Thai (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Turkish (Version: 2009.0909.1746.30091 - ATI) Hidden
ccc-core-static (Version: 2009.0909.1747.30091 - ATI) Hidden
ccc-utility (Version: 2009.0909.1747.30091 - ATI) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.1 - Hewlett-Packard)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Drive Encryption (HKLM\...\{77ECDC11-EC6B-4027-AD94-60E839F256FB}) (Version: 5.0.1.2 - Hewlett-Packard)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eDocPrintPro (HKLM\...\eDocPrintPro) (Version:  - )
Elastic Soccer v1.0 (HKLM\...\{0FB9C428-F598-49FF-9C90-B1821FF90486}_is1) (Version:  - Nowstat.com)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.1.2 (HKLM\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Faxdrucker (HKLM\...\{44FEE3D0-362E-4439-A976-51825DDAC61F}) (Version: 0.1 - simple-fax.de)
File Sanitizer For HP ProtectTools (HKLM\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.0.7 - Hewlett-Packard)
FileParade bundle uninstaller (HKLM\...\FileParade bundle uninstaller) (Version: 1.0.0.0 - FileParade) <==== ATTENTION
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
FreeCommander 2009.02b (HKLM\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
German - with < > | (HKLM\...\{724D0DBA-3F2F-4AE2-B16C-DAAB7FCB7F49}) (Version: 1.0.3.40 - HP)
Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.76 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9212.3114 - Hewlett-Packard)
HP Common Access Service Library (HKLM\...\{AFCFBA3D-D2EB-4F44-A7F6-5384CE5090DA}) (Version: 3.0.31.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{511376F5-7E5A-4EC9-B603-193B1D425BC3}) (Version: 1.0.1.1 - Hewlett-Packard)
HP Power Assistant (HKLM\...\{B07A6D31-EDE9-415A-9278-07400F7FCCD5}) (Version: 1.0.0.31 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.00.516 - Hewlett-Packard)
HP ProtectTools Security Manager (Version: 5.00.516 - Hewlett-Packard) Hidden
HP QuickLook (HKLM\...\{6B11BCAC-CE60-418E-A0BD-F773EC1194E5}) (Version: 3.0.0.19 - Hewlett-Packard)
HP QuickWeb (HKLM\...\{7861911B-4270-498A-8F7A-FCF0570F4800}) (Version: 1.0.1.32 - DeviceVM, Inc.)
HP Setup (HKLM\...\{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}) (Version: 1.2.3215.3078 - Hewlett-Packard)
HP Software Setup (HKLM\...\{C66A15C3-1435-49AA-9F20-F854E2E91A6C}) (Version: 6.0.1.7 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP User Guides 0142 (HKLM\...\{10A11115-4EFC-4E86-BFC1-D53A478556A1}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.11 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{3E497776-1FCB-4921-91DC-D26E7F636B62}) (Version: 4.0.0.31 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
iCopy (HKLM\...\iCopy) (Version: 1.6.0 - Matteo Rossi)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6229.0 - IDT)
Internet Updater (HKLM\...\InternetUpdater) (Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.390 - Oracle)
KeePass Password Safe 1.27 (HKLM\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl)
Kindersicherung 2012 (HKLM\...\Kindersicherung_is1) (Version:  - Salfeld Computer GmbH)
Kolab E5 Client 2012-07-31-07-47 (HKLM\...\Kolab E5 Client) (Version:  - )
L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version:  - )
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version:  - )
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Lauge 3.0.4.beta (HKLM\...\Lauge_is1) (Version: 3.0.4.beta - Waldemar Derr)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version:  - )
LesefixPRO (HKLM\...\{00DDD9E0-E95F-4470-8767-26B76164A315}) (Version: 8.00 - Dr. Michael Schlesier)
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LibreOffice 3.3 (HKLM\...\{1A97CF67-FEBB-436E-BD64-431FFEF72EB8}) (Version: 3.3.8 - LibreOffice)
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Linkman (HKLM\...\Linkman) (Version: 8.71 - Outertech)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee Virus and Spyware Protection Service (HKLM\...\MVS) (Version: 4.9.2.335 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Russian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Bulgarian) 2007 (Version: 12.0.4518.1042 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Latvian) 2007 (Version: 12.0.4518.1045 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Lithuanian) 2007 (Version: 12.0.4518.1048 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Romanian) 2007 (Version: 12.0.4518.1039 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Office Word MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft RichCopy 4.0 (HKLM\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mindomo Desktop (HKLM\...\MindomoDesktop) (Version: 6.84 - Expert Software Applications Srl)
Mindomo Desktop (Version: 6.84 - Expert Software Applications Srl) Hidden
mobilant.de Client (HKLM\...\mobilant) (Version: 1.0 - F.J. Wechselberger)
Mobile Master (Version: 7.9.14 - Jumping Bytes) Hidden
Mobile Master 7.9.14 (HKLM\...\Mobile Master) (Version: 7.9.14 - Jumping Bytes)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.1 MuseScore score typesetter (HKLM\...\MuseScore) (Version: 1.1.0 - Werner Schweer and Others)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia Maps 3D browser plugin for Internet Explorer (5.7.1.0) (HKCU\...\Nokia Maps 3D browser plugin for Internet Explorer) (Version: 5.7.1.0 - Nokia)
Open Last Closed Tab - Internet Explorer Extension (HKLM\...\OpenLastClosedTab) (Version: 4.1.0.0 - MuvEnum)
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.213.1 - Tracker Software Products Ltd)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pre-Boot Security for HP ProtectTools (Version: 5.0.6.1 - Hewlett-Packard) Hidden
PreisHai 4.2 (HKLM\...\PreisHai_is1) (Version:  - Elmar Denkmann)
Privacy Manager for HP ProtectTools (HKLM\...\{2F77F045-8B4E-40B7-8130-56076F85C38E}) (Version: 5.00.712 - Hewlett-Packard)
PureSync (Version: 3.7.2 - Jumping Bytes) Hidden
PureSync 3.7.2 (HKLM\...\PureSync) (Version: 3.7.2 - Jumping Bytes)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealSpeak Solo fur Deutsch - Steffi (HKLM\...\{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}) (Version: 4.00.0000 - ScanSoft)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.12.00.05 - RICOH)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Business v10 (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (Version: 10.3.349 - Roxio) Hidden
Sandboxie 3.62 (32-bit) (HKLM\...\Sandboxie) (Version: 3.62 - SANDBOXIE L.T.D)
Seesu (HKCU\...\Seesu) (Version:  - Gleb Arestov)
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software)
simple-fax.de Version 1 (HKLM\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
SpeedCommander 11 (HKLM\...\SpeedCommander 11) (Version: 11 - SpeedProject)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.1.31 - StarFinanz) Hidden
StarMoney (Version: 4.0.1.51 - StarFinanz) Hidden
StarMoney 7.0  (HKLM\...\{3A116B91-77B5-463A-8B77-6FBDE5BAA661}) (Version: 7.0 - Star Finanz GmbH)
StarMoney 8.0  (HKLM\...\{6A75F8FA-3A8C-4A11-8628-43ADC5332BEF}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0  (HKLM\...\{CC4F180B-8D7D-44E1-A061-A1B6DDD653CC}) (Version: 9.0 - Star Finanz GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
Synkron 1.6.2 (HKLM\...\Tomlein.Synkron_is1) (Version: 1.6.2 - Matúš Tomlein)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Theft Recovery (HKLM\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.15 - Hewlett-Packard)
Theft Recovery (Version: 5.1.0.15 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0402-0000-0000000FF1CE}_PROHYBRIDR_{F8AE4EBB-CCF5-45FB-B527-E88B4DC37278}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0418-0000-0000000FF1CE}_PROHYBRIDR_{2CD437DF-B0CD-43D2-A344-07C9FAC961F4}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0426-0000-0000000FF1CE}_PROHYBRIDR_{64057C60-03F0-4E29-B2E2-DCB6A1886F33}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0427-0000-0000000FF1CE}_PROHYBRIDR_{CC873AD1-9842-4A46-AF2A-3ED0F3F1452C}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0 - McAfee Inc.) Hidden
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WEB.DE Online-Speicher 1.3.1234.0 (HKCU\...\WEB.DE Application {sync-000021}) (Version: 1.3.1234.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WEB.DE Toolbar für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH)
Websteroids (HKLM\...\Websteroids) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Windows 7 Default Setting (HKLM\...\{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}) (Version: 1.0.0.8 - Hewlett-Packard)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
Wuala (HKCU\...\Wuala) (Version: 1.0.411.0 - LaCie)
Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)

==================== Restore Points  =========================

23-02-2014 18:00:14 Windows Backup
04-03-2014 14:52:21 Windows Backup
10-03-2014 14:30:50 Windows Backup

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1C2D18F9-AA3F-4BCA-B98C-6BCA255BDB40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {2EE8AA8D-D206-4C3A-ABC4-3C81FDD16626} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {31B6FAE7-F9FC-4B66-8F80-8F1FCB661B64} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {45ADE483-6146-40DB-8021-6C3D5E21A998} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {46FC6A6B-8F1A-4DB8-A041-32D5110D4F83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-20] (Google Inc.)
Task: {543143EE-FBFF-4BA8-BFF6-0C266FB6DD04} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {562032F5-CFB6-4273-BA02-BE7B85ED9FF9} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-10] (Hewlett-Packard)
Task: {5625CBF6-57FE-4D98-9CD1-BA4CD8A511ED} - System32\Tasks\OperaBookmarks => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Operasave11.exe [2013-08-20] ()
Task: {592BC37C-F4D1-4579-A987-FBB5506CE04A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.)
Task: {6CEC5E53-6AB2-41FC-A3D5-B65C1CBF011F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {6EBE3D25-1606-429C-A4C0-D06AF8E76A10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.)
Task: {7333E2D8-2FEE-45CF-8664-50D5ED5BBBD7} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {74A3E3A2-C334-4AF1-8189-8684FAD401B5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {95A1B0B2-E0F7-42D9-B7C8-B91A7C275888} - System32\Tasks\Firesave => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Firesave11.exe [2013-08-20] ()
Task: {B5361521-D7CF-4099-B24D-2F3D232EBEFF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C01C8BE0-BD5C-44D8-97E3-70915D71CAA5} - System32\Tasks\{9813CE5C-8F35-4835-AC86-B55B5816A9BD} => Firefox.exe 
Task: {CE30372A-0F34-4A3E-904C-A2C0412D3A5E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {E58361F0-3D6E-48F2-913E-E9337A15D1C0} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-10] (Hewlett-Packard)
Task: {EF570923-0D65-4B54-B77C-75D729D87533} - System32\Tasks\thundersave => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Thundersave11.exe [2013-08-20] ()
Task: {F2E7D8D1-09FE-4DFC-8CE5-6BDCFD272684} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-20] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core.job => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA.job => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core.job => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA.job => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-08-17 21:26 - 2009-08-17 21:26 - 00300600 _____ () C:\Windows\system32\flcdlmsg.dll
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2009-08-20 22:15 - 2009-08-20 22:15 - 00051768 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2009-08-20 22:15 - 2009-08-20 22:15 - 00051256 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2012-10-22 23:34 - 2012-01-03 20:00 - 01350144 _____ () C:\Program Files\Ditto\Ditto.exe
2012-10-22 23:34 - 2012-01-03 19:59 - 00008192 _____ () C:\Program Files\Ditto\focus.dll
2014-01-22 14:29 - 2014-01-22 14:29 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-01-22 14:29 - 2014-01-22 14:29 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2009-06-11 01:30 - 2009-06-11 01:30 - 00098304 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-13 22:23 - 2010-10-13 22:23 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-23 22:07 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-13 21:54 - 2014-03-13 21:54 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-03-21 15:47 - 2014-03-21 15:47 - 03018864 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-03-21 15:47 - 2014-03-21 15:47 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-21 15:47 - 2014-03-21 15:47 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ksupmgr => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Google Update => "C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: McAfee Managed Services Tray => C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

==================== Faulty Device Manager Devices =============

Name: avgtp
Description: avgtp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avgtp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2014 10:03:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: updater.exe, version: 1.0.0.1, time stamp: 0x52b21c71
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1834
Faulting application start time: 0xupdater.exe0
Faulting application path: updater.exe1
Faulting module path: updater.exe2
Report Id: updater.exe3

Error: (04/27/2014 10:02:22 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/27/2014 10:02:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676
Faulting module name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676
Exception code: 0xc0000005
Fault offset: 0x000061fe
Faulting process id: 0x2a08
Faulting application start time: 0xccsync.exe0
Faulting application path: ccsync.exe1
Faulting module path: ccsync.exe2
Report Id: ccsync.exe3

Error: (04/27/2014 10:02:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676
Faulting module name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676
Exception code: 0xc0000005
Fault offset: 0x000061fe
Faulting process id: 0x2064
Faulting application start time: 0xccsync.exe0
Faulting application path: ccsync.exe1
Faulting module path: ccsync.exe2
Report Id: ccsync.exe3

Error: (04/27/2014 09:47:16 AM) (Source: HP Advisor) (User: )
Description: Timestamp: 04.27.2014 09:47:16.032;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [4088];
Message: Application::OnStartup() failed !!!, shutdown application... ;
EventId: 400;
Severity: Critical;
Machine: ANDREAS-PC;
Application Domain: HPAdvisor.exe;
Process Id: 7768;
Process Name: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:

Error: (04/20/2014 07:00:03 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/19/2014 08:06:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/16/2014 07:07:16 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/10/2014 10:42:14 PM) (Source: HP Advisor) (User: )
Description: Timestamp: 04.10.2014 22:42:14.290;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [9328];
Message: Application::OnStartup() failed !!!, shutdown application... ;
EventId: 400;
Severity: Critical;
Machine: ANDREAS-PC;
Application Domain: HPAdvisor.exe;
Process Id: 9324;
Process Name: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:

Error: (04/10/2014 08:29:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676
Faulting module name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676
Exception code: 0xc0000005
Fault offset: 0x000061fe
Faulting process id: 0x1a38
Faulting application start time: 0xccsync.exe0
Faulting application path: ccsync.exe1
Faulting module path: ccsync.exe2
Report Id: ccsync.exe3


System errors:
=============
Error: (04/27/2014 10:04:48 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/27/2014 10:04:07 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/27/2014 10:01:04 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/27/2014 10:01:03 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/27/2014 09:39:59 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/27/2014 09:22:28 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/26/2014 02:51:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avgtp

Error: (04/26/2014 02:51:33 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.2.0 service failed to start due to the following error: 
%%2

Error: (04/26/2014 02:51:16 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Virus and Spyware Protection Service service failed to start due to the following error: 
%%2

Error: (04/26/2014 02:50:53 PM) (Source: Service Control Manager) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-04-27 09:57:17.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-27 09:48:29.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-27 09:39:59.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-24 11:15:45.181
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-24 11:02:17.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 22:14:33.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 22:03:49.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 21:23:05.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 21:11:12.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-16 22:31:41.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 69%
Total physical RAM: 2812.7 MB
Available physical RAM: 865.49 MB
Total Pagefile: 5623.7 MB
Available Pagefile: 2898.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.99 MB

==================== Drives ================================

Drive c: (WIN7_C) (Fixed) (Total:280.79 GB) (Free:130.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.51 GB) FAT32
Drive g: () (Removable) (Total:3.72 GB) (Free:3.39 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: B8DEA2D4)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=83)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
und:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Andreas on 27.04.2014 at 23:18:24,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\f
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\tubesaver
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_free-mp3-wma-converter_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_free-mp3-wma-converter_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files\sweetpacks bundle uninstaller"
Successfully deleted: [Folder] "C:\Users\Andreas\documents\optimizer pro"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\xgqgx91o.default\extensions\support@websteroidsapp.com
Successfully deleted the following from C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\xgqgx91o.default\prefs.js

user_pref("avg.install.userHPSettings", "hxxps://isearch.avg.com/?cid={AA84BBDD-C5EB-42FB-9AE5-F26FF3EC83F4}&mid=ef0ba35e35954242925b6c8602ac96fb-42c36a3c1954536467068e2918f43
Emptied folder: C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\xgqgx91o.default\minidumps [69 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ojcdnngpmbenohhjlickdajclhbcaada



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.04.2014 at 23:33:27,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Geändert von awk (27.04.2014 um 22:47 Uhr) Grund: frage erweitert

Alt 28.04.2014, 09:18   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Friend Checker, Conduit Search, seltsames Browser Verhalten - Standard

Friend Checker, Conduit Search, seltsames Browser Verhalten


Deine Frage verstehe ich nicht. Meinst Du im Anschluss an die bereinigung ein sauberes Backup der Browser machen? Die Browser müsen warscheinlich eh neu instaliert und zurückgesetzt werden, wenn Sie nach der ganzen Adware keine Ruhe geben.


Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Frisches FRST log bitte. Noch probleme?
__________________
--> Friend Checker, Conduit Search, seltsames Browser Verhalten

Alt 14.10.2014, 16:12   #7
awk
 
Friend Checker, Conduit Search, seltsames Browser Verhalten - Icon16

Problem ungelöst


Hallo,
habe im TB gesucht und durch Zufall meinen eingenen Eintrag wieder gefunden...

Problem besteht weiter und ich bin kurz davor, den Rechner komplett platt zu machen.

Alles versuchte half nichts.

Akuell:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by Andreas (administrator) on ANDREAS-PC on 14-10-2014 16:23:19
Running from C:\Users\Andreas\Desktop
Loaded Profile: Andreas (Available profiles: Andreas & Monika & Mona & TEST)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Salfeld Computer) C:\Windows\System32\cc32\webtmr.exe
(Salfeld Computer) C:\Windows\tray\wintmr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(SANDBOXIE L.T.D) C:\Users\Andreas\SYSTEMprogramme\SbieCtrl.exe
(Dominik Reichl) C:\Program Files\KeePass Password Safe\KeePass.exe
() C:\Program Files\Ditto\Ditto.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1640504 2009-08-20] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [MVS Splash] => C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-04] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-04] (ActivIdentity)
HKLM\...\Run: [File Sanitizer] => c:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11258368 2009-07-15] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-08-05] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ChicoSys] => C:\Windows\system32\cc32\webtmr.exe [6634624 2009-07-14] (Salfeld Computer)
HKLM\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [486264 2013-12-19] (Updater)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\runonceex: [ContentMerger] => c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-08-13] (Hewlett-Packard)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [SandboxieControl] => C:\Users\Andreas\SYSTEMprogramme\SbieCtrl.exe [442640 2011-11-23] (SANDBOXIE L.T.D)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Google Update] => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-01] (Google Inc.)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [KeePass Password Safe] => C:\Program Files\KeePass Password Safe\KeePass.exe [2117632 2014-04-06] (Dominik Reichl)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [PC Suite Tray] => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1350144 2012-01-03] ()
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [7099008 2009-07-14] (Salfeld Computer)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [486264 2013-12-19] (Updater)
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\system: [DisableClock] 1
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {5b5d81a5-8e33-11e1-902b-0009dd5029c9} - D:\Install.exe
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {91848a7a-159c-11e2-934a-705ab697ae61} - D:\setup.exe -a
HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {a4f2663e-f5ae-11e2-963e-705ab697ae61} - G:\LGAutoRun.exe
HKU\S-1-5-18\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [7099008 2009-07-14] (Salfeld Computer)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {BBE889A1-1AE6-4482-912B-F2B77654EEDB} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - DefaultScope {C6CA7969-6616-494A-B8C9-403353196BE3} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {742E88D5-9010-46AA-AC14-40BADE3E90B8} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {91343ACB-EAA6-4986-A05A-36A9DE6932D8} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {997329D0-5E79-4A8B-878A-8713D269A659} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C4BA47D3-A495-4814-8EE6-FE7C750E03B2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C6CA7969-6616-494A-B8C9-403353196BE3} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: OpenLastClosedTab.LastClosedTab -> {e15e75e9-a653-42a3-8d05-f2f7e309bdca} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\Program Files\TOOLS\Linkman\LinkmanCom.dll (Outertech)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.335.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default
FF DefaultSearchEngine: Ecosia
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Ecosia
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "ftp", "185.49.15.25"
FF NetworkProxy: "ftp_port", 7808
FF NetworkProxy: "http", "185.49.15.25"
FF NetworkProxy: "http_port", 7808
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "185.49.15.25"
FF NetworkProxy: "socks_port", 7808
FF NetworkProxy: "ssl", "185.49.15.25"
FF NetworkProxy: "ssl_port", 7808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange\PDF XChange Lite\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange\PDF XChange Lite\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\bidvoynet-de.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\duckduckgo-1.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\google-video.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\idealode.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\mailcom-search.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\medikamentade.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\people-search.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\testberichtede.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\youtube-ssl.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\duckduckgo-de.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\duckduckgo-html.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\idealode.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\metager.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\mp3-search.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\openstreetmap.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\privatelee-https.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\wot-scorecard.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: QuickFox Notes - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\amin.eft_bmnotes@gmail.com [2014-04-27]
FF Extension: bug682944 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\bug682944@alice0775 [2012-05-18]
FF Extension: CLEO - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\CLEO@guid.customsoftwareconsult.com [2014-07-13]
FF Extension: Pocket - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\isreaditlater@ideashower.com [2014-07-04]
FF Extension: KeeFox - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\keefox@chris.tomlinson [2014-10-13]
FF Extension: Rain Alarm Extension - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\rain-alarm@mdiener.de [2014-03-25]
FF Extension: screen-reader-simulator - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\screen-reader-simulator@gaiamobile.org [2014-09-04]
FF Extension: WEB.DE MailCheck - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\toolbar@web.de [2014-09-18]
FF Extension: AddThis - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2012-10-02]
FF Extension: FEBE - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-09-18]
FF Extension: WOT - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Snip It! Button for eBay - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{aab35b56-0206-4472-9993-9cb5c09bb722} [2012-09-30]
FF Extension: DownloadHelper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-18]
FF Extension: Evernote Web Clipper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-22]
FF Extension: billiger.de Sparberater - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\ciuvo-extension@billiger.de.xpi [2013-04-25]
FF Extension: Firebug - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-28]
FF Extension: GutscheinDoktor Toolbar - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\FirefoxToolbar@gutscheindoktor.de.xpi [2014-10-13]
FF Extension: Email This! Bookmarklet Extension - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\gmailthis@lazyrussian.com.xpi [2011-09-13]
FF Extension: Trusted Shops Add-On für Firefox - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\jid1-PBNne26X1Kn6hQ@jetpack.xpi [2014-09-18]
FF Extension: DuckDuckGo Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-04-16]
FF Extension: Lazarus: Form Recovery - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\lazarus@interclue.com.xpi [2011-12-14]
FF Extension: People Lookup - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\mail@sayemislam.com.xpi [2012-01-30]
FF Extension: Clearly - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\readable@evernote.com.xpi [2013-05-29]
FF Extension: Save Session - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\savesession@noasobi.net.xpi [2011-11-25]
FF Extension: ScrapBook Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\scrapbookplus@addons.mozilla.org.xpi [2011-09-13]
FF Extension: 如意淘:同款比价,价格曲线,降价提醒 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\shoppingassist@ookong.com.xpi [2012-03-12]
FF Extension: Stealthy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\stealthyextension@gmail.com.xpi [2011-12-08]
FF Extension: WikiLook - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\wikilook@testpilot.xpi [2013-04-16]
FF Extension: YouTube to MP3 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-10-17]
FF Extension: All-in-One Sidebar - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2011-09-12]
FF Extension: Session Manager - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012-04-28]
FF Extension: Webutation - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2014-04-23]
FF Extension: FlashGot - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-19]
FF Extension: Unhide Passwords - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2011-12-14]
FF Extension: ebayitemdescriptionshowsellerloc - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{38fc2fbc-9500-46e7-8bc5-b128acd9e143}.xpi [2012-03-12]
FF Extension: Speed Dial - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-12-14]
FF Extension: OperaView - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}.xpi [2011-09-12]
FF Extension: ImTranslator - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-09-12]
FF Extension: Easy YouTube Video Downloader - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-10-17]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-02-25]
FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-12]
FF Extension: BetterPrivacy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-03-12]
FF Extension: Tab Mix Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-11-25]
FF Extension: DownThemAll! - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-09-12]
FF Extension: CLEO - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\CLEO@guid.customsoftwareconsult.com [2014-07-13]
FF Extension: FEBE - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-07-13]
FF Extension: Snip It! Button for eBay - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{aab35b56-0206-4472-9993-9cb5c09bb722} [2014-08-01]
FF Extension: Evernote Web Clipper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-07-14]
FF Extension: Clearly - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\readable@evernote.com.xpi [2014-07-14]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-08-01]
FF Extension: Integrated Inbox for Gmail &amp; Google Apps - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi [2014-07-14]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-07-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013-02-20]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1 [2012-03-06]
FF HKCU\...\Firefox\Extensions: [{576c7366-d9f6-439a-a42d-06940409e125}] - C:\Program Files\TubeSaver\130.xpi
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-03]
CHR Extension: (Poper Blocker) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2013-08-23]
CHR Extension: (Hotah) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnjgpdehkocfilimigpgedggkneaacc [2014-01-31]
CHR Extension: (Strict Workflow) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2013-08-23]
CHR Extension: (Google Calendar) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-03]
CHR Extension: (Polycraft) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2014-01-31]
CHR Extension: (Planetarium) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-01-03]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-02-25]
CHR Extension: (Air Hockey) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojagedhadegobocpaokaifiacjiolph [2013-08-20]
CHR Extension: (Timer) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhclmngbkkejbdfjmicnkmoggfpehein [2014-01-03]
CHR Extension: (The Old Reader) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhdpibondcndkgpoobpnndbbelpidhpk [2014-01-03]
CHR Extension: (Murder Files) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-01-31]
CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-01-03]
CHR Extension: (Cut the Rope) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2014-01-03]
CHR Extension: (Any.do Extension) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-08-23]
CHR Extension: (Evernote Web) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-08-28]
CHR Extension: (Pocket) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-01-03]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Any.do) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2014-01-24]
CHR Extension: (Bubble Santa) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbokbbbgkgifjmmbokbdiimcffphbgha [2014-01-03]
CHR Extension: (Accurate Ruler) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemefhlbiinkcopbapnfghcnjhlgceof [2014-01-03]
CHR Extension: (SpeakIt!) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2014-01-03]
CHR Extension: (Evernote Web Clipper) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-08-28]
CHR Extension: (Calculator) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppilpeehmlhboiknckikefgpdkpnhkgc [2014-01-24]
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Angry Birds) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-03]
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-03]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03]
CHR Extension: (Poper Blocker) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2014-02-05]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-03]
CHR Extension: (Adblock Plus) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-31]
CHR Extension: (Hotah) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfnjgpdehkocfilimigpgedggkneaacc [2014-02-05]
CHR Extension: (Strict Workflow) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2014-01-03]
CHR Extension: (Google-Suche) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-03]
CHR Extension: (Google Kalender) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-03]
CHR Extension: (Polycraft) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2014-02-05]
CHR Extension: (Planetarium) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-01-03]
CHR Extension: (Google Kalender (von Google)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-02-25]
CHR Extension: (Timer) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhclmngbkkejbdfjmicnkmoggfpehein [2014-01-03]
CHR Extension: (The Old Reader) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhdpibondcndkgpoobpnndbbelpidhpk [2014-01-03]
CHR Extension: (Websteroids) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb [2014-05-04]
CHR Extension: (Murder Files) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-02-05]
CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-01-03]
CHR Extension: (Button Snip Dies! für eBay) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jhaoojkpcgaobmnnphdpdokcgdiibblh [2014-08-31]
CHR Extension: (Any.do Extension) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-01-03]
CHR Extension: (Evernote Web) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-01-03]
CHR Extension: (Pocket) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-01-03]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03]
CHR Extension: (Any.do) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2014-02-05]
CHR Extension: (Lineal zum Messen) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pemefhlbiinkcopbapnfghcnjhlgceof [2014-01-03]
CHR Extension: (SpeakIt!) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2014-01-03]
CHR Extension: (Evernote Web Clipper) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-01-03]
CHR Extension: (Google Mail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-03]
CHR Extension: (Calculator - Rechner) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppilpeehmlhboiknckikefgpdkpnhkgc [2014-02-05]
CHR HKLM\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\ProgramData\Websteroids\Chrome\common.crx [2014-05-04]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx [2014-05-04]
CHR StartMenuInternet: Google Chrome - C:\Users\Andreas\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-04] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [303184 2009-09-03] (DigitalPersona, Inc.)
R2 EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [14144 2009-06-03] (McAfee, Inc.)
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-08-17] (Hewlett-Packard Ltd)
S3 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-10] (Hewlett-Packard) [File not signed]
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [95800 2009-08-20] (Hewlett-Packard)
S3 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-08-26] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [96312 2009-08-20] (Hewlett-Packard)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277024 2009-08-13] (McAfee, Inc.)
R2 HPFSService; c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [293376 2009-07-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-15] (Parallel Lines Development, LLC) [File not signed]
S2 ksupmgr; C:\Windows\system32\ksupmgr.exe [765592 2010-08-25] (Salfeld Computer)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe [144704 2009-06-03] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 SbieSvc; C:\Users\Andreas\SYSTEMprogramme\SbieSvc.exe [72976 2011-11-23] (SANDBOXIE L.T.D)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0879317fde6173f1\STacSV.exe [221266 2009-08-05] (IDT, Inc.)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 myAgtSvc; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" /ServiceStart [X]
S2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [74240 2013-04-23] (LG Electronics Inc.)
S1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-05-22] (AVG Technologies) [File not signed]
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-08-17] (Hewlett-Packard Development Company L.P.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
R3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [48128 2009-09-05] (REDC)
R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [40016 2009-08-13] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [110448 2009-08-13] () [File not signed]
R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51728 2009-08-13] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [13184 2009-08-13] (McAfee, Inc.)
R3 SbieDrv; C:\Users\Andreas\SYSTEMprogramme\SbieDrv.sys [131856 2011-11-23] (SANDBOXIE L.T.D)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 16:23 - 2014-10-14 16:25 - 00045254 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-10-14 16:21 - 2014-10-14 16:21 - 01101824 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2014-10-14 15:48 - 2014-10-14 13:43 - 01705698 _____ (Thisisu) C:\Users\Andreas\Desktop\JRT_NEW.exe
2014-10-14 15:15 - 2014-10-14 15:15 - 00000960 _____ () C:\Users\Andreas\Desktop\remove.txt
2014-10-14 14:16 - 2014-10-14 14:16 - 00263762 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-10-13 17:36 - 2014-10-13 17:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-10-13 07:06 - 2014-10-14 16:11 - 00004445 _____ () C:\Windows\system32\cchservice.err
2014-09-24 13:31 - 2014-09-24 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-09-24 13:30 - 2014-09-24 13:30 - 00000000 ____D () C:\Program Files\Evernote
2014-09-17 21:22 - 2014-09-17 21:23 - 00000914 _____ () C:\Users\Andreas\Desktop\My Documents.lnk
2014-09-17 21:22 - 2014-09-17 21:22 - 00001260 _____ () C:\Users\Andreas\Desktop\PC.lnk
2014-09-15 09:50 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 09:50 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 09:50 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-15 09:50 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-15 09:50 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 09:50 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-15 09:50 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-15 09:50 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 09:50 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 09:50 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-15 09:50 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-15 09:50 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-15 09:50 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-15 09:50 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-15 09:50 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 09:50 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 09:50 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 09:50 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 09:50 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 09:50 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 09:50 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 09:50 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-15 09:50 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-15 09:49 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 09:49 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 09:49 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 09:49 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 09:49 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 09:49 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 09:49 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 16:23 - 2014-04-23 21:23 - 00000000 ____D () C:\FRST
2014-10-14 16:19 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 16:19 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 16:18 - 2009-10-01 03:18 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-14 16:16 - 2012-10-22 23:35 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Ditto
2014-10-14 16:16 - 2012-04-15 19:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-14 16:15 - 2012-04-11 08:21 - 00000056 _____ () C:\Windows\system32\excltmp~.dat
2014-10-14 16:15 - 2010-10-13 22:23 - 01974571 _____ () C:\Windows\WindowsUpdate.log
2014-10-14 16:14 - 2012-01-20 18:35 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-14 16:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 16:11 - 2009-07-14 06:39 - 00424878 _____ () C:\Windows\setupact.log
2014-10-14 15:44 - 2012-01-20 18:35 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-14 15:28 - 2011-11-16 03:47 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA.job
2014-10-14 15:08 - 2011-10-01 03:35 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA.job
2014-10-14 14:31 - 2013-08-25 23:02 - 00000000 ____D () C:\Windows\system32\wdrv
2014-10-14 14:31 - 2011-10-01 13:52 - 00000261 _____ () C:\NET.INI
2014-10-14 14:31 - 2011-10-01 13:52 - 00000000 ___HD () C:\Program Files\Common Files\System Shared
2014-10-13 22:43 - 2011-11-29 21:13 - 00004846 _____ () C:\Windows\Sandboxie.ini
2014-10-13 22:08 - 2011-10-01 03:35 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core.job
2014-10-13 16:28 - 2011-11-16 03:47 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core.job
2014-10-13 15:38 - 2012-12-21 08:19 - 00000000 ____D () C:\Program Files\Motorola
2014-10-13 15:33 - 2011-09-26 20:59 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-10-13 15:29 - 2009-10-01 03:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-13 09:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-13 09:13 - 2012-12-21 08:51 - 00000000 ____D () C:\Temp
2014-10-13 07:06 - 2013-09-17 18:54 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2014-10-13 07:06 - 2013-02-14 13:28 - 00000000 ___HD () C:\ProgramData\Device
2014-10-09 10:42 - 2013-02-13 13:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-30 22:15 - 2012-09-08 17:37 - 00158652 _____ () C:\Users\Andreas\Desktop\Database2012-09.kdb.kdb
2014-09-27 09:10 - 2013-01-22 18:30 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-09-27 09:10 - 2013-01-22 18:30 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-09-24 15:16 - 2012-04-15 19:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 15:16 - 2011-10-01 03:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 12:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-17 21:27 - 2013-02-20 01:29 - 00000000 ____D () C:\Users\Andreas\Desktop\BACKUP Saver
2014-09-15 10:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-15 09:52 - 2009-10-01 03:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 09:49 - 2013-07-29 08:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 09:06 - 2011-09-12 10:25 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-15 08:53 - 2011-11-14 23:57 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\proxy_util_w32.dll
C:\Users\Andreas\AppData\Local\Temp\setup{A5AA80DC-A9D4-4792-BF4A-DFDDD5824B73}.exe
C:\Users\Andreas\AppData\Local\Temp\setup{ABBCEE9C-C215-428A-9CAF-74DFD0612D02}.exe
C:\Users\Monika\AppData\Local\Temp\fqqsc5od.dll
C:\Users\Monika\AppData\Local\Temp\rt507gxw.dll
C:\Users\Mr.Backup\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Mr.Backup\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\TEST\AppData\Local\Temp\o6hw5iub.dll
C:\Users\TEST\AppData\Local\Temp\rmmwricn.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-10 09:41

==================== End Of Log ============================
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01
Ran by Andreas at 2014-10-14 16:26:15
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
1.36 (HKLM\...\etope Lister_is1) (Version:  - Freshworx GmbH & Co.KG)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AbiWord 2.8.4 (HKLM\...\AbiWord2) (Version: 2.8.4 - AbiSource Developers)
ActivClient x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AM-DeadLink 4.6 (HKLM\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)
Analog Clock (HKCU\...\Analog Clock) (Version:  - Opera widgets)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{506C2F0A-2C04-BDA8-8B90-0A3DF65ED67E}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 1995397856.48.56.3607922 - Audible, Inc.)
Auktionatrix - der schnelle Weg zu eBay (HKLM\...\{02E8DF80-DFB9-4C56-8CB9-AFA1CE97AF9C}) (Version: 4.11.10.0 - Z-Dev)
BackRex Internet Explorer Backup (HKLM\...\BackRex Internet Explorer Backup) (Version: 2.8 - BackRex Software)
BayDesigner - Deinstallation (HKLM\...\BayDesigner_is1) (Version: 1.35 - Mathias Gerlach [aborange.de])
BayWatcher Pro - Deinstallation (HKLM\...\BayWatcher_is1) (Version: 8.05 - Mathias Gerlach & Jochen Milchsack [aborange.de])
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.30.21.0 - Broadcom Corporation)
Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version:  - )
Cartoonist 1.3 (HKLM\...\Cartoonist_is1) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0909.1747.30091 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0909.1747.30091 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0909.1747.30091 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0909.1747.30091 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0909.1747.30091 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0909.1747.30091 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Czech (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Danish (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Dutch (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help English (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Finnish (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help French (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help German (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Greek (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Italian (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Japanese (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Korean (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Polish (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Russian (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Spanish (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Swedish (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Thai (Version: 2009.0909.1746.30091 - ATI) Hidden
CCC Help Turkish (Version: 2009.0909.1746.30091 - ATI) Hidden
ccc-core-static (Version: 2009.0909.1747.30091 - ATI) Hidden
ccc-utility (Version: 2009.0909.1747.30091 - ATI) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.1 - Hewlett-Packard)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Drive Encryption (HKLM\...\{77ECDC11-EC6B-4027-AD94-60E839F256FB}) (Version: 5.0.1.2 - Hewlett-Packard)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
eDocPrintPro (HKLM\...\eDocPrintPro) (Version:  - )
Elastic Soccer v1.0 (HKLM\...\{0FB9C428-F598-49FF-9C90-B1821FF90486}_is1) (Version:  - Nowstat.com)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.6.4 (HKLM\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Faxdrucker (HKLM\...\{44FEE3D0-362E-4439-A976-51825DDAC61F}) (Version: 0.1 - simple-fax.de)
File Sanitizer For HP ProtectTools (HKLM\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.0.7 - Hewlett-Packard)
FileParade bundle uninstaller (HKLM\...\FileParade bundle uninstaller) (Version: 1.0.0.0 - FileParade) <==== ATTENTION
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
FreeCommander 2009.02b (HKLM\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
German - with < > | (HKLM\...\{724D0DBA-3F2F-4AE2-B16C-DAAB7FCB7F49}) (Version: 1.0.3.40 - HP)
Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.76 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9212.3114 - Hewlett-Packard)
HP Common Access Service Library (HKLM\...\{AFCFBA3D-D2EB-4F44-A7F6-5384CE5090DA}) (Version: 3.0.31.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{511376F5-7E5A-4EC9-B603-193B1D425BC3}) (Version: 1.0.1.1 - Hewlett-Packard)
HP Power Assistant (HKLM\...\{B07A6D31-EDE9-415A-9278-07400F7FCCD5}) (Version: 1.0.0.31 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.00.516 - Hewlett-Packard)
HP ProtectTools Security Manager (Version: 5.00.516 - Hewlett-Packard) Hidden
HP QuickLook (HKLM\...\{6B11BCAC-CE60-418E-A0BD-F773EC1194E5}) (Version: 3.0.0.19 - Hewlett-Packard)
HP QuickWeb (HKLM\...\{7861911B-4270-498A-8F7A-FCF0570F4800}) (Version: 1.0.1.32 - DeviceVM, Inc.)
HP Setup (HKLM\...\{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}) (Version: 1.2.3215.3078 - Hewlett-Packard)
HP Software Setup (HKLM\...\{C66A15C3-1435-49AA-9F20-F854E2E91A6C}) (Version: 6.0.1.7 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP User Guides 0142 (HKLM\...\{10A11115-4EFC-4E86-BFC1-D53A478556A1}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.11 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{3E497776-1FCB-4921-91DC-D26E7F636B62}) (Version: 4.0.0.31 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
iCopy (HKLM\...\iCopy) (Version: 1.6.0 - Matteo Rossi)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6229.0 - IDT)
Internet Updater (HKLM\...\InternetUpdater) (Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.390 - Oracle)
KeePass Password Safe 1.27 (HKLM\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl)
Kindersicherung 2012 (HKLM\...\Kindersicherung_is1) (Version:  - Salfeld Computer GmbH)
Kolab E5 Client 2012-07-31-07-47 (HKLM\...\Kolab E5 Client) (Version:  - )
L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version:  - )
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version:  - )
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Lauge 3.0.4.beta (HKLM\...\Lauge_is1) (Version: 3.0.4.beta - Waldemar Derr)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version:  - )
LesefixPRO (HKLM\...\{00DDD9E0-E95F-4470-8767-26B76164A315}) (Version: 8.00 - Dr. Michael Schlesier)
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LibreOffice 3.3 (HKLM\...\{1A97CF67-FEBB-436E-BD64-431FFEF72EB8}) (Version: 3.3.8 - LibreOffice)
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Linkman (HKLM\...\Linkman) (Version: 8.71 - Outertech)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Virus and Spyware Protection Service (HKLM\...\MVS) (Version: 4.9.2.335 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Russian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Bulgarian) 2007 (Version: 12.0.4518.1042 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Latvian) 2007 (Version: 12.0.4518.1045 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Lithuanian) 2007 (Version: 12.0.4518.1048 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Romanian) 2007 (Version: 12.0.4518.1039 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Office Word MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft RichCopy 4.0 (HKLM\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mindomo Desktop (HKLM\...\MindomoDesktop) (Version: 6.84 - Expert Software Applications Srl)
Mindomo Desktop (Version: 6.84 - Expert Software Applications Srl) Hidden
mobilant.de Client (HKLM\...\mobilant) (Version: 1.0 - F.J. Wechselberger)
Mobile Master (Version: 7.9.14 - Jumping Bytes) Hidden
Mobile Master 7.9.14 (HKLM\...\Mobile Master) (Version: 7.9.14 - Jumping Bytes)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 1.1 MuseScore score typesetter (HKLM\...\MuseScore) (Version: 1.1.0 - Werner Schweer and Others)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia Maps 3D browser plugin for Internet Explorer (5.7.1.0) (HKCU\...\Nokia Maps 3D browser plugin for Internet Explorer) (Version: 5.7.1.0 - Nokia)
Open Last Closed Tab - Internet Explorer Extension (HKLM\...\OpenLastClosedTab) (Version: 4.1.0.0 - MuvEnum)
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.213.1 - Tracker Software Products Ltd)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pre-Boot Security for HP ProtectTools (Version: 5.0.6.1 - Hewlett-Packard) Hidden
PreisHai 4.2 (HKLM\...\PreisHai_is1) (Version:  - Elmar Denkmann)
Privacy Manager for HP ProtectTools (HKLM\...\{2F77F045-8B4E-40B7-8130-56076F85C38E}) (Version: 5.00.712 - Hewlett-Packard)
PureSync (Version: 3.7.2 - Jumping Bytes) Hidden
PureSync 3.7.2 (HKLM\...\PureSync) (Version: 3.7.2 - Jumping Bytes)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealSpeak Solo fur Deutsch - Steffi (HKLM\...\{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}) (Version: 4.00.0000 - ScanSoft)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.12.00.05 - RICOH)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Business v10 (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (Version: 10.3.349 - Roxio) Hidden
Sandboxie 3.62 (32-bit) (HKLM\...\Sandboxie) (Version: 3.62 - SANDBOXIE L.T.D)
Seesu (HKCU\...\Seesu) (Version:  - Gleb Arestov)
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software)
simple-fax.de Version 1 (HKLM\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
SpeedCommander 11 (HKLM\...\SpeedCommander 11) (Version: 11 - SpeedProject)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.1.31 - StarFinanz) Hidden
StarMoney (Version: 4.0.1.51 - StarFinanz) Hidden
StarMoney 7.0  (HKLM\...\{3A116B91-77B5-463A-8B77-6FBDE5BAA661}) (Version: 7.0 - Star Finanz GmbH)
StarMoney 8.0  (HKLM\...\{6A75F8FA-3A8C-4A11-8628-43ADC5332BEF}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0  (HKLM\...\{CC4F180B-8D7D-44E1-A061-A1B6DDD653CC}) (Version: 9.0 - Star Finanz GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
Synkron 1.6.2 (HKLM\...\Tomlein.Synkron_is1) (Version: 1.6.2 - Matúš Tomlein)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Theft Recovery (HKLM\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.15 - Hewlett-Packard)
Theft Recovery (Version: 5.1.0.15 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0402-0000-0000000FF1CE}_PROHYBRIDR_{F8AE4EBB-CCF5-45FB-B527-E88B4DC37278}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0418-0000-0000000FF1CE}_PROHYBRIDR_{2CD437DF-B0CD-43D2-A344-07C9FAC961F4}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0426-0000-0000000FF1CE}_PROHYBRIDR_{64057C60-03F0-4E29-B2E2-DCB6A1886F33}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0427-0000-0000000FF1CE}_PROHYBRIDR_{CC873AD1-9842-4A46-AF2A-3ED0F3F1452C}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0 - McAfee Inc.) Hidden
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WEB.DE Online-Speicher 1.3.1234.0 (HKCU\...\WEB.DE Application {sync-000021}) (Version: 1.3.1234.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WEB.DE Toolbar für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH)
Websteroids (HKLM\...\Websteroids) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Windows 7 Default Setting (HKLM\...\{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}) (Version: 1.0.0.8 - Hewlett-Packard)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
Wuala (HKCU\...\Wuala) (Version: 1.0.411.0 - LaCie)
Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{3117CB95-EAC5-4C8E-8647-429A6BA4E914}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Nokia\OviMapsPlugIn\PlugIns\5.7.1.0\npNMapNPR.dll (Nokia gate5 GmbH)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Chrome\Application\32.0.1700.76\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{CAC6785B-655E-4AE1-A656-BDEFD18DC46C}\InprocServer32 -> C:\Program Files\ScanSoft\RealSpeakSolov4\speech\components\common\rs_sapi5_solo.dll (ScanSoft, Inc)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C2D18F9-AA3F-4BCA-B98C-6BCA255BDB40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {2EE8AA8D-D206-4C3A-ABC4-3C81FDD16626} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {45ADE483-6146-40DB-8021-6C3D5E21A998} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {46FC6A6B-8F1A-4DB8-A041-32D5110D4F83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-20] (Google Inc.)
Task: {5625CBF6-57FE-4D98-9CD1-BA4CD8A511ED} - System32\Tasks\OperaBookmarks => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Operasave11.exe [2013-08-20] ()
Task: {592BC37C-F4D1-4579-A987-FBB5506CE04A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.)
Task: {6CEC5E53-6AB2-41FC-A3D5-B65C1CBF011F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {6EBE3D25-1606-429C-A4C0-D06AF8E76A10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.)
Task: {74A3E3A2-C334-4AF1-8189-8684FAD401B5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {95A1B0B2-E0F7-42D9-B7C8-B91A7C275888} - System32\Tasks\Firesave => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Firesave11.exe [2013-08-20] ()
Task: {B5361521-D7CF-4099-B24D-2F3D232EBEFF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C01C8BE0-BD5C-44D8-97E3-70915D71CAA5} - System32\Tasks\{9813CE5C-8F35-4835-AC86-B55B5816A9BD} => Firefox.exe 
Task: {E58361F0-3D6E-48F2-913E-E9337A15D1C0} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-10] (Hewlett-Packard)
Task: {EF570923-0D65-4B54-B77C-75D729D87533} - System32\Tasks\thundersave => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Thundersave11.exe [2013-08-20] ()
Task: {F2E7D8D1-09FE-4DFC-8CE5-6BDCFD272684} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core.job => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA.job => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core.job => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA.job => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-08-17 21:26 - 2009-08-17 21:26 - 00300600 _____ () C:\Windows\system32\flcdlmsg.dll
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2009-08-20 22:15 - 2009-08-20 22:15 - 00051768 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2009-08-20 22:15 - 2009-08-20 22:15 - 00051256 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2009-08-13 00:16 - 2009-08-13 00:16 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-08-13 00:15 - 2009-08-13 00:15 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-08-13 00:15 - 2009-08-13 00:15 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-08-13 00:15 - 2009-08-13 00:15 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-08-13 00:15 - 2009-08-13 00:15 - 00018944 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-08-13 00:15 - 2009-08-13 00:15 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-08-13 00:15 - 2009-08-13 00:15 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-08-13 00:15 - 2009-08-13 00:15 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2012-10-22 23:34 - 2012-01-03 20:00 - 01350144 _____ () C:\Program Files\Ditto\Ditto.exe
2012-10-22 23:34 - 2012-01-03 19:59 - 00008192 _____ () C:\Program Files\Ditto\focus.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00436576 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00318304 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2009-06-11 01:30 - 2009-06-11 01:30 - 00098304 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-13 22:23 - 2010-10-13 22:23 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-12 17:25 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ksupmgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Google Update => "C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: McAfee Managed Services Tray => C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

========================= Accounts: ==========================

Administrator (S-1-5-21-1624768357-4126066135-592724133-500 - Administrator - Disabled)
Andreas (S-1-5-21-1624768357-4126066135-592724133-1002 - Administrator - Enabled) => C:\Users\Andreas
Guest (S-1-5-21-1624768357-4126066135-592724133-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1624768357-4126066135-592724133-1007 - Limited - Enabled)
McAfeeMVSUser (S-1-5-21-1624768357-4126066135-592724133-1000 - Limited - Enabled)
Mona (S-1-5-21-1624768357-4126066135-592724133-1009 - Limited - Enabled) => C:\Users\Mona
Monika (S-1-5-21-1624768357-4126066135-592724133-1004 - Limited - Enabled) => C:\Users\Monika
TEST (S-1-5-21-1624768357-4126066135-592724133-1010 - Administrator - Enabled) => C:\Users\TEST

==================== Faulty Device Manager Devices =============

Name: avgtp
Description: avgtp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avgtp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2014 07:24:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0xfc4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/13/2014 05:30:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x17ac
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/13/2014 04:08:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x177c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/13/2014 03:35:07 PM) (Source: MsiInstaller) (EventID: 11904) (User: Andreas-PC)
Description: Product: Motorola Device Software Update -- Error 1904. Module C:\Program Files\Common Files\MSSoap\Binaries\MSSOAP30.dll failed to register.  HRESULT -1073741502.  Contact your support personnel.

Error: (10/13/2014 03:28:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreeCommander.exe, version: 2009.2.0.417, time stamp: 0x4c8d0097
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000028
Fault offset: 0x00090629
Faulting process id: 0x2e60
Faulting application start time: 0xFreeCommander.exe0
Faulting application path: FreeCommander.exe1
Faulting module path: FreeCommander.exe2
Report Id: FreeCommander.exe3

Error: (10/13/2014 03:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x2b2c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/13/2014 02:54:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x2c7c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/13/2014 02:21:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x223c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/13/2014 01:02:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x1118
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/13/2014 11:45:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x23c8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (10/14/2014 04:12:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avgtp

Error: (10/14/2014 04:11:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater15.2.0 service failed to start due to the following error: 
%%2

Error: (10/14/2014 04:11:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Virus and Spyware Protection Service service failed to start due to the following error: 
%%2

Error: (10/14/2014 04:11:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%2

Error: (10/14/2014 04:11:01 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (10/14/2014 04:11:01 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/14/2014 03:55:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avgtp

Error: (10/14/2014 03:55:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater15.2.0 service failed to start due to the following error: 
%%2

Error: (10/14/2014 03:55:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Virus and Spyware Protection Service service failed to start due to the following error: 
%%2

Error: (10/14/2014 03:54:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-14 15:27:49.623
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 15:16:11.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 14:52:07.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 19:57:35.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 19:48:57.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 19:29:50.416
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 14:51:34.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 14:34:17.233
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 13:14:46.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 12:50:30.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II Dual-Core M340
Percentage of memory in use: 53%
Total physical RAM: 2812.7 MB
Available physical RAM: 1295.43 MB
Total Pagefile: 5623.7 MB
Available Pagefile: 3820.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.34 MB

==================== Drives ================================

Drive c: (WIN7_C) (Fixed) (Total:280.79 GB) (Free:91.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.37 GB) FAT32
Drive f: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B8DEA2D4)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=83)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================
Was tu ich nun?
Arbeiten seeehr eingeschränkt, da der Plugin Container alle ca. 30 min crasht ohne jede Vorwarnung, also ständig Broser Neustart...

Fixen möglich, oder besser gleich alles NEU?

LG AWK

Alt 15.10.2014, 12:02   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Friend Checker, Conduit Search, seltsames Browser Verhalten - Standard

Friend Checker, Conduit Search, seltsames Browser Verhalten


Du brauchst nen halbes Jahr um dich nochmal zu melden? So extrem kann das Problem anscheinend nicht nerven.


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    FileParade bundle uninstaller

    Internet Updater

    Updater

    Websteroids


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Friend Checker, Conduit Search, seltsames Browser Verhalten
conduit search, friend checker, msil/adware.pullupdate.a, pum.hijack.cmdprompt, pup.adware.agent, pup.optional.adlyrics, pup.optional.bundlore, pup.optional.conduit.a, pup.optional.dynconie.a, pup.optional.installiq.a, pup.optional.internetupdater.a, pup.optional.moodtube.a, pup.optional.multiextension.a, pup.optional.opencandy, pup.optional.searchagent, pup.optional.searchprotect.a, pup.optional.softonic.a, pup.optional.somoto.a, pup.optional.sweetim.a, pup.optional.websteroids.a, secure search, spielen, trojan.agent, websteroids, win32/adware.yontoo.b, windows.tool.disabled, worm.autoit


« Funde bei RoutineScan | Windows 8 - Google Chrome / Internet Explorer starten nur über "mystartsearch" »


Ähnliche Themen: Friend Checker, Conduit Search, seltsames Browser Verhalten


  1. Seltsames Verhalten der svchost.exe
    Log-Analyse und Auswertung - 10.03.2015 (4)
  2. Seltsames Verhalten Chrome unter OSX Mavericks
    Alles rund um Mac OSX & Linux - 16.11.2014 (9)
  3. Seltsames Verhalten bei versehentlichem Bootversuch von Speicherkarte
    Alles rund um Mac OSX & Linux - 04.10.2014 (21)
  4. Firefox 29 Update, seltsames Verhalten
    Diskussionsforum - 23.05.2014 (2)
  5. Gmail Hack-Angriff und manchmal seltsames Verhalten
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (1)
  6. Win 7 zeigt seltsames Verhalten
    Log-Analyse und Auswertung - 05.11.2012 (1)
  7. Security Tool 2011 - seltsames Verhalten der Malware
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (0)
  8. Seltsames Verhalten von WinXP SP3 - neu installation
    Alles rund um Windows - 12.03.2009 (1)
  9. seltsames Verhalten eines geblockten MSN-Kontakts
    Log-Analyse und Auswertung - 14.04.2008 (1)
  10. seltsames Verhalten des PC, Virus?
    Plagegeister aller Art und deren Bekämpfung - 08.05.2007 (9)
  11. Seltsames Verhalten des PC Speakers
    Plagegeister aller Art und deren Bekämpfung - 19.03.2007 (1)
  12. Trojaner? Seltsames verhalten Rechnerbetrieb
    Log-Analyse und Auswertung - 10.05.2006 (8)
  13. Bitte LOG prüfen - Seltsames Compi Verhalten
    Log-Analyse und Auswertung - 15.10.2005 (4)
  14. Seltsames verhalten von WinXP Prof
    Plagegeister aller Art und deren Bekämpfung - 26.06.2005 (7)
  15. Seltsames Verhalten beim KAV update
    Antiviren-, Firewall- und andere Schutzprogramme - 22.06.2005 (15)
  16. Seltsames Verhalten von Win XP
    Plagegeister aller Art und deren Bekämpfung - 11.02.2004 (3)
  17. Seltsames Verhalten nach KAV-Installation
    Antiviren-, Firewall- und andere Schutzprogramme - 11.12.2003 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Friend Checker, Conduit Search, seltsames Browser Verhalten - Hallo, seit einigen Wochen - Beginn nicht erinnerbar - habe ich bei jeder ca. fünften Seite in Firefox Popups von FriendChecker. Das Tollste ist: sie spielen jetzt auch Ton ab - Friend Checker, Conduit Search, seltsames Browser Verhalten...
Archiv
Du betrachtest: Friend Checker, Conduit Search, seltsames Browser Verhalten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131