| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x malWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.08.2014, 16:34
| #1 |
 |  http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal Die Seite hxxp://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich zig mal in meinem Standardbrowser Opera seit heute Vormittag. Avira und Malwarebytes fanden bereits zig verdächtige Dateien, die ich anschließend in Quarantäne verschoben habe. Die Logs dazu sind die folgenden. Avira: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 1. August 2014 07:40
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : THINKPAD
Versionsinformationen:
BUILD.DAT : 14.0.5.464 91868 Bytes 02.07.2014 13:06:00
AVSCAN.EXE : 14.0.5.396 1042512 Bytes 03.07.2014 18:08:35
AVSCANRC.DLL : 14.0.5.364 62544 Bytes 03.07.2014 18:08:35
LUKE.DLL : 14.0.5.336 57936 Bytes 03.07.2014 18:08:43
AVSCPLR.DLL : 14.0.5.376 89680 Bytes 03.07.2014 18:08:35
AVREG.DLL : 14.0.5.356 261200 Bytes 03.07.2014 18:08:33
avlode.dll : 14.0.5.396 588368 Bytes 03.07.2014 18:08:32
avlode.rdf : 14.0.4.42 65114 Bytes 17.07.2014 16:14:34
XBV00008.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00009.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00010.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00011.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00012.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00013.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00014.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00015.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00016.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00017.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00018.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00019.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:02
XBV00020.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00021.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00022.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00023.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00024.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00025.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00026.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00027.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00028.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00029.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00030.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00031.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00032.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00033.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00034.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00035.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00036.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00037.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00038.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00039.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00040.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00041.VDF : 8.11.153.142 2048 Bytes 06.06.2014 20:17:03
XBV00225.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00226.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00227.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00228.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00229.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00230.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00231.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00232.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00233.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00234.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00235.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00236.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00237.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:54
XBV00238.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00239.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00240.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00241.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00242.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00243.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00244.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00245.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00246.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00247.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00248.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00249.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00250.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00251.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00252.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00253.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00254.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00255.VDF : 8.11.159.102 2048 Bytes 08.07.2014 16:47:55
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 17:46:42
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 17:46:44
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 16:51:50
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 16:14:58
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 16:20:07
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 16:32:13
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 08:42:02
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 19:05:30
XBV00042.VDF : 8.11.153.142 710656 Bytes 06.06.2014 20:17:04
XBV00043.VDF : 8.11.155.44 1013760 Bytes 16.06.2014 20:17:04
XBV00044.VDF : 8.11.159.102 1662976 Bytes 08.07.2014 16:47:47
XBV00045.VDF : 8.11.159.104 13824 Bytes 08.07.2014 16:47:47
XBV00046.VDF : 8.11.159.108 13312 Bytes 08.07.2014 16:47:47
XBV00047.VDF : 8.11.159.112 30720 Bytes 09.07.2014 16:47:47
XBV00048.VDF : 8.11.159.114 6144 Bytes 09.07.2014 16:47:47
XBV00049.VDF : 8.11.159.116 10240 Bytes 09.07.2014 16:47:47
XBV00050.VDF : 8.11.159.118 5632 Bytes 09.07.2014 16:47:47
XBV00051.VDF : 8.11.159.122 7168 Bytes 09.07.2014 16:47:47
XBV00052.VDF : 8.11.159.126 180736 Bytes 09.07.2014 16:47:48
XBV00053.VDF : 8.11.159.148 174080 Bytes 09.07.2014 22:47:41
XBV00054.VDF : 8.11.159.168 2560 Bytes 09.07.2014 22:47:41
XBV00055.VDF : 8.11.159.188 15360 Bytes 09.07.2014 22:47:41
XBV00056.VDF : 8.11.159.210 25600 Bytes 09.07.2014 19:32:07
XBV00057.VDF : 8.11.159.212 7168 Bytes 09.07.2014 19:32:08
XBV00058.VDF : 8.11.159.218 27648 Bytes 10.07.2014 19:32:08
XBV00059.VDF : 8.11.159.220 2048 Bytes 10.07.2014 19:32:08
XBV00060.VDF : 8.11.159.222 29696 Bytes 10.07.2014 19:32:08
XBV00061.VDF : 8.11.159.224 167936 Bytes 10.07.2014 19:32:08
XBV00062.VDF : 8.11.159.226 35328 Bytes 10.07.2014 19:32:08
XBV00063.VDF : 8.11.159.230 186368 Bytes 10.07.2014 19:32:08
XBV00064.VDF : 8.11.159.250 16896 Bytes 10.07.2014 19:32:08
XBV00065.VDF : 8.11.159.252 2048 Bytes 10.07.2014 19:32:08
XBV00066.VDF : 8.11.160.16 6144 Bytes 10.07.2014 19:32:08
XBV00067.VDF : 8.11.160.40 17408 Bytes 10.07.2014 04:51:04
XBV00068.VDF : 8.11.160.42 2048 Bytes 11.07.2014 04:51:04
XBV00069.VDF : 8.11.160.46 179200 Bytes 11.07.2014 15:28:58
XBV00070.VDF : 8.11.160.48 203264 Bytes 11.07.2014 13:39:59
XBV00071.VDF : 8.11.160.50 6144 Bytes 11.07.2014 13:39:59
XBV00072.VDF : 8.11.160.52 2048 Bytes 11.07.2014 13:39:59
XBV00073.VDF : 8.11.160.54 2048 Bytes 11.07.2014 13:39:59
XBV00074.VDF : 8.11.160.58 22016 Bytes 11.07.2014 13:39:59
XBV00075.VDF : 8.11.160.60 2048 Bytes 11.07.2014 13:39:59
XBV00076.VDF : 8.11.160.62 8192 Bytes 11.07.2014 13:39:59
XBV00077.VDF : 8.11.160.66 198656 Bytes 12.07.2014 13:39:59
XBV00078.VDF : 8.11.160.68 7168 Bytes 12.07.2014 13:39:59
XBV00079.VDF : 8.11.160.70 14848 Bytes 12.07.2014 13:39:59
XBV00080.VDF : 8.11.160.72 7168 Bytes 12.07.2014 11:59:59
XBV00081.VDF : 8.11.160.92 40448 Bytes 13.07.2014 11:59:59
XBV00082.VDF : 8.11.160.112 2048 Bytes 13.07.2014 11:59:59
XBV00083.VDF : 8.11.160.130 193024 Bytes 13.07.2014 15:04:24
XBV00084.VDF : 8.11.160.132 2048 Bytes 13.07.2014 15:04:24
XBV00085.VDF : 8.11.160.152 20480 Bytes 13.07.2014 15:04:24
XBV00086.VDF : 8.11.160.154 2048 Bytes 13.07.2014 15:04:24
XBV00087.VDF : 8.11.160.156 20992 Bytes 14.07.2014 15:04:24
XBV00088.VDF : 8.11.160.158 2560 Bytes 14.07.2014 15:04:24
XBV00089.VDF : 8.11.160.160 11264 Bytes 14.07.2014 15:04:24
XBV00090.VDF : 8.11.160.162 2560 Bytes 14.07.2014 15:04:24
XBV00091.VDF : 8.11.160.166 14336 Bytes 14.07.2014 15:04:24
XBV00092.VDF : 8.11.160.168 5120 Bytes 14.07.2014 15:04:24
XBV00093.VDF : 8.11.160.178 7168 Bytes 14.07.2014 05:08:10
XBV00094.VDF : 8.11.160.180 2048 Bytes 14.07.2014 05:08:10
XBV00095.VDF : 8.11.160.182 2048 Bytes 14.07.2014 05:08:10
XBV00096.VDF : 8.11.160.188 256000 Bytes 14.07.2014 05:08:11
XBV00097.VDF : 8.11.160.190 7680 Bytes 14.07.2014 05:08:11
XBV00098.VDF : 8.11.160.194 18432 Bytes 15.07.2014 05:08:11
XBV00099.VDF : 8.11.160.212 184832 Bytes 15.07.2014 16:44:42
XBV00100.VDF : 8.11.160.230 289792 Bytes 15.07.2014 19:00:52
XBV00101.VDF : 8.11.160.232 2048 Bytes 15.07.2014 19:00:52
XBV00102.VDF : 8.11.160.234 176128 Bytes 15.07.2014 19:00:52
XBV00103.VDF : 8.11.160.254 18432 Bytes 15.07.2014 19:00:53
XBV00104.VDF : 8.11.161.16 6144 Bytes 16.07.2014 19:00:53
XBV00105.VDF : 8.11.161.32 2048 Bytes 16.07.2014 19:00:53
XBV00106.VDF : 8.11.161.34 2048 Bytes 16.07.2014 19:00:53
XBV00107.VDF : 8.11.161.52 26624 Bytes 16.07.2014 19:00:53
XBV00108.VDF : 8.11.161.68 184832 Bytes 16.07.2014 19:00:53
XBV00109.VDF : 8.11.161.84 2048 Bytes 16.07.2014 19:00:53
XBV00110.VDF : 8.11.162.2 2560 Bytes 16.07.2014 19:00:53
XBV00111.VDF : 8.11.162.6 16896 Bytes 16.07.2014 04:18:26
XBV00112.VDF : 8.11.162.8 24064 Bytes 16.07.2014 04:18:26
XBV00113.VDF : 8.11.162.10 2560 Bytes 16.07.2014 04:18:26
XBV00114.VDF : 8.11.162.14 41472 Bytes 17.07.2014 16:14:34
XBV00115.VDF : 8.11.162.16 2048 Bytes 17.07.2014 16:14:35
XBV00116.VDF : 8.11.162.18 215040 Bytes 17.07.2014 16:14:35
XBV00117.VDF : 8.11.162.22 184320 Bytes 17.07.2014 16:14:35
XBV00118.VDF : 8.11.162.40 258048 Bytes 17.07.2014 05:05:05
XBV00119.VDF : 8.11.162.42 3584 Bytes 17.07.2014 05:05:06
XBV00120.VDF : 8.11.162.58 3072 Bytes 17.07.2014 05:05:06
XBV00121.VDF : 8.11.162.78 2048 Bytes 17.07.2014 05:05:06
XBV00122.VDF : 8.11.162.94 2048 Bytes 17.07.2014 05:05:06
XBV00123.VDF : 8.11.162.110 35840 Bytes 17.07.2014 05:05:06
XBV00124.VDF : 8.11.162.112 2048 Bytes 18.07.2014 05:05:06
XBV00125.VDF : 8.11.162.130 23040 Bytes 18.07.2014 16:01:23
XBV00126.VDF : 8.11.162.134 184320 Bytes 18.07.2014 16:01:23
XBV00127.VDF : 8.11.162.136 2048 Bytes 18.07.2014 16:01:23
XBV00128.VDF : 8.11.162.152 231424 Bytes 18.07.2014 16:01:23
XBV00129.VDF : 8.11.162.154 2048 Bytes 18.07.2014 16:01:23
XBV00130.VDF : 8.11.162.170 108032 Bytes 18.07.2014 16:01:23
XBV00131.VDF : 8.11.162.172 9728 Bytes 18.07.2014 16:01:24
XBV00132.VDF : 8.11.162.174 2048 Bytes 18.07.2014 16:01:24
XBV00133.VDF : 8.11.162.188 20992 Bytes 18.07.2014 16:01:24
XBV00134.VDF : 8.11.162.192 2048 Bytes 18.07.2014 16:01:24
XBV00135.VDF : 8.11.162.194 2048 Bytes 18.07.2014 16:01:24
XBV00136.VDF : 8.11.162.200 19968 Bytes 18.07.2014 16:01:24
XBV00137.VDF : 8.11.162.204 2048 Bytes 18.07.2014 16:01:24
XBV00138.VDF : 8.11.162.212 2048 Bytes 18.07.2014 16:01:24
XBV00139.VDF : 8.11.162.228 227840 Bytes 19.07.2014 16:01:24
XBV00140.VDF : 8.11.162.244 2048 Bytes 19.07.2014 16:01:24
XBV00141.VDF : 8.11.163.2 31232 Bytes 19.07.2014 16:01:24
XBV00142.VDF : 8.11.163.16 62464 Bytes 20.07.2014 15:43:18
XBV00143.VDF : 8.11.163.20 202752 Bytes 20.07.2014 15:43:18
XBV00144.VDF : 8.11.163.22 2048 Bytes 20.07.2014 15:43:18
XBV00145.VDF : 8.11.163.26 50176 Bytes 21.07.2014 15:57:28
XBV00146.VDF : 8.11.163.28 23040 Bytes 21.07.2014 15:57:28
XBV00147.VDF : 8.11.163.42 6144 Bytes 21.07.2014 15:57:28
XBV00148.VDF : 8.11.163.44 2560 Bytes 21.07.2014 15:57:28
XBV00149.VDF : 8.11.163.56 5120 Bytes 21.07.2014 15:57:28
XBV00150.VDF : 8.11.163.68 8192 Bytes 21.07.2014 15:57:29
XBV00151.VDF : 8.11.163.74 213504 Bytes 21.07.2014 15:57:29
XBV00152.VDF : 8.11.163.78 22528 Bytes 22.07.2014 03:56:58
XBV00153.VDF : 8.11.163.82 2560 Bytes 22.07.2014 16:19:26
XBV00154.VDF : 8.11.163.84 181248 Bytes 22.07.2014 16:19:26
XBV00155.VDF : 8.11.163.86 9728 Bytes 22.07.2014 16:19:26
XBV00156.VDF : 8.11.163.92 2560 Bytes 22.07.2014 16:19:26
XBV00157.VDF : 8.11.163.98 230400 Bytes 22.07.2014 22:18:39
XBV00158.VDF : 8.11.163.100 2048 Bytes 22.07.2014 22:18:39
XBV00159.VDF : 8.11.163.102 2048 Bytes 22.07.2014 22:18:39
XBV00160.VDF : 8.11.163.108 22528 Bytes 22.07.2014 22:18:39
XBV00161.VDF : 8.11.163.112 17920 Bytes 22.07.2014 04:18:27
XBV00162.VDF : 8.11.163.116 2048 Bytes 23.07.2014 04:18:27
XBV00163.VDF : 8.11.163.130 194048 Bytes 23.07.2014 20:49:36
XBV00164.VDF : 8.11.163.142 20992 Bytes 23.07.2014 20:49:36
XBV00165.VDF : 8.11.163.154 11776 Bytes 23.07.2014 20:49:36
XBV00166.VDF : 8.11.163.158 17920 Bytes 23.07.2014 20:49:36
XBV00167.VDF : 8.11.163.164 2048 Bytes 23.07.2014 20:49:36
XBV00168.VDF : 8.11.163.170 14848 Bytes 23.07.2014 20:49:36
XBV00169.VDF : 8.11.163.174 193024 Bytes 23.07.2014 20:49:36
XBV00170.VDF : 8.11.163.176 3072 Bytes 23.07.2014 20:49:36
XBV00171.VDF : 8.11.163.178 3072 Bytes 23.07.2014 20:49:36
XBV00172.VDF : 8.11.163.184 199168 Bytes 24.07.2014 20:49:36
XBV00173.VDF : 8.11.163.186 421376 Bytes 24.07.2014 20:49:37
XBV00174.VDF : 8.11.163.198 2048 Bytes 24.07.2014 20:49:37
XBV00175.VDF : 8.11.163.200 2048 Bytes 24.07.2014 20:49:37
XBV00176.VDF : 8.11.163.212 212992 Bytes 24.07.2014 20:49:37
XBV00177.VDF : 8.11.163.222 34816 Bytes 24.07.2014 20:49:37
XBV00178.VDF : 8.11.163.226 2048 Bytes 24.07.2014 20:49:37
XBV00179.VDF : 8.11.163.230 21504 Bytes 24.07.2014 20:49:37
XBV00180.VDF : 8.11.163.234 18944 Bytes 25.07.2014 20:49:37
XBV00181.VDF : 8.11.163.236 6656 Bytes 25.07.2014 20:49:37
XBV00182.VDF : 8.11.163.238 2048 Bytes 25.07.2014 20:49:37
XBV00183.VDF : 8.11.163.240 198144 Bytes 25.07.2014 20:49:38
XBV00184.VDF : 8.11.163.244 38400 Bytes 25.07.2014 20:49:38
XBV00185.VDF : 8.11.163.246 2048 Bytes 25.07.2014 20:49:38
XBV00186.VDF : 8.11.163.248 6144 Bytes 25.07.2014 20:49:38
XBV00187.VDF : 8.11.163.252 11776 Bytes 25.07.2014 20:49:38
XBV00188.VDF : 8.11.163.254 2048 Bytes 25.07.2014 20:49:38
XBV00189.VDF : 8.11.164.2 2048 Bytes 26.07.2014 20:49:38
XBV00190.VDF : 8.11.164.6 5120 Bytes 26.07.2014 20:49:38
XBV00191.VDF : 8.11.164.8 2048 Bytes 26.07.2014 20:49:38
XBV00192.VDF : 8.11.164.20 32768 Bytes 26.07.2014 20:49:38
XBV00193.VDF : 8.11.164.30 2048 Bytes 26.07.2014 20:49:38
XBV00194.VDF : 8.11.164.42 37376 Bytes 27.07.2014 20:49:38
XBV00195.VDF : 8.11.164.52 5632 Bytes 27.07.2014 20:49:38
XBV00196.VDF : 8.11.164.54 40960 Bytes 28.07.2014 20:00:07
XBV00197.VDF : 8.11.164.56 2048 Bytes 28.07.2014 20:00:07
XBV00198.VDF : 8.11.164.58 4096 Bytes 28.07.2014 20:00:07
XBV00199.VDF : 8.11.164.60 4608 Bytes 28.07.2014 20:00:07
XBV00200.VDF : 8.11.164.62 17920 Bytes 28.07.2014 20:00:07
XBV00201.VDF : 8.11.164.66 2048 Bytes 28.07.2014 20:00:07
XBV00202.VDF : 8.11.164.74 206848 Bytes 28.07.2014 20:00:07
XBV00203.VDF : 8.11.164.76 191488 Bytes 28.07.2014 20:00:08
XBV00204.VDF : 8.11.164.78 2048 Bytes 28.07.2014 20:00:08
XBV00205.VDF : 8.11.164.82 7168 Bytes 28.07.2014 15:30:49
XBV00206.VDF : 8.11.164.86 9216 Bytes 29.07.2014 15:30:49
XBV00207.VDF : 8.11.164.88 218112 Bytes 29.07.2014 15:30:49
XBV00208.VDF : 8.11.164.98 7168 Bytes 29.07.2014 15:30:49
XBV00209.VDF : 8.11.164.106 2048 Bytes 29.07.2014 15:30:49
XBV00210.VDF : 8.11.164.116 90112 Bytes 29.07.2014 21:31:06
XBV00211.VDF : 8.11.164.128 197120 Bytes 29.07.2014 21:31:06
XBV00212.VDF : 8.11.164.138 5632 Bytes 29.07.2014 16:34:32
XBV00213.VDF : 8.11.164.142 9728 Bytes 30.07.2014 16:34:32
XBV00214.VDF : 8.11.164.144 199680 Bytes 30.07.2014 16:34:33
XBV00215.VDF : 8.11.164.146 206848 Bytes 30.07.2014 16:34:33
XBV00216.VDF : 8.11.164.148 4096 Bytes 30.07.2014 16:34:33
XBV00217.VDF : 8.11.164.150 39936 Bytes 30.07.2014 16:34:33
XBV00218.VDF : 8.11.164.156 220160 Bytes 30.07.2014 15:33:04
XBV00219.VDF : 8.11.164.164 16896 Bytes 31.07.2014 15:33:04
XBV00220.VDF : 8.11.164.172 6144 Bytes 31.07.2014 15:33:04
XBV00221.VDF : 8.11.164.188 218624 Bytes 31.07.2014 15:33:04
XBV00222.VDF : 8.11.164.196 2048 Bytes 31.07.2014 15:33:04
XBV00223.VDF : 8.11.164.206 27136 Bytes 31.07.2014 05:14:48
XBV00224.VDF : 8.11.164.214 11264 Bytes 31.07.2014 05:14:48
LOCAL001.VDF : 8.11.164.214 109327360 Bytes 31.07.2014 05:15:03
Engineversion : 8.3.22.14
AEVDF.DLL : 8.3.0.4 118976 Bytes 24.03.2014 17:26:14
AESCRIPT.DLL : 8.2.0.12 426184 Bytes 21.07.2014 15:57:28
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 15:57:28
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 16:34:17
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 20:39:23
AEPACK.DLL : 8.4.0.46 786632 Bytes 28.07.2014 20:00:07
AEOFFICE.DLL : 8.3.0.16 213192 Bytes 28.07.2014 20:00:06
AEHEUR.DLL : 8.1.4.1188 7332040 Bytes 28.07.2014 20:00:06
AEHELP.DLL : 8.3.1.0 278728 Bytes 28.05.2014 15:28:57
AEGEN.DLL : 8.1.7.28 450752 Bytes 08.06.2014 19:04:25
AEEXP.DLL : 8.4.2.6 237760 Bytes 28.06.2014 09:48:32
AEEMU.DLL : 8.1.3.2 393587 Bytes 27.05.2013 17:46:48
AEDROID.DLL : 8.4.2.24 442568 Bytes 08.06.2014 19:04:33
AECORE.DLL : 8.3.2.2 241864 Bytes 21.07.2014 15:57:26
AEBB.DLL : 8.1.1.4 53619 Bytes 27.05.2013 17:46:47
AVWINLL.DLL : 14.0.5.320 24144 Bytes 03.07.2014 18:08:26
AVPREF.DLL : 14.0.5.320 50256 Bytes 03.07.2014 18:08:32
AVREP.DLL : 14.0.5.320 219216 Bytes 03.07.2014 18:08:33
AVARKT.DLL : 14.0.5.368 226384 Bytes 03.07.2014 18:08:29
AVEVTLOG.DLL : 14.0.5.320 182352 Bytes 03.07.2014 18:08:31
SQLITE3.DLL : 14.0.5.320 452176 Bytes 03.07.2014 18:08:45
AVSMTP.DLL : 14.0.5.320 76368 Bytes 03.07.2014 18:08:35
NETNT.DLL : 14.0.5.320 13392 Bytes 03.07.2014 18:08:43
RCIMAGE.DLL : 14.0.5.320 4998224 Bytes 03.07.2014 18:08:26
RCTEXT.DLL : 14.0.5.322 73808 Bytes 03.07.2014 18:08:26
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Freitag, 1. August 2014 07:40
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:, Q:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsMpEng.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '175' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'upeksvr.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKLOAD.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingDesktopUpdater.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SkypeC2CAutoUpdateSvc.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SkypeC2CPNRSvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAMMUTE.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'MICMUTE.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPKNRSVC.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'lvvsst.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'MDM.EXE' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'HelperService.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ConversionService.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SAsrv.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ToolbarService.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'ULCDRSvr.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '241' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'fmapp.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpKnrres.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALCKRESI.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'msseces.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'NisSrv.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPSCREX.EXE' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTShellHlp.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'TWC.Win7.exe' - '166' Modul(e) wurden durchsucht
Durchsuche Prozess 'virtscrl.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPSCREX.EXE' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLG.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Wi-Fi MediaConnect.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpnumlkd.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'RCIMGDIR.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'datamngrUI.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLLML.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'LxUpdateManager.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'HTSRecover.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'NotiMan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'PrivacyIconClient.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUService.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'Bluetooth Headset Helper.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'VIPAppService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'MCPLaunch.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4479' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows7_OS>
[0] Archivtyp: RSRC
--> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
[1] Archivtyp: RSRC
--> C:\Program Files\ThinkVantage Fingerprint Software\Drivers\WinUSBCoInstaller2.dll
[2] Archivtyp: RSRC
--> C:\Program Files\ThinkVantage Fingerprint Software\Drivers\WUDFUpdate_01009.dll
[3] Archivtyp: RSRC
--> C:\SWTOOLS\apps\DMFSD\Data1.cab
[4] Archivtyp: CAB (Microsoft)
--> _2212FE9FF45D557DCAC02ACD1935707E
[FUND] Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/Themida). Bitte verifizieren Sie den Ursprung dieser Datei.
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\SWTOOLS\apps\DMFSD\Data1.cab
[FUND] Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/Themida). Bitte verifizieren Sie den Ursprung dieser Datei.
--> C:\Users\Oliver\AppData\Local\Temp\jar_cache6309049774876069055.tmp
[4] Archivtyp: ZIP
--> kWccKddAS/bLoYrXxi.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-4681.CN
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> kWccKddAS/dOsVij.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Badorg.AW
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> kWccKddAS/fhslVIQE.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.GE
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> kWccKddAS/QQzVZC.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Kara.O
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> kWccKddAS/SUhMtf.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> kWccKddAS/wXTQZnZ.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.GE
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Oliver\AppData\Local\Temp\jar_cache6309049774876069055.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.GE
--> C:\Users\Oliver\AppData\Local\Temp\jar_cache6589725436491667939.tmp
[4] Archivtyp: ZIP
--> applet.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Oliver\AppData\Local\Temp\jar_cache6589725436491667939.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
Beginne mit der Suche in 'D:\' <Data>
Beginne mit der Suche in 'Q:\' <Lenovo_Recovery>
Beginne mit der Desinfektion:
C:\Users\Oliver\AppData\Local\Temp\jar_cache6589725436491667939.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52730e64.qua' verschoben!
C:\Users\Oliver\AppData\Local\Temp\jar_cache6309049774876069055.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.GE
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ae421c3.qua' verschoben!
C:\SWTOOLS\apps\DMFSD\Data1.cab
[FUND] Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/Themida). Bitte verifizieren Sie den Ursprung dieser Datei.
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '18b97b36.qua' verschoben!
Ende des Suchlaufs: Freitag, 1. August 2014 17:09
Benötigte Zeit: 4:16:01 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
93479 Verzeichnisse wurden überprüft
1734800 Dateien wurden geprüft
11 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1734789 Dateien ohne Befall
41616 Archive wurden durchsucht
8 Warnungen
3 Hinweise
1346070 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
01.08.2014, 16:35
| #2 |
| | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal Der Malwarebytes der folgende:
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.08.2014 Suchlauf-Zeit: 07:50:06 Logdatei: Malwarebytes Anti-Malware_ausführlich.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.01.01 Rootkit Datenbank: v2014.07.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Oliver Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 351836 Verstrichene Zeit: 43 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.Datamngr.A, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe, 5960, , [b1b43d8498e3a195114b888461a359a7] Module: 0 (No malicious items detected) Registrierungsschlüssel: 122 PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [c0a514ad611a9a9c576e4e4b778b966a], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [c0a514ad611a9a9c576e4e4b778b966a], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [c0a514ad611a9a9c576e4e4b778b966a], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [c0a514ad611a9a9c576e4e4b778b966a], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}\INPROCSERVER32, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5B4144E1-B61D-495a-9A50-CD1A95D86D15}, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5B4144E1-B61D-495a-9A50-CD1A95D86D15}, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\BrowserConnection.Loader.1, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\BrowserConnection.Loader, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BrowserConnection.Loader, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BrowserConnection.Loader.1, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard.1, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchQUIEHelper.DNSGuard, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchQUIEHelper.DNSGuard.1, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}, , [085dccf578037bbba71d20797e84c43c], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, , [085dccf578037bbba71d20797e84c43c], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, , [085dccf578037bbba71d20797e84c43c], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc, , [085dccf578037bbba71d20797e84c43c], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc.1, , [085dccf578037bbba71d20797e84c43c], PUP.Optional.ShopToWin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5963DB80-6910-E734-3D61-9E997C263DB5}, , [63021ea3d1aa2016a502ebab14ee8080], PUP.Optional.ShopToWin, HKLM\SOFTWARE\CLASSES\TYPELIB\{65724C86-73A0-2E34-0550-CEC5B1540836}, , [63021ea3d1aa2016a502ebab14ee8080], PUP.Optional.ShopToWin, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FD7C70D-53C4-E251-A45A-19D1F0943B8F}, , [63021ea3d1aa2016a502ebab14ee8080], PUP.Optional.ShopToWin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7FD7C70D-53C4-E251-A45A-19D1F0943B8F}, , [63021ea3d1aa2016a502ebab14ee8080], PUP.Optional.ShopToWin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{65724C86-73A0-2E34-0550-CEC5B1540836}, , [63021ea3d1aa2016a502ebab14ee8080], PUP.Optional.ShopToWin, HKLM\SOFTWARE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1, , [63021ea3d1aa2016a502ebab14ee8080], PUP.Optional.ShopToWin, HKLM\SOFTWARE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook, , [63021ea3d1aa2016a502ebab14ee8080], PUP.Optional.ShopToWin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook, , [63021ea3d1aa2016a502ebab14ee8080], PUP.Optional.ShopToWin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1, , [63021ea3d1aa2016a502ebab14ee8080], PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}, , [aeb720a11863c86e360a85e1db27c739], PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [aeb720a11863c86e360a85e1db27c739], PUP.Optional.SearchQu, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [aeb720a11863c86e360a85e1db27c739], PUP.Optional.SearchQu, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [aeb720a11863c86e360a85e1db27c739], PUP.Optional.SearchQu, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [aeb720a11863c86e360a85e1db27c739], PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [aeb720a11863c86e360a85e1db27c739], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}, , [baab7e43aad12115face42572cd64eb2], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, , [baab7e43aad12115face42572cd64eb2], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, , [baab7e43aad12115face42572cd64eb2], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, , [7de8bc055625ca6c41854c4da9594cb4], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [3f269c25fa8120162d6cafb0d9299e62], PUP.Optional.Babylon.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [bea7e0e1d3a8bd79f17971eee2200000], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, , [5d08774a7efd47ef883f346561a1e020], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, , [b1b4ae133f3c82b41429c71570925aa6], PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, , [80e55869700bff3721aca868f50f0bf5], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [f5702a97c9b2ef474fee528ae71b7b85], PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhkplhfnhceodhffomolpfigojocbpcb, , [0164f0d1accf96a06c6c7fb03fc5f907], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, , [6ef70fb2aecd63d38563ca48d82cfd03], PUP.Optional.DataMngr.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [1a4b9e231f5c61d53edd759a63a1b34d], PUP.Optional.DataMngr.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [590c922f4a3174c244d6d33c679daf51], PUP.Optional.PriceGong.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [372efec37dfeba7cd9b77f7441c16898], PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, , [30359829304bc076a4e424cc26dc01ff], PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Searchqu Toolbar, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\bbylnApp.appCore.1, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\bbylnApp.appCore, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\bbylnApp.appCore, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\bbylnApp.appCore.1, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\Babylon.dskBnd.1, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\Babylon.dskBnd, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Babylon.dskBnd, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Babylon.dskBnd.1, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{98889811-442D-49DD-99D7-DC866BE87DBC}, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{98889811-442D-49DD-99D7-DC866BE87DBC}, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BabylonToolbar, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\bbylntlbr.bbylntlbrHlpr.1, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\bbylntlbr.bbylntlbrHlpr, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\bbylntlbr.bbylntlbrHlpr, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2EECD738-5844-4A99-B4B6-146BF802613B}, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\bbylntlbr.bbylntlbrHlpr.1, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2EECD738-5844-4A99-B4B6-146BF802613B}, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2EECD738-5844-4A99-B4B6-146BF802613B}, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1, , [1a4beed39be0f83e9fe909a3fd0529d7], Registrierungswerte: 4 PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Searchqu Toolbar, , [aeb720a11863c86e360a85e1db27c739] PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{99079a25-328f-4bd4-be04-00955acaa0a7}, , [263fc100dc9ff145053bb0b6cf33e41c], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DATAMNGR, C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE, , [b1b43d8498e3a195114b888461a359a7] PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{98889811-442D-49DD-99D7-DC866BE87DBC}, Babylon Toolbar, , [1a4beed39be0f83e9fe909a3fd0529d7] Registrierungsdaten: 6 PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll C:\Windows\SysWOW64\nvinit.dll, Gut: (), Schlecht: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll),,[35305071592249ed02bc2f6ad82a7a86] PUP.Optional.Datamngr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll C:\Windows\system32\nvinitx.dll, Gut: (), Schlecht: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll),,[35305071592249ed02bc2f6ad82a7a86] PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll C:\Windows\SysWOW64\nvinit.dll, Gut: (), Schlecht: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll),,[6df8774a047731050be8d3d85ca610f0] PUP.Optional.SearchQu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll C:\Windows\system32\nvinitx.dll, Gut: (), Schlecht: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll),,[6df8774a047731050be8d3d85ca610f0] Hijack.StartPage, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.searchqu.com/406, Gut: (www.google.com), Schlecht: (hxxp://www.searchqu.com/406),,[24418f327dfe999d24b7427838cc03fd] Hijack.StartPage, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.searchnu.com/410, Gut: (www.google.com), Schlecht: (hxxp://www.searchnu.com/410),,[02632d94770484b24a928f2b1fe58f71] Ordner: 53 PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh, , [1a4beed39be0f83e9fe909a3fd0529d7], PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425, , [0e57cef3b3c8b6803370812b4eb41ee2], PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\chrome, , [0e57cef3b3c8b6803370812b4eb41ee2], PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components, , [0e57cef3b3c8b6803370812b4eb41ee2], PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults, , [0e57cef3b3c8b6803370812b4eb41ee2], PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\META-INF, , [0e57cef3b3c8b6803370812b4eb41ee2], PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules, , [0e57cef3b3c8b6803370812b4eb41ee2], PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\searchplugin, , [0e57cef3b3c8b6803370812b4eb41ee2], PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong, , [c1a428998deec472931f505fb44eb64a], PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data, , [c1a428998deec472931f505fb44eb64a], PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb, , [68fd2e939be070c66274377956ac1ae6], PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0, , [68fd2e939be070c66274377956ac1ae6], PUP.Optional.Datamngr.A, C:\Users\Oliver\AppData\LocalLow\DataMngr, , [2540358c74074beb801d06acc83ac53b], PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchquband, , [ee772e93accfa6904ddc635ba75beb15], PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchqutoolbar, , [6afb705191ea0c2ae5457a4425ddd62a], Dateien: 644 PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarsrv.exe, , [c0a514ad611a9a9c576e4e4b778b966a], PUP.Optional.Bandoo.A, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Bandoo.A, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll, , [214491307efdcc6a976bdabffb07a759], PUP.Optional.Datamngr.A, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.Datamngr.A, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll, , [35305071592249ed02bc2f6ad82a7a86], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll, , [aeb720a11863c86e360a85e1db27c739], PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarEng.dll, , [baab7e43aad12115face42572cd64eb2], PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsbADD8.exe, , [b0b5f1d0ccaf8caaedd31a1838c9de22], PUP.Optional.Bandoo.A, C:\Users\Oliver\AppData\Local\Temp\SetupDataMngr_Searchqu.exe, , [0362a71a87f447ef96b1beb8c83cc23e], PUP.Optional.Somoto, C:\Users\Oliver\AppData\Local\Temp\UpdateCheckerSetup.exe, , [7ee7cbf66d0e88aea46d8c9bc63a669a], PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsgB2D9.exe, , [2243863b3d3ea393645c1c16af5244bc], PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsl9171.exe, , [86dfd9e8d5a6a29401bf102208f9659b], PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsq8ED1.exe, , [1352665b0e6d80b6c6fab97902ffa55b], PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsqB00A.exe, , [d194715093e8b482dce49f93c1408779], PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nssCA60.exe, , [c0a52c95d1aa61d528984fe3e21fda26], PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsv8C7F.exe, , [590c10b11368d0664a76fb370ff29868], PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\sp-downloader.exe, , [75f00ab7413aba7ce5074bda47ba5ea2], PUP.Optional.Conduit, C:\Users\Oliver\AppData\Local\Conduit\Community Alerts\Alert.dll, , [362fa41d2f4c76c0b5ccd1d09c68ec14], PUP.Optional.Conduit, C:\Users\Oliver\AppData\Local\Conduit\CT2818425\vshare.tv_BarAutoUpdateHelper.exe, , [372ee0e125566fc73e433869f01450b0], PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\BabMaint.exe, , [7bea2e93c3b865d1b98c2ab39f63a25e], PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage, , [69fcf8c95d1ecc6a9aac1cc1de24d12f], PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal, , [e77e07bab3c8d264163014c94fb317e9], PUP.Optional.Searchqu.A, C:\Users\Oliver\AppData\Local\Temp\searchqutoolbar-manifest.xml, , [7ce91fa23f3c51e55b4e040bdd273fc1], PUP.Optional.Searchqu.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, , [5312229f1962c670604b010e38cc56aa], PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\searchplugins\conduit-search.xml, , [79eca9182655d066ac6532fd857f01ff], PUP.Optional.Datamngr.A, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe, , [b1b43d8498e3a195114b888461a359a7], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF3_38.dll, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF4_38.dll, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF5_38.dll, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF6_38.dll, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF7_38.dll, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF8_38.dll, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_IEBHO_63.dll, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_IEBHO_7.dll, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\sysid.ini, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\uninstall.exe, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\manifest.json, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\OurLocalPage.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\new-tab.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css\new-tab.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_amazon.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ebay.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_facebook.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_fantastigames.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ftalk.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_youtube.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png__, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\analytics.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\constant.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config - Copy.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\jquery.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\localStorage.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\new-tab.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\preferences.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png, , [6df8774a047731050be8d3d85ca610f0], PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png, , [6df8774a047731050be8d3d85ca610f0], |
|
01.08.2014, 16:41
| #3 |
| | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal Leider war es zu lang für einen Anhang, deshalb hier die Fortsetzung:
__________________Code:
ATTFilter PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngrUI.exe, , [6df8774a047731050be8d3d85ca610f0],
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarApp.dll, , [1a4beed39be0f83e9fe909a3fd0529d7],
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll, , [1a4beed39be0f83e9fe909a3fd0529d7],
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\escortShld.dll, , [1a4beed39be0f83e9fe909a3fd0529d7],
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\uninstall.exe, , [1a4beed39be0f83e9fe909a3fd0529d7],
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll, , [1a4beed39be0f83e9fe909a3fd0529d7],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\chrome.manifest, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\install.rdf, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\version.txt, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\chrome\vshare.tv_bar.jar, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\ConduitAutoCompleteSearch.js, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\ConduitAutoCompleteSearch.xpt, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCore.xpt, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko19.dll, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko5.dll, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko6.dll, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko7.dll, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko8.dll, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko9.dll, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\alertSettingsComponent.xml, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\appContextMenu.xml, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\fbAlert.js, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\getAppsContextMenu.xml, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\postAppsContextMenu.xml, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\toolbarContextMenu.xml, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\unsharedAppsContextMenu.xml, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\META-INF\manifest.mf, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\META-INF\zigbert.rsa, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\META-INF\zigbert.sf, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Chat.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\DataStructures.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\EBEncryption.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\ExternalLibraryLoader.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\HTTP.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\IO.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Log.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\MainSingleton.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\MD5.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Notifications.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\ObserversAndEvents.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Prefs.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\SearchProtector.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\SearchSuggestIO.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\String.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\TEAEncryption.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Timer.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Twitter.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\URL.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Windows.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\XML.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\searchplugin\conduit.xml, , [0e57cef3b3c8b6803370812b4eb41ee2],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\1.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\3023.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\a.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\b.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\c.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\d.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\e.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\f.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\g.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\h.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\i.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\j.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\k.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\l.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\m.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\n.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\o.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\p.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\q.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\r.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\s.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\t.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\u.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\v.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\w.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\wlu.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\x.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\y.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\z.txt, , [c1a428998deec472931f505fb44eb64a],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabMaint.x, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\babylon48.png, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\bg.html, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\bg.js, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\browser_icon_babylon48.png, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\btns.png, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BUSolution.dll, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\cs.js, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\manifest.json, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\popup.html, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\popup.js, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\redirect.html, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\redirect.js, , [68fd2e939be070c66274377956ac1ae6],
PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchqutoolbar\dtx.ini, , [6afb705191ea0c2ae5457a4425ddd62a],
PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchqutoolbar\geoip.xml, , [6afb705191ea0c2ae5457a4425ddd62a],
PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchqutoolbar\guid.dat, , [6afb705191ea0c2ae5457a4425ddd62a],
PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchqutoolbar\setupCfg.xml, , [6afb705191ea0c2ae5457a4425ddd62a],
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://search.babylon.com/?tt=3112_7&babsrc=HP_ss&mntrId=34279bd10000000000000024d7ded4a5" ],), ,[eb7ae9d8344778bef567ec0032d2b14f]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), ,[f96cebd60d6e1c1a0ba05d8ea55f1ce4]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), ,[2f36348dc2b9cc6aeac1f5f6c73da25e]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), ,[b3b2853cb8c3e74f991213d8f50f19e7]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.excTlbr", false);), ,[65004c75ed8edd59cdde717a03010000]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "34279bd10000000000000024d7ded4a5");), ,[b1b4744def8c8fa7604b4f9c2bd97888]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15552");), ,[164f6061f18ada5cecbf3eadd82c9769]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), ,[e0851da47efdfc3ac1ea9e4d996b40c0]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), ,[2f36ad144a31d264ddce22c91aea05fb]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), ,[e580b60b9edd2d09fdae21caa75d0000]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), ,[5411f2cf92e985b1e3c813d86e962ed2]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");), ,[c79ee6dbfb809e980f9c628963a18e72]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");), ,[75f05c650279c07603a84c9f0202827e]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");), ,[82e3ccf5017a290d9219965507fd8d73]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), ,[6401dce57902f3431f8c9556d133857b]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "tt=3112_7");), ,[a7be3d847ffc4ee83774d3187c88d52b]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTab", true);), ,[8fd6546d0873e353f1bafeed887c9c64]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?tt=3112_7&babsrc=NT_ss&mntrId=34279bd10000000000000024d7ded4a5");), ,[76ef7b46ec8fd660ffacba310ef636ca]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), ,[86df17aa7b00c175beeda546ac5858a8]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), ,[471e6160225913231e8dae3d73911ae6]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.119:23:09");), ,[7ce9873a8fecc076eac1dd0ef60eac54]
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2818425.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=2&q=");), ,[1e47279a314a12243cd5b03c2fd5817f]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "tt=3112_7");), ,[1f467849106bae88f13cdf0c09fbce32]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), ,[4c190bb613680d29cf5e41aaaf557a86]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), ,[2c390bb63f3cc1751a13e10ae4208977]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");), ,[f96c18a988f33cfa48e545a645bfec14]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "34279bd10000000000000024d7ded4a5");), ,[c89dfcc59fdc2a0ce14cc12aa36134cc]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15552");), ,[2b3a368b631861d5a18cf6f5867e08f8]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");), ,[f86d922f582349ed30fd34b77a8ab44c]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");), ,[4c19f1d0e7943501181530bb42c2ef11]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.119:23:09");), ,[91d47948700b30064ae3ea01fc08e719]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), ,[adb82a972c4f5fd7fb325a9126de46ba]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), ,[e67f823f235803335bd26487dc28857b]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), ,[1e47ab16b7c491a541ece605f90b4db3]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), ,[8cd97b46f08bac8ae24bd61509fb6898]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), ,[d194b40d95e6f2448aa31bd0fb097f81]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), ,[471e89381e5d3204909d975431d39a66]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), ,[c5a0c2ff1269c96db07d16d50df78d73]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.excTlbr", false);), ,[25404d7492e9280e85a8eefd9371f709]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), ,[85e02d944338ae88d25b1fccaf5512ee]
Physische Sektoren: 0
(No malicious items detected)
(end)
|
|
03.08.2014, 10:40
| #4 |
| | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal Hallo Entschuldigen Sie bitte die erneute Nachfrage - gibt es zu diesem eine Hilfmöglichkeit? Danke und viele Grüße |
|
03.08.2014, 11:09
| #5 |
| /// TB-Ausbilder   | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
03.08.2014, 11:33
| #6 |
| | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal Servus Matthias Vielen Dank für die Hilfe  .FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Oliver (administrator) on THINKPAD on 03-08-2014 12:31:54
Running from D:\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-15] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-24] (Logitech, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-15] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Google Update] => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-18] (Google Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Oliver\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\MountPoints2: {6655cf18-3981-11e2-a1b6-f0def17851f4} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\MountPoints2: {df1faded-e249-11e0-b268-f0def17851f4} - F:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll => "C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wi-Fi MediaConnect.lnk
ShortcutTarget: Wi-Fi MediaConnect.lnk -> C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: HKLM-x32 - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKCU - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: vshare.tv Toolbar -> {7aeb3efd-e564-43f1-b658-5058a7c5743b} -> C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} - No File
Toolbar: HKCU - No Name - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://www.searchnu.com/410
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Oliver\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv )
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: vshare.tv - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} [2014-07-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-03]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-23]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
Chrome:
=======
CHR HomePage: hxxp://www.searchnu.com/410
CHR StartupUrls: "hxxp://search.babylon.com/?tt=3112_7&babsrc=HP_ss&mntrId=34279bd10000000000000024d7ded4a5"
CHR DefaultSearchKeyword: r
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv )
CHR Plugin: (Google Talk Plugin) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
R2 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-09-19] (DT Soft Ltd)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2011-09-13] (Creative Technology Ltd.)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-03] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-03 12:29 - 2014-08-03 12:31 - 00000000 ____D () C:\FRST
2014-08-01 17:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 17:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 17:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 17:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 17:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 17:18 - 2014-08-02 10:32 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-02 10:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-01 07:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 07:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 07:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 06:38 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 06:38 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 06:38 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 06:37 - 2014-07-17 06:38 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:28 - 2014-07-14 19:29 - 00000000 ____D () C:\Program Files\RStudio
2014-07-08 21:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 21:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 21:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 21:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 21:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 21:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 21:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 21:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 21:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 21:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 21:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 21:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 21:28 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:28 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 21:28 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:14 - 2014-07-06 22:16 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-03 12:32 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 12:32 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 12:31 - 2014-08-03 12:29 - 00000000 ____D () C:\FRST
2014-08-03 12:21 - 2012-06-20 21:11 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 12:17 - 2011-08-03 01:16 - 01805519 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 12:14 - 2011-09-17 16:19 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-03 11:56 - 2011-09-10 06:10 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-03 11:56 - 2011-09-10 06:10 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-03 11:56 - 2011-09-10 06:10 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-03 11:48 - 2011-09-18 21:03 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 11:37 - 2011-09-19 01:47 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-03 11:33 - 2011-09-27 13:23 - 00128040 _____ () C:\Windows\setupact.log
2014-08-03 11:33 - 2011-08-03 01:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 11:33 - 2010-11-21 05:47 - 00610492 _____ () C:\Windows\PFRO.log
2014-08-03 11:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-02 10:55 - 2011-08-03 01:40 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-02 10:40 - 2014-08-01 07:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 10:32 - 2014-08-01 17:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-02 10:31 - 2011-09-10 06:13 - 00001436 _____ () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 18:21 - 2012-06-20 21:11 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-01 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 17:48 - 2011-09-18 21:03 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-31 06:11 - 2011-11-07 01:40 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-29 23:51 - 2011-11-07 01:40 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\FileZilla
2014-07-29 23:42 - 2011-11-07 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-28 22:01 - 2011-08-03 11:03 - 00705086 _____ () C:\Windows\system32\perfh007.dat
2014-07-28 22:01 - 2011-08-03 11:03 - 00151454 _____ () C:\Windows\system32\perfc007.dat
2014-07-28 22:01 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 00:30 - 2013-03-13 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 22:49 - 2013-05-27 19:51 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-22 18:18 - 2011-09-19 01:48 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 18:13 - 2011-09-10 06:10 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-21 19:00 - 2011-09-10 06:10 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-21 17:56 - 2011-09-17 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 06:39 - 2013-11-02 00:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-17 06:37 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 06:38 - 2013-06-22 10:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 21:12 - 2011-09-17 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 07:15 - 2012-04-07 11:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 07:15 - 2011-09-18 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:29 - 2014-07-14 19:28 - 00000000 ____D () C:\Program Files\RStudio
2014-07-14 19:28 - 2011-09-27 04:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-07-14 19:27 - 2011-09-27 04:31 - 00000000 ____D () C:\Program Files\R
2014-07-14 17:12 - 2011-09-10 06:09 - 00000000 ____D () C:\Users\Oliver
2014-07-11 03:02 - 2014-07-17 06:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 06:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 18:42 - 2009-07-14 06:45 - 00440800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 18:40 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 00:20 - 2013-08-16 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 00:19 - 2011-09-17 05:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 00:18 - 2011-09-19 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:16 - 2014-07-06 22:14 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software
Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\aro.exe
C:\Users\Oliver\AppData\Local\Temp\aroSetup.exe
C:\Users\Oliver\AppData\Local\Temp\AskSLib.dll
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe
C:\Users\Oliver\AppData\Local\Temp\bing.exe
C:\Users\Oliver\AppData\Local\Temp\card_setup.exe
C:\Users\Oliver\AppData\Local\Temp\chutil.dll
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsm57s.dll
C:\Users\Oliver\AppData\Local\Temp\ffunzip.exe
C:\Users\Oliver\AppData\Local\Temp\GURC3B4.exe
C:\Users\Oliver\AppData\Local\Temp\GURC450.exe
C:\Users\Oliver\AppData\Local\Temp\installhelper.dll
C:\Users\Oliver\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\Last.fm-2.1.33.exe
C:\Users\Oliver\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Oliver\AppData\Local\Temp\sqlite3.dll
C:\Users\Oliver\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Oliver\AppData\Local\Temp\Stub.EXE
C:\Users\Oliver\AppData\Local\Temp\STWSetup.exe
C:\Users\Oliver\AppData\Local\Temp\TB_84DA.exe
C:\Users\Oliver\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Oliver\AppData\Local\Temp\WmpPluginSetup_2.1.0.6.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 03:02
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Oliver at 2014-08-03 12:32:35
Running from D:\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version: - )
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.22.00 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.01 - Creative Technology Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileZilla Client 3.9.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Gephi 0.8.1 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: - Gephi)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.2 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Lexware Info Service (HKLM-x32\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
LM98Free 2.2a (HKLM-x32\...\LM98Free 2.2a_is1) (Version: - )
Logitech SetPoint 6.30 (HKLM\...\sp6) (Version: 6.30.43 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1269 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 312.69 (Version: 312.69 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.1 - pdfforge)
QuickSteuer 2013 (HKLM-x32\...\{500342C9-CCD5-4335-89AE-C8A65C0A153B}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer 2014 (HKLM-x32\...\{52DD1288-FA17-4062-8280-532C89A7E2F2}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
R for Windows 2.13.1 (HKLM\...\R for Windows 2.13.1_is1) (Version: 2.13.1 - R Development Core Team)
R for Windows 2.13.2 (HKLM\...\R for Windows 2.13.2_is1) (Version: 2.13.2 - R Development Core Team)
R for Windows 2.14.0 (HKLM\...\R for Windows 2.14.0_is1) (Version: 2.14.0 - R Development Core Team)
R for Windows 2.14.1 (HKLM\...\R for Windows 2.14.1_is1) (Version: 2.14.1 - R Development Core Team)
R for Windows 2.14.2 (HKLM\...\R for Windows 2.14.2_is1) (Version: 2.14.2 - R Development Core Team)
R for Windows 2.15.0 (HKLM\...\R for Windows 2.15.0_is1) (Version: 2.15.0 - R Development Core Team)
R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)
R for Windows 2.15.2 (HKLM\...\R for Windows 2.15.2_is1) (Version: 2.15.2 - R Core Team)
R for Windows 2.15.3 (HKLM\...\R for Windows 2.15.3_is1) (Version: 2.15.3 - R Core Team)
R for Windows 3.0.0 (HKLM\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
R for Windows 3.0.3 (HKLM\...\R for Windows 3.0.3_is1) (Version: 3.0.3 - R Core Team)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.953 - RStudio)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 Pro (HKLM-x32\...\{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}) (Version: 1.0 - Creative Technology Limited)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.22 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.01 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
vshare.tv Bar Toolbar (HKLM-x32\...\vshare.tv_Bar Toolbar) (Version: 6.7.0.6 - vshare.tv Bar)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
Wi-Fi MediaConnect (HKLM-x32\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.43 - Philips)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Offizielle Deutsche Sprachdatei Plus v5.62 (HKLM-x32\...\Winamp Offizielle Deutsche Sprachdatei Plus) (Version: v5.62 - Christoph Grether)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel (MEIx64) System (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows-Treiberpaket - Intel USB (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
27-07-2014 20:54:29 Windows-Sicherung
27-07-2014 20:56:39 Windows Update
27-07-2014 22:28:53 Windows Update
01-08-2014 05:22:10 Windows Update
01-08-2014 15:21:26 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {14C8AF3B-40BC-4571-A504-6F69B5D1A6DF} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {3223E829-D269-4F50-84FD-CF149C52267C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {38CFAE7D-227B-49C5-B947-36DCE4EBAA55} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {7E4F6CD6-5B8E-461C-8134-B23427415495} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {B83852E2-CDDD-44AC-B8D0-6628C263D655} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {BDBD4036-6182-4726-88E6-0459A8F705D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BE0049D1-B96C-4A2D-87C2-960891CE42CF} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {C21FEAE2-61AF-406B-ACD0-E3E739990F87} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {D5090263-5AAD-47A0-B65F-5347A628BF88} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-23] (Lenovo Group Limited)
Task: {D5F22A8B-1CBB-43AC-97D6-3BC4F95468D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F9F52E65-52AD-4511-951F-DD4D50A99294} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Loaded Modules (whitelisted) =============
2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-11-28 19:55 - 2013-10-29 02:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-08-03 01:29 - 2011-06-01 06:37 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2010-12-18 15:50 - 2010-12-18 15:50 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-08-03 01:32 - 2011-03-23 20:48 - 00054272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-09-19 02:03 - 2011-05-29 04:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-11-28 19:56 - 2013-11-15 11:52 - 00518432 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2011-08-03 01:25 - 2010-10-26 22:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-08-03 01:29 - 2011-03-06 13:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-24 01:42 - 2011-06-24 01:42 - 01302808 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-03-27 19:33 - 2009-12-29 16:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2012-03-27 19:33 - 2010-07-22 16:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-04-09 16:59 - 2014-04-09 16:59 - 00055120 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2014-04-09 16:59 - 2014-04-09 16:59 - 01162072 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00256352 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00115552 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2012-05-16 21:15 - 2010-06-21 11:14 - 00308736 _____ () C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
2010-12-18 15:50 - 2010-12-18 15:50 - 00171296 _____ () C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-08-03 01:33 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-08-03 01:33 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-03-27 19:33 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-03-27 19:33 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-08-03 11:36 - 2014-08-03 11:36 - 00043008 _____ () c:\users\oliver\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsm57s.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Oliver\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2014 11:34:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (08/02/2014 10:57:05 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (6248) Asapi: (10:57:05:3440)(6248) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium
Error: (08/02/2014 10:34:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (08/02/2014 07:31:36 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:33 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:27 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:21 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:19 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (08/02/2014 10:36:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/02/2014 10:36:35 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (08/01/2014 05:18:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/01/2014 05:18:25 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (08/01/2014 07:12:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/01/2014 07:12:10 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/31/2014 05:31:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/31/2014 05:31:13 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 8079.23 MB
Available physical RAM: 4877.05 MB
Total Pagefile: 16156.65 MB
Available Pagefile: 12679.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:229.56 GB) (Free:49.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:219.4 GB) (Free:41.26 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7FB25333)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
03.08.2014, 12:04
| #7 | |
| /// TB-Ausbilder | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x malZitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop (gemeint ist der Desktop von Laufwerk C:\ , d. h. das Tool soll sich im Pfad C:\users\<dein Benutzername>\Desktop\FRST.exe befinden) starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. |
|
03.08.2014, 12:15
| #8 | |
| | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x malZitat:
Sorry, dass ich den falschen Desktop genommen habe. Mein normaler Desktop (also der "sichtbare" Desktop) ist auf D: geschlüsselt. Ich habe es jetzt auf C:\Users\Oliver\Desktop laufen lassen und da gibt es das folgende Ergebnis. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Oliver (administrator) on THINKPAD on 03-08-2014 13:14:20
Running from C:\Users\Oliver\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-15] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-24] (Logitech, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-15] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Google Update] => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-18] (Google Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Oliver\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\MountPoints2: {6655cf18-3981-11e2-a1b6-f0def17851f4} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\MountPoints2: {df1faded-e249-11e0-b268-f0def17851f4} - F:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll => "C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wi-Fi MediaConnect.lnk
ShortcutTarget: Wi-Fi MediaConnect.lnk -> C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: HKLM-x32 - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKCU - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: vshare.tv Toolbar -> {7aeb3efd-e564-43f1-b658-5058a7c5743b} -> C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} - No File
Toolbar: HKCU - No Name - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://www.searchnu.com/410
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Oliver\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv )
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: vshare.tv - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} [2014-07-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-03]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-23]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
Chrome:
=======
CHR HomePage: hxxp://www.searchnu.com/410
CHR StartupUrls: "hxxp://search.babylon.com/?tt=3112_7&babsrc=HP_ss&mntrId=34279bd10000000000000024d7ded4a5"
CHR DefaultSearchKeyword: r
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv )
CHR Plugin: (Google Talk Plugin) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
R2 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-09-19] (DT Soft Ltd)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2011-09-13] (Creative Technology Ltd.)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-03] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-03 12:29 - 2014-08-03 13:14 - 00000000 ____D () C:\FRST
2014-08-01 17:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 17:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 17:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 17:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 17:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 17:18 - 2014-08-02 10:32 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-02 10:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-01 07:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 07:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 07:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 06:38 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 06:38 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 06:38 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 06:37 - 2014-07-17 06:38 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:28 - 2014-07-14 19:29 - 00000000 ____D () C:\Program Files\RStudio
2014-07-08 21:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 21:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 21:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 21:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 21:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 21:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 21:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 21:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 21:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 21:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 21:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 21:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 21:28 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:28 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 21:28 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:14 - 2014-07-06 22:16 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-03 13:14 - 2014-08-03 12:29 - 00000000 ____D () C:\FRST
2014-08-03 13:09 - 2011-09-17 16:19 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-03 12:48 - 2011-09-18 21:03 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 12:32 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 12:32 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 12:21 - 2012-06-20 21:11 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 12:17 - 2011-08-03 01:16 - 01805519 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 11:56 - 2011-09-10 06:10 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-03 11:56 - 2011-09-10 06:10 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-03 11:56 - 2011-09-10 06:10 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-03 11:37 - 2011-09-19 01:47 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-03 11:33 - 2011-09-27 13:23 - 00128040 _____ () C:\Windows\setupact.log
2014-08-03 11:33 - 2011-08-03 01:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 11:33 - 2010-11-21 05:47 - 00610492 _____ () C:\Windows\PFRO.log
2014-08-03 11:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-02 10:55 - 2011-08-03 01:40 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-02 10:40 - 2014-08-01 07:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 10:32 - 2014-08-01 17:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-02 10:31 - 2011-09-10 06:13 - 00001436 _____ () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 18:21 - 2012-06-20 21:11 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-01 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 17:48 - 2011-09-18 21:03 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-31 06:11 - 2011-11-07 01:40 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-29 23:51 - 2011-11-07 01:40 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\FileZilla
2014-07-29 23:42 - 2011-11-07 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-28 22:01 - 2011-08-03 11:03 - 00705086 _____ () C:\Windows\system32\perfh007.dat
2014-07-28 22:01 - 2011-08-03 11:03 - 00151454 _____ () C:\Windows\system32\perfc007.dat
2014-07-28 22:01 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 00:30 - 2013-03-13 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 22:49 - 2013-05-27 19:51 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-22 18:18 - 2011-09-19 01:48 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 18:13 - 2011-09-10 06:10 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-21 19:00 - 2011-09-10 06:10 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-21 17:56 - 2011-09-17 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 06:39 - 2013-11-02 00:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-17 06:37 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 06:38 - 2013-06-22 10:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 21:12 - 2011-09-17 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 07:15 - 2012-04-07 11:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 07:15 - 2011-09-18 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:29 - 2014-07-14 19:28 - 00000000 ____D () C:\Program Files\RStudio
2014-07-14 19:28 - 2011-09-27 04:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-07-14 19:27 - 2011-09-27 04:31 - 00000000 ____D () C:\Program Files\R
2014-07-14 17:12 - 2011-09-10 06:09 - 00000000 ____D () C:\Users\Oliver
2014-07-11 03:02 - 2014-07-17 06:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 06:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 18:42 - 2009-07-14 06:45 - 00440800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 18:40 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 00:20 - 2013-08-16 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 00:19 - 2011-09-17 05:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 00:18 - 2011-09-19 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:16 - 2014-07-06 22:14 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software
Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\aro.exe
C:\Users\Oliver\AppData\Local\Temp\aroSetup.exe
C:\Users\Oliver\AppData\Local\Temp\AskSLib.dll
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe
C:\Users\Oliver\AppData\Local\Temp\bing.exe
C:\Users\Oliver\AppData\Local\Temp\card_setup.exe
C:\Users\Oliver\AppData\Local\Temp\chutil.dll
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsm57s.dll
C:\Users\Oliver\AppData\Local\Temp\ffunzip.exe
C:\Users\Oliver\AppData\Local\Temp\GURC3B4.exe
C:\Users\Oliver\AppData\Local\Temp\GURC450.exe
C:\Users\Oliver\AppData\Local\Temp\installhelper.dll
C:\Users\Oliver\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\Last.fm-2.1.33.exe
C:\Users\Oliver\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Oliver\AppData\Local\Temp\sqlite3.dll
C:\Users\Oliver\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Oliver\AppData\Local\Temp\Stub.EXE
C:\Users\Oliver\AppData\Local\Temp\STWSetup.exe
C:\Users\Oliver\AppData\Local\Temp\TB_84DA.exe
C:\Users\Oliver\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Oliver\AppData\Local\Temp\WmpPluginSetup_2.1.0.6.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 03:02
==================== End Of Log ============================
--- --- --- --- --- --- Addition Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Oliver at 2014-08-03 13:19:13
Running from C:\Users\Oliver\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version: - )
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.22.00 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.01 - Creative Technology Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileZilla Client 3.9.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Gephi 0.8.1 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: - Gephi)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.2 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Lexware Info Service (HKLM-x32\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
LM98Free 2.2a (HKLM-x32\...\LM98Free 2.2a_is1) (Version: - )
Logitech SetPoint 6.30 (HKLM\...\sp6) (Version: 6.30.43 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1269 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 312.69 (Version: 312.69 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.1 - pdfforge)
QuickSteuer 2013 (HKLM-x32\...\{500342C9-CCD5-4335-89AE-C8A65C0A153B}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer 2014 (HKLM-x32\...\{52DD1288-FA17-4062-8280-532C89A7E2F2}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
R for Windows 2.13.1 (HKLM\...\R for Windows 2.13.1_is1) (Version: 2.13.1 - R Development Core Team)
R for Windows 2.13.2 (HKLM\...\R for Windows 2.13.2_is1) (Version: 2.13.2 - R Development Core Team)
R for Windows 2.14.0 (HKLM\...\R for Windows 2.14.0_is1) (Version: 2.14.0 - R Development Core Team)
R for Windows 2.14.1 (HKLM\...\R for Windows 2.14.1_is1) (Version: 2.14.1 - R Development Core Team)
R for Windows 2.14.2 (HKLM\...\R for Windows 2.14.2_is1) (Version: 2.14.2 - R Development Core Team)
R for Windows 2.15.0 (HKLM\...\R for Windows 2.15.0_is1) (Version: 2.15.0 - R Development Core Team)
R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)
R for Windows 2.15.2 (HKLM\...\R for Windows 2.15.2_is1) (Version: 2.15.2 - R Core Team)
R for Windows 2.15.3 (HKLM\...\R for Windows 2.15.3_is1) (Version: 2.15.3 - R Core Team)
R for Windows 3.0.0 (HKLM\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
R for Windows 3.0.3 (HKLM\...\R for Windows 3.0.3_is1) (Version: 3.0.3 - R Core Team)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.953 - RStudio)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 Pro (HKLM-x32\...\{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}) (Version: 1.0 - Creative Technology Limited)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.22 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.01 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
vshare.tv Bar Toolbar (HKLM-x32\...\vshare.tv_Bar Toolbar) (Version: 6.7.0.6 - vshare.tv Bar)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
Wi-Fi MediaConnect (HKLM-x32\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.43 - Philips)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Offizielle Deutsche Sprachdatei Plus v5.62 (HKLM-x32\...\Winamp Offizielle Deutsche Sprachdatei Plus) (Version: v5.62 - Christoph Grether)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel (MEIx64) System (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows-Treiberpaket - Intel USB (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
27-07-2014 20:54:29 Windows-Sicherung
27-07-2014 20:56:39 Windows Update
27-07-2014 22:28:53 Windows Update
01-08-2014 05:22:10 Windows Update
01-08-2014 15:21:26 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {14C8AF3B-40BC-4571-A504-6F69B5D1A6DF} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {3223E829-D269-4F50-84FD-CF149C52267C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {38CFAE7D-227B-49C5-B947-36DCE4EBAA55} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {7E4F6CD6-5B8E-461C-8134-B23427415495} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {B83852E2-CDDD-44AC-B8D0-6628C263D655} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {BDBD4036-6182-4726-88E6-0459A8F705D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BE0049D1-B96C-4A2D-87C2-960891CE42CF} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {C21FEAE2-61AF-406B-ACD0-E3E739990F87} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {D5090263-5AAD-47A0-B65F-5347A628BF88} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-23] (Lenovo Group Limited)
Task: {D5F22A8B-1CBB-43AC-97D6-3BC4F95468D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F9F52E65-52AD-4511-951F-DD4D50A99294} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Loaded Modules (whitelisted) =============
2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-11-28 19:55 - 2013-10-29 02:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-08-03 01:29 - 2011-06-01 06:37 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2010-12-18 15:50 - 2010-12-18 15:50 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-08-03 01:32 - 2011-03-23 20:48 - 00054272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-11-28 19:56 - 2013-11-15 11:52 - 00518432 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2011-09-19 02:03 - 2011-05-29 04:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-03 01:25 - 2010-10-26 22:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-08-03 01:29 - 2011-03-06 13:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-24 01:42 - 2011-06-24 01:42 - 01302808 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-03-27 19:33 - 2009-12-29 16:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2012-03-27 19:33 - 2010-07-22 16:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-04-09 16:59 - 2014-04-09 16:59 - 00055120 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2014-04-09 16:59 - 2014-04-09 16:59 - 01162072 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00256352 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00115552 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2012-05-16 21:15 - 2010-06-21 11:14 - 00308736 _____ () C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
2010-12-18 15:50 - 2010-12-18 15:50 - 00171296 _____ () C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-08-03 01:33 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-08-03 01:33 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-03-27 19:33 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-03-27 19:33 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-08-03 11:36 - 2014-08-03 11:36 - 00043008 _____ () c:\users\oliver\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsm57s.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Oliver\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2014 11:34:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (08/02/2014 10:57:05 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (6248) Asapi: (10:57:05:3440)(6248) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium
Error: (08/02/2014 10:34:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (08/02/2014 07:31:36 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:33 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:27 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:21 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/02/2014 07:31:19 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (08/02/2014 10:36:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/02/2014 10:36:35 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (08/01/2014 05:18:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/01/2014 05:18:25 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (08/01/2014 07:12:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/01/2014 07:12:10 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/31/2014 05:31:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/31/2014 05:31:13 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 8079.23 MB
Available physical RAM: 4600.32 MB
Total Pagefile: 16156.65 MB
Available Pagefile: 12377.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:229.56 GB) (Free:49.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:219.4 GB) (Free:41.26 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7FB25333)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
03.08.2014, 12:20
| #9 |
| /// TB-Ausbilder | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal Servus, ok, danke für die Info. Bitte auch alle zukünftigen Tools unter "C:\Users\Oliver\Desktop" abspeichern, verwenden und belassen. Scan mit Combofix
|
|
03.08.2014, 12:51
| #10 |
| | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal combofix.txt: Code:
ATTFilter ComboFix 14-08-02.02 - Oliver 03.08.2014 13:32:48.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8079.5338 [GMT 2:00]
ausgeführt von:: c:\users\Oliver\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\Roaming
C:\root
c:\root\wpfdot.exe
c:\windows\SysWow64\tmp98C6.tmp
c:\windows\SysWow64\tmp98E6.tmp
Q:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-03 bis 2014-08-03 ))))))))))))))))))))))))))))))
.
.
2014-08-03 11:40 . 2014-08-03 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-03 11:40 . 2014-08-03 11:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-08-03 10:29 . 2014-08-03 11:19 -------- d-----w- C:\FRST
2014-08-03 10:16 . 2014-05-02 06:08 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA8F42B8-3CC2-4847-8D1B-67BD7AE80201}\gapaengine.dll
2014-08-03 09:48 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D853E14E-4382-4CCC-9CD1-A3C9824DABF9}\mpengine.dll
2014-08-01 22:26 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-01 15:22 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 15:22 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 15:22 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 15:22 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 15:22 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-01 15:22 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 15:22 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-01 15:22 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-01 15:22 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 15:22 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-01 15:21 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 15:21 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-01 15:21 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-01 15:21 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-01 15:18 . 2014-08-01 15:18 -------- d-----w- c:\users\Oliver\AppData\Roaming\Opera Software
2014-08-01 15:18 . 2014-08-01 15:18 -------- d-----w- c:\users\Oliver\AppData\Local\Opera Software
2014-08-01 15:18 . 2014-08-02 08:32 -------- d-----w- c:\program files (x86)\Opera
2014-08-01 05:49 . 2014-08-03 11:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-01 05:49 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-01 05:49 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-01 05:49 . 2014-08-01 05:49 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-08-01 05:49 . 2014-08-01 05:49 -------- d-----w- c:\programdata\Malwarebytes
2014-08-01 05:49 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-29 15:37 . 2014-05-02 06:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F80657C8-95C5-438A-B883-939ADF914851}\gapaengine.dll
2014-07-17 04:38 . 2014-07-17 04:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-17 04:38 . 2014-07-11 01:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-16 19:12 . 2014-07-16 19:12 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-07-14 17:28 . 2014-07-14 17:29 -------- d-----w- c:\program files\RStudio
2014-07-08 19:28 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-08 19:28 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-08 19:28 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-06 20:14 . 2014-07-06 20:16 -------- d-----w- c:\program files (x86)\Rossmann Fotowelt Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-27 20:49 . 2013-05-27 17:51 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-15 05:15 . 2012-04-07 09:05 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-15 05:15 . 2011-09-18 19:03 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 22:19 . 2011-09-17 03:18 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-03 18:08 . 2013-05-27 17:47 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-27 16:12 . 2014-06-27 16:12 89888 ----a-w- c:\windows\system32\NicInstC.dll
2014-06-27 16:12 . 2014-06-27 16:12 73480 ----a-w- c:\windows\system32\e1cmsg.dll
2014-06-27 16:12 . 2014-06-27 16:12 495376 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2014-06-08 19:04 . 2013-05-27 17:47 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-09 06:14 . 2014-05-15 16:08 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-15 16:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-11 18:10 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 18:10 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll" [2014-03-26 424224]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2014-03-26 14:19 424224 ----a-w- c:\users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll" [2014-03-26 424224]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-02 21648480]
"BackgroundContainerV2"="c:\users\Oliver\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2014-03-26 325920]
"TWC.Win7"="c:\program files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe" [2014-04-09 55120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-03-23 1544040]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe" [2010-02-18 241789]
"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-20 2249352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"LexwareInfoService"="c:\program files (x86)\Lexware\Update Manager\LxUpdateManager.exe" [2013-10-08 208424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
Google Chrome.lnk - c:\users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe [2012-1-17 860488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-8-3 50688]
Wi-Fi MediaConnect.lnk - c:\program files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe [2012-5-16 2345984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys;c:\windows\SYSNATIVE\drivers\ksaud.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TBSrv;Toolbar Service;c:\program files (x86)\Tbccint\ToolbarService\ToolbarService.exe;c:\program files (x86)\Tbccint\ToolbarService\ToolbarService.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys;c:\windows\SYSNATIVE\Drivers\LenovoRd.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\DRIVERS\wfmcvad.sys;c:\windows\SYSNATIVE\DRIVERS\wfmcvad.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
- c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 16:16]
.
2014-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
- c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 16:16]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
- c:\users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 19:03]
.
2014-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
- c:\users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 19:03]
.
2014-07-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2014-08-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-04-04 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-02-28 281448]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"Creative SB Monitoring Utility"="sbavmon.dll" [2010-07-29 115712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-11-15 2747680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/410
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{284171A7-2F20-7504-35E0-E1B6810714B8} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-03 13:44:47
ComboFix-quarantined-files.txt 2014-08-03 11:44
.
Vor Suchlauf: 15 Verzeichnis(se), 52.585.345.024 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 56.084.234.240 Bytes frei
.
- - End Of File - - 3336840FA860417F1FC821101ADD05B9
  |
|
03.08.2014, 15:10
| #11 | |
| /// TB-Ausbilder | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal Mehrere Anti-Virus-Programme Code:
ATTFilter Microsoft Security Essentials
Avira
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
03.08.2014, 17:20
| #12 |
| | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal AdwCleaner: Code:
ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 03/08/2014 um 16:55:43
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Oliver - THINKPAD
# Gestartet von : C:\Users\Oliver\Desktop\adwcleaner_3.302.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : TBSrv
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Tbccint
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\Program Files (x86)\Windows iLivid Toolbar
Ordner Gelöscht : C:\Program Files (x86)\vshare.tv_Bar
Ordner Gelöscht : C:\Users\Oliver\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Oliver\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Oliver\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Oliver\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\ConduitCommon
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\CT2818425
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
Datei Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js
Datei Gelöscht : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
Datei Gelöscht : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.FCTB000100573Pos
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.FCTB000100573Pos.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.JSOptionsImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.JSOptionsImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2818425
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{91E526FE-D9CF-443C-91A4-4A42F6178477}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91E526FE-D9CF-443C-91A4-4A42F6178477}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{91E526FE-D9CF-443C-91A4-4A42F6178477}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C6F7F10-222E-499C-AF70-859AFF3DEC23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6945BA57-160D-48E1-A676-B74F70CC2C12}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7AEB3EFD-E564-43F1-B658-5058A7C5743B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AEB3EFD-E564-43F1-B658-5058A7C5743B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7AEB3EFD-E564-43F1-B658-5058A7C5743B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEB3EFD-E564-43F1-B658-5058A7C5743B}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\Tbccint_HKLM
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\vshare.tv_Bar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\vshare.tv_Bar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vshare.tv_Bar Toolbar
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js ]
Zeile gelöscht : user_pref("CT2818425..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2818425..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2818425..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2818425.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2818425.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2818425.BrowserCompStateIsOpen_129712757411525741", true);
Zeile gelöscht : user_pref("CT2818425.BrowserCompStateIsOpen_129735245815838327", true);
Zeile gelöscht : user_pref("CT2818425.CTID", "CT2818425");
Zeile gelöscht : user_pref("CT2818425.CurrentServerDate", "16-6-2012");
Zeile gelöscht : user_pref("CT2818425.DSInstall", false);
Zeile gelöscht : user_pref("CT2818425.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2818425.DialogsGetterLastCheckTime", "Fri Jun 15 2012 23:44:23 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2818425.EMailNotifierPollDate", "Thu Jan 19 2012 13:58:23 GMT+0100");
Zeile gelöscht : user_pref("CT2818425.FirstServerDate", "20-11-2011");
Zeile gelöscht : user_pref("CT2818425.FirstTime", true);
Zeile gelöscht : user_pref("CT2818425.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2818425.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2818425.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2818425.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2818425.HPInstall", false);
Zeile gelöscht : user_pref("CT2818425.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2818425.HomePageProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2818425.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("CT2818425.Initialize", true);
Zeile gelöscht : user_pref("CT2818425.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2818425.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2818425.InstallationId", "ConduitStubGeneric");
Zeile gelöscht : user_pref("CT2818425.InstallationType", "ConduitStubIntegration");
Zeile gelöscht : user_pref("CT2818425.InstalledDate", "Sun Nov 20 2011 09:31:36 GMT-0500 (Eastern Normalzeit)");
Zeile gelöscht : user_pref("CT2818425.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2818425.IsAlertDBUpdated", true);
Zeile gelöscht : user_pref("CT2818425.IsGrouping", false);
Zeile gelöscht : user_pref("CT2818425.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2818425.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2818425.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2818425.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2818425.LanguagePackLastCheckTime", "Fri Jun 15 2012 23:44:23 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2818425.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2818425.LastLogin_3.12.0.7", "Tue May 15 2012 23:19:01 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.LastLogin_3.12.2.3", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.LastLogin_3.8.1.0", "Thu Jan 19 2012 13:33:23 GMT+0100");
Zeile gelöscht : user_pref("CT2818425.LastLogin_3.9.0.3", "Mon Apr 23 2012 20:54:56 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.LatestVersion", "3.13.0.6");
Zeile gelöscht : user_pref("CT2818425.Locale", "en");
Zeile gelöscht : user_pref("CT2818425.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2818425.MCDetectTooltipShow", false);
Zeile gelöscht : user_pref("CT2818425.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2818425.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2818425.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2818425.OriginalFirstVersion", "3.8.1.0");
Zeile gelöscht : user_pref("CT2818425.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2818425.RadioLastCheckTime", "Thu Jan 19 2012 13:33:23 GMT+0100");
Zeile gelöscht : user_pref("CT2818425.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2818425.RadioLastUpdateServer", "129330101464100000");
Zeile gelöscht : user_pref("CT2818425.RadioMediaID", "21515677");
Zeile gelöscht : user_pref("CT2818425.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2818425.RadioMenuSelectedID", "EBRadioMenu_CT281842521515677");
Zeile gelöscht : user_pref("CT2818425.RadioShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2818425.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Zeile gelöscht : user_pref("CT2818425.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb");
Zeile gelöscht : user_pref("CT2818425.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2818425.SearchBoxWidth", 313);
Zeile gelöscht : user_pref("CT2818425.SearchCaption", "vshare.tv Bar Customized Web Search");
Zeile gelöscht : user_pref("CT2818425.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("CT2818425.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2818425.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2818425.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2818425.SearchInNewTabLastCheckTime", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2818425.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2818425.SearchProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2818425.SearchProtectorToolbarDisabled", false);
Zeile gelöscht : user_pref("CT2818425.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2818425.ServiceMapLastCheckTime", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.SettingsLastCheckTime", "Fri Jun 15 2012 23:44:20 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.SettingsLastUpdate", "1339665756");
Zeile gelöscht : user_pref("CT2818425.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13");
Zeile gelöscht : user_pref("CT2818425.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2818425.ThirdPartyComponentsLastCheck", "Fri Jun 15 2012 23:44:21 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.ThirdPartyComponentsLastUpdate", "1331805997");
Zeile gelöscht : user_pref("CT2818425.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2818425.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2818425");
Zeile gelöscht : user_pref("CT2818425.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2818425.UserID", "UN15485524642309745");
Zeile gelöscht : user_pref("CT2818425.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2818425.alertChannelId", "1210492");
Zeile gelöscht : user_pref("CT2818425.approveUntrustedApps", false);
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e.:2z527", "2423");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e06cg5el8:", "6E6D6F6C6A6D6F727771");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737572707375787D77242F4B49474F42357D5D5C3D");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444D327A34434C3F49552E594E513E3540236055505853565049324B787B4E455033707361553E57484B5A515C6E6D717D6D217[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A3951485367756363677575676B65527D7275624B645453515[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927252[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b-0?3g>d", "3C6E6B6E716C75737A77767A452077794D2025514E52512A2324255858582B2C5D5B2C31");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b-0?3g@6:5;", "");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b5ba==9cjag", "3B6A3C41424073747A744472457779787A7D507A22");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6C6A6D6F727774727972");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b90e@8ff=eg", "393F352F3E");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b9643g3/9e", "6A");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b<:222h64<", "393F352F3E");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b=+03eh8h8j?:", "4443");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b?b0d:8aj62<h", "6D");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Zeile gelöscht : user_pref("CT2818425.backendstorage.key_user_agree_ia12", "31");
Zeile gelöscht : user_pref("CT2818425.backendstorage.shoppingapp.gk.exipres", "547565204A616E20323420323031322031333A33333A323420474D542B30313030");
Zeile gelöscht : user_pref("CT2818425.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Zeile gelöscht : user_pref("CT2818425.backendstorage.user_uniqueid", "34353262393534642D346563632D336532382D303938342D363436333531613233313034");
Zeile gelöscht : user_pref("CT2818425.components.1000034", false);
Zeile gelöscht : user_pref("CT2818425.components.1000082", false);
Zeile gelöscht : user_pref("CT2818425.components.129320407169518972", false);
Zeile gelöscht : user_pref("CT2818425.components.129320408417175918", false);
Zeile gelöscht : user_pref("CT2818425.components.129320419773581338", false);
Zeile gelöscht : user_pref("CT2818425.components.129320423773893997", false);
Zeile gelöscht : user_pref("CT2818425.components.129331598259106948", false);
Zeile gelöscht : user_pref("CT2818425.components.129712757411525741", false);
Zeile gelöscht : user_pref("CT2818425.components.2919851529096195263", false);
Zeile gelöscht : user_pref("CT2818425.components.7071898492715082350", false);
Zeile gelöscht : user_pref("CT2818425.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2818425.globalFirstTimeInfoLastCheckTime", "Fri Jun 15 2012 23:44:23 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2818425.initDone", true);
Zeile gelöscht : user_pref("CT2818425.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2818425.isFirstRadioInstallation", false);
Zeile gelöscht : user_pref("CT2818425.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2818425.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2818425.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2818425.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2818425.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2818425.oldAppsList", "129320401456081839,129320401456081840,111,7071898492715082350,129320423773893997,129320419773581338,129320407169518972,129320408417175918,1000082,129331598259106948[...]
Zeile gelöscht : user_pref("CT2818425.revertSettingsEnabled", false);
Zeile gelöscht : user_pref("CT2818425.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2818425.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2818425.testingCtid", "");
Zeile gelöscht : user_pref("CT2818425.toolbarAppMetaDataLastCheckTime", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.toolbarContextMenuLastCheckTime", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.usagesFlag", 2);
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2818425/CT2818425", "\"7d82c5e1ca651fd85457b57bcdd9cd361\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1210492/1206165/US", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2818425", "\"1329050982\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wNaokyQn90mMItP1sym06A==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "V3ke+ogt4ejn0sB1xPR3nw==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "bM8wQLfFAEKgVLVF/G5zig==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "9zRvKErdMb8hJOq85ft5Vg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2818425", "\"d76323372b05c3748a3d6b1c93a98292\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2818425&octid=CT2818425", "\"1322501052\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21ba1682b5b6825cbfd420592a540476\"");
Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Oliver\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3edanfci.default\\conduitCommon\\modules\\3.12.2.3");
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_8d28e409", "356x332");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/menu_dlg/pg_dlg.html#pg_ext_msg_key_550770e4", "100x89");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2818425");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2818425");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2818425");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jan 19 2012 13:33:22 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "697a1b2a-ae3c-4f8f-8834-f97f2692f43d");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 15 2012 23:44:23 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 15 2012 23:44:31 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "4c1639fb-8fdb-4949-95d0-5c892328eec2");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Zeile gelöscht : user_pref("browser.search.order.1", "Search Results");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Search Results");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/410");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
-\\ Google Chrome v
[ Datei : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=169&systemid=406&sr=0&q={searchTerms}
Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&tt=3112_7&babsrc=SP_ss&mntrId=34279bd10000000000000024d7ded4a5
Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3318522&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8E217E1A-7644-48BE-BA92-FCA227127617&q={searchTerms}&SSPV=
Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
Gelöscht [Startup_urls] : hxxp://search.babylon.com/?tt=3112_7&babsrc=HP_ss&mntrId=34279bd10000000000000024d7ded4a5
Gelöscht [Homepage] : hxxp://www.searchnu.com/410
*************************
AdwCleaner[R0].txt - [36566 octets] - [03/08/2014 16:54:15]
AdwCleaner[S0].txt - [35780 octets] - [03/08/2014 16:55:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35841 octets] ##########
MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 03.08.2014 Suchlauf-Zeit: 17:05:23 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.03.05 Rootkit Datenbank: v2014.08.01.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Oliver Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 347914 Verstrichene Zeit: 8 Min, 49 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.DataMngr.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Löschen bei Neustart, [f93805bdff7c0c2a4a5d23ee9c68af51], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Oliver (administrator) on THINKPAD on 03-08-2014 18:15:42
Running from C:\Users\Oliver\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-15] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-24] (Logitech, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-15] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wi-Fi MediaConnect.lnk
ShortcutTarget: Wi-Fi MediaConnect.lnk -> C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} - No File
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Oliver\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-03]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-23]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: r
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-09-19] (DT Soft Ltd)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2011-09-13] (Creative Technology Ltd.)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-03] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-03 17:04 - 2014-08-03 18:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 17:04 - 2014-08-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-03 17:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 17:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 17:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-03 16:54 - 2014-08-03 16:55 - 00000000 ____D () C:\AdwCleaner
2014-08-03 16:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 13:44 - 2014-08-03 13:44 - 00033677 _____ () C:\ComboFix.txt
2014-08-03 13:30 - 2014-08-03 13:44 - 00000000 ____D () C:\Qoobox
2014-08-03 13:30 - 2014-08-03 13:43 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 13:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-03 13:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-03 13:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-03 12:29 - 2014-08-03 18:15 - 00000000 ____D () C:\FRST
2014-08-01 17:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 17:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 17:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 17:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 17:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 17:18 - 2014-08-02 10:32 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 06:38 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 06:38 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 06:38 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 06:37 - 2014-07-17 06:38 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:28 - 2014-07-14 19:29 - 00000000 ____D () C:\Program Files\RStudio
2014-07-08 21:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 21:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 21:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 21:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 21:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 21:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 21:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 21:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 21:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 21:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 21:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 21:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 21:28 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:28 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 21:28 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:14 - 2014-07-06 22:16 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-03 18:15 - 2014-08-03 12:29 - 00000000 ____D () C:\FRST
2014-08-03 18:12 - 2014-08-03 17:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 17:48 - 2011-09-18 21:03 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 17:48 - 2011-09-18 21:03 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-03 17:47 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 17:47 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 17:43 - 2011-08-03 01:16 - 01815840 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 17:39 - 2011-09-19 01:47 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-03 17:38 - 2011-09-27 13:23 - 00128152 _____ () C:\Windows\setupact.log
2014-08-03 17:38 - 2011-08-03 01:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 17:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 17:04 - 2014-08-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-03 16:57 - 2011-09-10 06:10 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-03 16:56 - 2010-11-21 05:47 - 00611490 _____ () C:\Windows\PFRO.log
2014-08-03 16:55 - 2014-08-03 16:54 - 00000000 ____D () C:\AdwCleaner
2014-08-03 16:50 - 2011-09-17 16:19 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-03 16:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-03 16:00 - 2011-09-10 06:10 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-03 16:00 - 2011-09-10 06:10 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-03 15:21 - 2012-06-20 21:11 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 13:44 - 2014-08-03 13:44 - 00033677 _____ () C:\ComboFix.txt
2014-08-03 13:44 - 2014-08-03 13:30 - 00000000 ____D () C:\Qoobox
2014-08-03 13:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-03 13:43 - 2014-08-03 13:30 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 13:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-02 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-02 10:55 - 2011-08-03 01:40 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-02 10:32 - 2014-08-01 17:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-02 10:31 - 2011-09-10 06:13 - 00001436 _____ () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 18:21 - 2012-06-20 21:11 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 06:11 - 2011-11-07 01:40 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-29 23:51 - 2011-11-07 01:40 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\FileZilla
2014-07-29 23:42 - 2011-11-07 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-28 22:01 - 2011-08-03 11:03 - 00705086 _____ () C:\Windows\system32\perfh007.dat
2014-07-28 22:01 - 2011-08-03 11:03 - 00151454 _____ () C:\Windows\system32\perfc007.dat
2014-07-28 22:01 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 00:30 - 2013-03-13 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 22:49 - 2013-05-27 19:51 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-22 18:18 - 2011-09-19 01:48 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 18:13 - 2011-09-10 06:10 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-21 19:00 - 2011-09-10 06:10 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-21 17:56 - 2011-09-17 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 06:39 - 2013-11-02 00:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-17 06:37 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 06:38 - 2013-06-22 10:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 21:12 - 2011-09-17 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 07:15 - 2012-04-07 11:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 07:15 - 2011-09-18 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:29 - 2014-07-14 19:28 - 00000000 ____D () C:\Program Files\RStudio
2014-07-14 19:28 - 2011-09-27 04:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-07-14 19:27 - 2011-09-27 04:31 - 00000000 ____D () C:\Program Files\R
2014-07-14 17:12 - 2011-09-10 06:09 - 00000000 ____D () C:\Users\Oliver
2014-07-11 03:02 - 2014-07-17 06:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 06:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 18:42 - 2009-07-14 06:45 - 00440800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 18:40 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 00:20 - 2013-08-16 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 00:19 - 2011-09-17 05:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 00:18 - 2011-09-19 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:16 - 2014-07-06 22:14 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software
Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucp3b4.dll
C:\Users\Oliver\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 03:02
==================== End Of Log ============================
Gleich kommt aufgrund der Länge noch Antwort Nummer 2. |
|
03.08.2014, 17:21
| #13 |
| | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Oliver at 2014-08-03 18:16:39
Running from C:\Users\Oliver\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version: - )
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.22.00 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.01 - Creative Technology Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileZilla Client 3.9.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Gephi 0.8.1 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: - Gephi)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.2 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Lexware Info Service (HKLM-x32\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
LM98Free 2.2a (HKLM-x32\...\LM98Free 2.2a_is1) (Version: - )
Logitech SetPoint 6.30 (HKLM\...\sp6) (Version: 6.30.43 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1269 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 312.69 (Version: 312.69 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.1 - pdfforge)
QuickSteuer 2013 (HKLM-x32\...\{500342C9-CCD5-4335-89AE-C8A65C0A153B}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer 2014 (HKLM-x32\...\{52DD1288-FA17-4062-8280-532C89A7E2F2}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
R for Windows 2.13.1 (HKLM\...\R for Windows 2.13.1_is1) (Version: 2.13.1 - R Development Core Team)
R for Windows 2.13.2 (HKLM\...\R for Windows 2.13.2_is1) (Version: 2.13.2 - R Development Core Team)
R for Windows 2.14.0 (HKLM\...\R for Windows 2.14.0_is1) (Version: 2.14.0 - R Development Core Team)
R for Windows 2.14.1 (HKLM\...\R for Windows 2.14.1_is1) (Version: 2.14.1 - R Development Core Team)
R for Windows 2.14.2 (HKLM\...\R for Windows 2.14.2_is1) (Version: 2.14.2 - R Development Core Team)
R for Windows 2.15.0 (HKLM\...\R for Windows 2.15.0_is1) (Version: 2.15.0 - R Development Core Team)
R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)
R for Windows 2.15.2 (HKLM\...\R for Windows 2.15.2_is1) (Version: 2.15.2 - R Core Team)
R for Windows 2.15.3 (HKLM\...\R for Windows 2.15.3_is1) (Version: 2.15.3 - R Core Team)
R for Windows 3.0.0 (HKLM\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
R for Windows 3.0.3 (HKLM\...\R for Windows 3.0.3_is1) (Version: 3.0.3 - R Core Team)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.953 - RStudio)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 Pro (HKLM-x32\...\{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}) (Version: 1.0 - Creative Technology Limited)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.22 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.01 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wi-Fi MediaConnect (HKLM-x32\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.43 - Philips)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Offizielle Deutsche Sprachdatei Plus v5.62 (HKLM-x32\...\Winamp Offizielle Deutsche Sprachdatei Plus) (Version: v5.62 - Christoph Grether)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel (MEIx64) System (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows-Treiberpaket - Intel USB (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
27-07-2014 20:54:29 Windows-Sicherung
27-07-2014 20:56:39 Windows Update
27-07-2014 22:28:53 Windows Update
01-08-2014 05:22:10 Windows Update
01-08-2014 15:21:26 Windows Update
03-08-2014 11:31:01 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-08-03 13:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {14C8AF3B-40BC-4571-A504-6F69B5D1A6DF} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {3223E829-D269-4F50-84FD-CF149C52267C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {38CFAE7D-227B-49C5-B947-36DCE4EBAA55} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {7E4F6CD6-5B8E-461C-8134-B23427415495} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {B83852E2-CDDD-44AC-B8D0-6628C263D655} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {BDBD4036-6182-4726-88E6-0459A8F705D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BE0049D1-B96C-4A2D-87C2-960891CE42CF} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {C21FEAE2-61AF-406B-ACD0-E3E739990F87} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {D5090263-5AAD-47A0-B65F-5347A628BF88} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-23] (Lenovo Group Limited)
Task: {D5F22A8B-1CBB-43AC-97D6-3BC4F95468D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F9F52E65-52AD-4511-951F-DD4D50A99294} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Loaded Modules (whitelisted) =============
2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-11-28 19:55 - 2013-10-29 02:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-08-03 01:32 - 2011-03-23 20:48 - 00054272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2010-12-18 15:50 - 2010-12-18 15:50 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-08-03 01:25 - 2010-10-26 22:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-08-03 01:29 - 2011-03-06 13:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-24 01:42 - 2011-06-24 01:42 - 01302808 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-03-27 19:33 - 2009-12-29 16:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2012-03-27 19:33 - 2010-07-22 16:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-04-09 16:59 - 2014-04-09 16:59 - 00055120 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2014-04-09 16:59 - 2014-04-09 16:59 - 01162072 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00256352 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00115552 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2012-05-16 21:15 - 2010-06-21 11:14 - 00308736 _____ () C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
2010-12-18 15:50 - 2010-12-18 15:50 - 00171296 _____ () C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-08-03 01:33 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-08-03 01:33 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2014-08-03 17:39 - 2014-08-03 17:39 - 00043008 _____ () c:\users\oliver\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucp3b4.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Oliver\AppData\Roaming\Dropbox\bin\libcef.dll
2012-03-27 19:33 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-03-27 19:33 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2013-09-26 13:20 - 2013-09-26 13:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2014 05:38:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (08/03/2014 04:57:45 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (08/03/2014 04:50:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 6.18.0.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1388
Startzeit: 01cfaefe2650ce0e
Endzeit: 6
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
Error: (08/03/2014 04:24:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/03/2014 04:24:19 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/03/2014 04:24:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/03/2014 04:24:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/03/2014 04:24:15 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/03/2014 04:24:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/03/2014 04:24:12 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (08/03/2014 05:40:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/03/2014 05:40:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (08/03/2014 04:59:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/03/2014 04:59:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (08/03/2014 01:42:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/03/2014 01:39:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/03/2014 01:37:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (08/02/2014 10:36:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-08-03 13:39:59.589
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-03 13:39:59.509
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 8079.23 MB
Available physical RAM: 5169.04 MB
Total Pagefile: 16156.65 MB
Available Pagefile: 12748.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:229.56 GB) (Free:52.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:219.4 GB) (Free:41.26 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7FB25333)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
==================== End Of Log ============================
DANKE  |
|
04.08.2014, 09:23
| #14 | |
| /// TB-Ausbilder | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal Servus Oliver, Mehrere Anti-Virus-Programme Code:
ATTFilter Microsoft Security Essentials
Avira
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> No File
Toolbar: HKLM - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} - No File
Toolbar: HKLM-x32 - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} - No File
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
04.08.2014, 22:19
| #15 |
| | http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal FRST-Fix Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Oliver at 2014-08-04 18:55:08 Run:1
Running from C:\Users\Oliver\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> No File
Toolbar: HKLM - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} - No File
Toolbar: HKLM-x32 - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} - No File
Reboot:
end
*****************
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{284171A7-2F20-7504-35E0-E1B6810714B8}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{284171A7-2F20-7504-35E0-E1B6810714B8}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{25A3A431-30BB-47C8-AD6A-E1063801134F} => value deleted successfully.
"HKCR\CLSID\!{25A3A431-30BB-47C8-AD6A-E1063801134F}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{25A3A431-30BB-47C8-AD6A-E1063801134F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\!{25A3A431-30BB-47C8-AD6A-E1063801134F}" => Key not found.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 04-August-2014
Tool run by Oliver on 04.08.2014 at 19:00:44,68.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Oliver\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
04.08.2014 19:05:35 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3650026994-3939925165-1484858736-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3650026994-3939925165-1484858736-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3650026994-3939925165-1484858736-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3650026994-3939925165-1484858736-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7AEB3EFD-E564-43F1-B658-5058A7C5743B} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default
user.js not found
---- Lines {7AEB3EFD-E564-43F1-B658-5058A7C5743B} modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"VIP2X@verisign.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\
---- Lines FFPDFArchitectConverter@pdfarchitect.com modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"VIP2X@verisign.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\
---- FireFox user.js and prefs.js backups ----
prefs__1906_.backup
==== Deleting Files \ Folders ======================
"C:\user.js" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"VIP2X@verisign.com"="C:\Program Files (x86)\Symantec\VIP Access Client" [21.05.2012 07:14]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
==== Reset Google Chrome ======================
C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3 folders=0 9225 bytes)
==== EOF on 04.08.2014 at 19:06:53,52 ======================
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=89985d1f521a314f9ce6dc931fdd0e4b
# engine=19494
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-04 08:57:53
# local_time=2014-08-04 10:57:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 18764 37509066 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 14004072 158815723 0 0
# scanned=841130
# found=58
# cleaned=0
# scan_time=13310
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=FDF4ADB3654AC8E84A67513864636A36359C2B31 ft=1 fh=ef83010defedbcf7 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\ldrtbvsh0.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\ldrtbvsh2.dll.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\ldrtbvsha.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\tbvsh2.dll.vir"
sh=E6F9792E271F52A2245CC8D72C05A57D6DFBBDE3 ft=1 fh=0690a81bbbd9c1b6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\tbvsha.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper1.exe.vir"
sh=6505B4017A742332E933253F0F9EAB39CE266172 ft=1 fh=0216c665d26d87a6 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll.vir"
sh=A3026BF11E5DC3C126CD054DF0DBBC5A3C945D45 ft=1 fh=57ef4e77c6f4524f vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe.vir"
sh=AB636741FF2F3C19B303F07D58F1A86879B52084 ft=1 fh=8602a2ca2dc6d415 vn="Variante von Win32/Toolbar.SearchSuite.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\DnsBHO.dll.vir"
sh=0E162A35FF642FB27DE0FFA6A5E516F4A205C86F ft=1 fh=c71c001172fc8b70 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll.vir"
sh=217135A89AB767FCBEC61D371F2277D521CB8089 ft=1 fh=c71c0011672bae69 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll.vir"
sh=1BDD0763C5823A7E0109395EB6E76E4E3D5BD900 ft=1 fh=c71c0011c34523bc vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll.vir"
sh=F7C38976A06B2ED63397E73AB6E3D0627F6CA696 ft=1 fh=c71c00111d8e09b1 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll.vir"
sh=283997ABE0B7EBBFD2F2BDC80A2FECD1AAF9FA23 ft=1 fh=c71c001160c49f5f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll.vir"
sh=1CA675E95A5750911D193E52E812250B24A93795 ft=1 fh=c71c0011e76bbc2f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll.vir"
sh=3BBE1BAF04EB163F211CB767A633A33EDF298546 ft=1 fh=c71c001136a612ee vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll.vir"
sh=0A7D39D76E1CC00320B838F8E1A3CF9CFDC8BEFE ft=1 fh=c71c0011804e6284 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll.vir"
sh=7F7F14EB127D396BAB4CD7B9E8818100BC48F35F ft=1 fh=c71c0011d0dec117 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll.vir"
sh=193BC08699F12487168EEEAD80047869C4E3C4CC ft=1 fh=c71c0011c20190f0 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll.vir"
sh=1245524D1C6EE8AFADC5776445A7F6B5482B945F ft=1 fh=c71c0011751dc470 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll.vir"
sh=15CFC6E2E4E741F46D2AEDA2E1FA9B826C12300F ft=1 fh=c71c00118216d43d vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll.vir"
sh=0646EBBB5216B3E78891389EFACC64C53E147A9C ft=1 fh=c71c0011323bc7dd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll.vir"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="möglicherweise Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe.vir"
sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll.vir"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll.vir"
sh=F6AC801E1D3995F95A2805227B0940F74A5DAB72 ft=1 fh=eb7d74be9d93ebad vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll.vir"
sh=79381E492CE2C8ACF594E31A87407941FD9E8A82 ft=1 fh=081b7cd38ac65771 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"
sh=37FDC039C02562267559D42D94DDB64B692FD091 ft=1 fh=7aeecd1bb81f6a22 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\hk64tbvsh2.dll.vir"
sh=A6D053127826CDA8DD8FCDBB4E81F63000910624 ft=1 fh=e8f05c501331b563 vn="möglicherweise Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\hktbvsh2.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\ldrtbvsh0.dll.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dll.vir"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\tbvsh0.dll.vir"
sh=594E0844207ADD0DBD163E1AFB7696BAA25CB961 ft=1 fh=b78030dcfe359240 vn="möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\tbvsh1.dll.vir"
sh=7148AC44C7FE0CB8D30A12ACB28171AE1F609C20 ft=1 fh=779162af1796b620 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\tbvsh2.dll.vir"
sh=E6F9792E271F52A2245CC8D72C05A57D6DFBBDE3 ft=1 fh=0690a81bbbd9c1b6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\tbvsha.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=AD3EB5C38E33919317F46331E93E669105497F07 ft=1 fh=f28f6a642fe78f79 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ctypes\FirefoxCtype.dll.vir"
sh=545537DD6DF32D4ADCA7CD093735EB727CF3B98E ft=1 fh=c14d1e35487b28c7 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\Plugins\npFirefoxPlugin.dll.vir"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=38576FE97240AD33EA79E2EE58F7116CBF10DC6C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Downloaded Installations\{FE5201C9-A684-47A1-AC22-3401B18E7682}\The Weather Channel App.msi"
sh=B0E3956B726AC92156D587ED70116E1F0C330D96 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Mozilla\Firefox\Profiles\3edanfci.default\Cache\B\04\24144d01"
sh=198B89E752885D5E8CBB02414C68D2D63280F035 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Mozilla\Firefox\Profiles\3edanfci.default\Cache\B\3F\EAD06d01"
sh=81F7A566F85C0BBC0EE08A8230938804C54473FE ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Mozilla\Firefox\Profiles\3edanfci.default\Cache\C\7A\1C8E1d01"
sh=A71C84D1CB86AEDAF35650C4EF324B7629FAACDD ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Mozilla\Firefox\Profiles\3edanfci.default\Cache\F\79\307EDd01"
sh=38576FE97240AD33EA79E2EE58F7116CBF10DC6C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\101a75.msi"
sh=DC935CCB0E757C9C719A73A1D67A70CF645516A6 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\67f0fa.msi"
sh=A0C885C92EB91B16BFB8FBF4A9ABCE358A658F99 ft=1 fh=70f2756ae5428532 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\DVDStyler-2.6.1-win32.exe"
sh=34F2C0844483FE1CF4B3C781A192BD3F164A364A ft=1 fh=ecc511e71376698b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\PDFCreator-1_9_1-setup-beta.exe"
sh=8BE4C277A62F2400C3B0A20F39297D310774E2AC ft=1 fh=d69c639933d87dfe vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Setup21_FreeConverter.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 65
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader 10.1.10 Adobe Reader out of Date!
Mozilla Firefox (28.0)
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Oliver (administrator) on THINKPAD on 04-08-2014 23:13:41
Running from C:\Users\Oliver\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-15] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-24] (Logitech, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-15] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wi-Fi MediaConnect.lnk
ShortcutTarget: Wi-Fi MediaConnect.lnk -> C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Oliver\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-03]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]
CHR Extension: (Google Drive) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-04]
CHR Extension: (YouTube) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-04]
CHR Extension: (Google-Suche) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-04]
CHR Extension: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR Extension: (Google Mail) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-09-19] (DT Soft Ltd)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2011-09-13] (Creative Technology Ltd.)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-03] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 19:05 - 2014-08-04 19:06 - 00004045 _____ () C:\zoek-results.log
2014-08-04 19:00 - 2014-08-04 19:06 - 00000000 ____D () C:\zoek_backup
2014-08-03 17:04 - 2014-08-03 18:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 17:04 - 2014-08-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-03 17:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 17:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 17:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-03 16:54 - 2014-08-03 16:55 - 00000000 ____D () C:\AdwCleaner
2014-08-03 16:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 13:44 - 2014-08-03 13:44 - 00033677 _____ () C:\ComboFix.txt
2014-08-03 13:30 - 2014-08-03 13:44 - 00000000 ____D () C:\Qoobox
2014-08-03 13:30 - 2014-08-03 13:43 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 13:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-03 13:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-03 13:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-03 12:29 - 2014-08-04 23:13 - 00000000 ____D () C:\FRST
2014-08-01 17:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 17:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 17:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 17:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 17:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 17:18 - 2014-08-02 10:32 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 06:38 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 06:38 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 06:38 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 06:37 - 2014-07-17 06:38 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:28 - 2014-07-14 19:29 - 00000000 ____D () C:\Program Files\RStudio
2014-07-08 21:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 21:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 21:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 21:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 21:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 21:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 21:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 21:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 21:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 21:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 21:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 21:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 21:28 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:28 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 21:28 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:14 - 2014-07-06 22:16 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 23:13 - 2014-08-03 12:29 - 00000000 ____D () C:\FRST
2014-08-04 22:48 - 2011-09-18 21:03 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-04 21:21 - 2012-06-20 21:11 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-04 19:09 - 2011-08-03 11:03 - 00705086 _____ () C:\Windows\system32\perfh007.dat
2014-08-04 19:09 - 2011-08-03 11:03 - 00151454 _____ () C:\Windows\system32\perfc007.dat
2014-08-04 19:09 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-04 19:06 - 2014-08-04 19:05 - 00004045 _____ () C:\zoek-results.log
2014-08-04 19:06 - 2014-08-04 19:00 - 00000000 ____D () C:\zoek_backup
2014-08-04 19:05 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 19:05 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 19:03 - 2011-08-03 01:16 - 01876774 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 18:57 - 2011-09-19 01:47 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-04 18:56 - 2011-09-27 13:23 - 00128264 _____ () C:\Windows\setupact.log
2014-08-04 18:56 - 2011-09-10 06:10 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-04 18:56 - 2011-08-03 01:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-04 18:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-04 18:53 - 2014-02-23 23:38 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-08-04 18:40 - 2011-09-17 16:19 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-04 18:21 - 2012-06-20 21:11 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-04 17:57 - 2011-09-10 06:10 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-04 17:57 - 2011-09-10 06:10 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-04 17:48 - 2011-09-18 21:03 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-04 17:38 - 2010-11-21 05:47 - 00611840 _____ () C:\Windows\PFRO.log
2014-08-03 18:12 - 2014-08-03 17:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 17:04 - 2014-08-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-03 16:55 - 2014-08-03 16:54 - 00000000 ____D () C:\AdwCleaner
2014-08-03 16:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-03 13:44 - 2014-08-03 13:44 - 00033677 _____ () C:\ComboFix.txt
2014-08-03 13:44 - 2014-08-03 13:30 - 00000000 ____D () C:\Qoobox
2014-08-03 13:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-03 13:43 - 2014-08-03 13:30 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 13:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-02 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-02 10:55 - 2011-08-03 01:40 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-02 10:32 - 2014-08-01 17:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-02 10:31 - 2011-09-10 06:13 - 00001436 _____ () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 06:11 - 2011-11-07 01:40 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-29 23:51 - 2011-11-07 01:40 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\FileZilla
2014-07-29 23:42 - 2011-11-07 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 00:30 - 2013-03-13 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 22:49 - 2013-05-27 19:51 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-22 18:18 - 2011-09-19 01:48 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 18:13 - 2011-09-10 06:10 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-21 19:00 - 2011-09-10 06:10 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-21 17:56 - 2011-09-17 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 06:39 - 2013-11-02 00:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-17 06:37 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 06:38 - 2013-06-22 10:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 21:12 - 2011-09-17 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 07:15 - 2012-04-07 11:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 07:15 - 2011-09-18 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:29 - 2014-07-14 19:28 - 00000000 ____D () C:\Program Files\RStudio
2014-07-14 19:28 - 2011-09-27 04:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-07-14 19:27 - 2011-09-27 04:31 - 00000000 ____D () C:\Program Files\R
2014-07-14 17:12 - 2011-09-10 06:09 - 00000000 ____D () C:\Users\Oliver
2014-07-11 03:02 - 2014-07-17 06:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 06:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 18:42 - 2009-07-14 06:45 - 00440800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 18:40 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 00:20 - 2013-08-16 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 00:19 - 2011-09-17 05:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 00:18 - 2011-09-19 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:16 - 2014-07-06 22:14 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software
Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppwigpg.dll
C:\Users\Oliver\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 03:02
==================== End Of Log ============================
|
|
Linear-Darstellung
