| |
| |||||||
Log-Analyse und Auswertung: Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-DownloadWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.08.2014, 22:01
| #1 |
 |  Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Hallo, ich habe über Chip.de COREL-DRAW Testversion runtergeladen und dabei jede Menge anderer Sachen dazubekommen, die mir das Leben erschweren, ... Leider. Bereits im April/Mai hattet Ihr mir geholfen, und dabei hatte ich MALWAREBYTE runtergeladen. Das lässt sich jetzt zwar noch starten, das Programm macht auch noch was (ohne daß ich es gekauft hatte), aber es stoppt dann irgendwann die weitere Bearbeitung... Könnt Ihr mir bitte helfen? Hier Frst Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01 Ran by Rainer (administrator) on RAINER-PC on 10-08-2014 22:07:41 Running from C:\Users\Rainer\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\LPT\srpts.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\LPT\srptsl.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe () C:\Program Files\Deal Keeper\updateDealKeeper.exe () C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\conime.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe () C:\Program Files\Deal Keeper\bin\DealKeeper.PurBrowse.exe () C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Smartbar) C:\Users\Rainer\AppData\Local\Smartbar\Application\SafeFinder.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Smart PC Solutions) C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe () C:\Program Files\LPT\srptm.exe (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Rainer\AppData\Local\Smartbar\Application\SafeFinder.exe [28952 2014-06-25] (Smartbar) HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [135680 2008-07-03] (Microsoft Corporation) HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\MountPoints2: F - F:\LaunchU3.exe -a AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [94088 2014-07-17] (Skytech Co., Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut-Leiste.lnk ShortcutTarget: Microsoft Office Shortcut-Leiste.lnk -> C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft-Indexerstellung.lnk ShortcutTarget: Microsoft-Indexerstellung.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation) Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} SearchScopes: HKLM - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} SearchScopes: HKCU - F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} SearchScopes: HKCU - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: haufereader - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: sweet-page FF SelectedSearchEngine: sweet-page FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF user.js: detected! => C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\user.js FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Fast Start - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\faststartff@gmail.com [2014-07-17] FF Extension: No Name - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\staged [2014-08-10] FF Extension: SafeFinder Smartbar - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\{72d7ceec-c464-5081-0713-43871ac8b749} [2014-07-17] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-12-15] FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\faststartff@gmail.com FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-12-15] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx [] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-15] CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-02-11] (WildTangent, Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 HRService; C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2010-10-25] () S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [759688 2014-07-17] (Cherished Technololgy LIMITED) R2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [33560 2014-06-25] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-06] (soft Xpansion) R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed] R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation) S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software) R2 Update Deal Keeper; C:\Program Files\Deal Keeper\updateDealKeeper.exe [323320 2014-08-10] () R2 Util Deal Keeper; C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-10] () R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-17] (Fuyu LIMITED) S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH) R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH) R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.) S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [29292 2004-10-15] (FTDI Ltd.) [File not signed] S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2011-01-24] (FTDI Ltd.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-05] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.) R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.) R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider) S3 SAFAUSB; C:\Windows\System32\Drivers\VocTrace.sys [16035 2003-12-19] (Windows (R) 2000 DDK provider) S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software) R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-21] (TOSHIBA Corporation) R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gt; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys [55232 2014-07-18] (StdLib) R1 {55dce8ba-9dec-4013-937e-adbf9317d990}t; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys [55232 2014-07-17] (StdLib) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X] S3 catchme; \??\C:\Users\Rainer\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 22:03 - 2014-08-10 22:08 - 00037192 _____ () C:\Users\Rainer\Downloads\FRST.txt 2014-08-10 22:02 - 2014-08-10 22:02 - 01091072 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe 2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log 2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable 2014-08-10 22:00 - 2014-08-10 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe 2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls 2014-07-30 15:23 - 2014-07-30 15:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-26 11:46 - 2014-07-26 11:47 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif 2014-07-26 11:44 - 2014-07-26 11:45 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif 2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif 2014-07-26 11:43 - 2014-07-26 11:44 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif 2014-07-23 09:38 - 2014-07-23 09:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-23 09:38 - 2014-07-23 09:39 - 00000000 ____D () C:\Program Files\iTunes 2014-07-23 09:38 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iPod 2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software 2014-07-20 13:23 - 2014-07-17 16:33 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys 2014-07-18 20:56 - 2014-07-18 06:01 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys 2014-07-18 20:51 - 2014-07-18 20:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Systweak 2014-07-17 23:03 - 2014-07-21 00:27 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel 2014-07-17 23:02 - 2014-07-17 23:03 - 00000000 ____D () C:\ProgramData\Protexis 2014-07-17 22:57 - 2014-07-23 08:59 - 00000000 ____D () C:\Program Files\Deal Keeper 2014-07-17 22:57 - 2014-07-17 22:58 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-07-17 22:57 - 2014-07-17 22:58 - 00000000 ____D () C:\Program Files\SupTab 2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\sweet-page 2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-07-17 22:55 - 2014-07-20 15:21 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Systweak 2014-07-17 22:55 - 2014-07-16 17:49 - 00018280 _____ () C:\Windows\system32\roboot.exe 2014-07-17 22:52 - 2014-07-17 23:02 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Corel 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Visual Studio 2008 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Corel 2014-07-17 21:44 - 2014-07-17 21:44 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Microsoft Help 2014-07-17 21:42 - 2014-07-17 21:48 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2014-07-17 21:42 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs 2014-07-17 21:38 - 2014-07-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Corel 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Corel 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Common Files\Protexis 2014-07-17 21:31 - 2014-07-17 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Program Files\Corel 2014-07-17 21:27 - 2014-07-17 21:51 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\Documents\PC Speed Maximizer 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC Speed Maximizer 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Opera Software 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Opera Software 2014-07-17 21:26 - 2014-08-06 11:07 - 00000000 ____D () C:\Program Files\Opera 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-07-17 21:25 - 2014-07-17 22:58 - 875606016 _____ (Acresso Software Inc. ) C:\Users\Rainer\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE [1].exe 2014-07-17 21:25 - 2014-07-17 21:25 - 00000000 ____D () C:\Program Files\LPT 2014-07-17 21:24 - 2014-07-17 21:24 - 00002181 _____ () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00002151 _____ () C:\Users\Rainer\Desktop\Search.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Smartbar 2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\LPT 2014-07-17 21:22 - 2014-07-17 21:22 - 00000919 _____ () C:\Users\Rainer\Desktop\PC Speed Maximizer.lnk 2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\Program Files\PC Speed Maximizer 2014-07-17 21:20 - 2014-07-17 21:21 - 00756224 _____ ( ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE.exe 2014-07-17 21:15 - 2014-07-17 21:17 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7 2014-07-17 21:12 - 2014-07-17 21:14 - 489408088 _____ (Acresso Software Inc. ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE32Bit.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 22:08 - 2014-08-10 22:03 - 00037192 _____ () C:\Users\Rainer\Downloads\FRST.txt 2014-08-10 22:08 - 2013-11-11 00:10 - 00000000 ____D () C:\FRST 2014-08-10 22:02 - 2014-08-10 22:02 - 01091072 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe 2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log 2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable 2014-08-10 22:01 - 2010-08-29 23:01 - 00000000 ____D () C:\Users\Rainer 2014-08-10 22:00 - 2014-08-10 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-10 22:00 - 2013-02-20 08:55 - 00001756 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe 2014-08-10 21:58 - 2008-02-24 09:46 - 01978074 _____ () C:\Windows\WindowsUpdate.log 2014-08-10 21:55 - 2014-06-22 14:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job 2014-08-10 21:44 - 2006-11-02 12:23 - 00000462 _____ () C:\Windows\win.ini 2014-08-10 21:39 - 2012-04-04 21:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-10 21:39 - 2011-12-02 22:18 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-08-10 21:36 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-10 21:36 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-10 21:36 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-10 13:01 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-10 12:34 - 2011-09-26 23:43 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-07 23:13 - 2010-11-14 21:59 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Skype 2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls 2014-08-06 16:55 - 2010-11-17 08:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Skype 2014-08-06 11:07 - 2014-07-17 21:26 - 00000000 ____D () C:\Program Files\Opera 2014-08-05 21:49 - 2008-01-21 04:47 - 00972448 _____ () C:\Windows\PFRO.log 2014-08-05 07:49 - 2014-04-28 22:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-04 23:44 - 2014-04-28 22:25 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-04 23:42 - 2010-08-29 22:04 - 00082968 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-04 22:21 - 2011-11-20 21:37 - 00000020 ____H () C:\ProgramData\PKP_DLdw.DAT 2014-08-04 22:21 - 2011-11-20 21:35 - 00000020 ____H () C:\ProgramData\PKP_DLdu.DAT 2014-07-31 11:34 - 2011-11-26 10:09 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype 2014-07-31 11:29 - 2014-05-07 23:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-30 15:24 - 2014-07-30 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-26 11:47 - 2014-07-26 11:46 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif 2014-07-26 11:45 - 2014-07-26 11:44 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif 2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif 2014-07-26 11:44 - 2014-07-26 11:43 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif 2014-07-25 21:50 - 2011-12-15 01:57 - 00000000 ____D () C:\Program Files\Common Files\Mcafee 2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif 2014-07-23 09:39 - 2014-07-23 09:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-23 09:39 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iTunes 2014-07-23 09:38 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iPod 2014-07-23 09:38 - 2011-08-09 23:12 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-23 08:59 - 2014-07-17 22:57 - 00000000 ____D () C:\Program Files\Deal Keeper 2014-07-21 21:11 - 2008-01-21 09:16 - 01626604 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-21 00:27 - 2014-07-17 23:03 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel 2014-07-20 22:34 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-20 18:54 - 2010-09-18 16:08 - 00082968 _____ () C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx 2014-07-20 15:21 - 2014-07-17 22:55 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Systweak 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software 2014-07-18 20:52 - 2010-08-30 08:29 - 00082968 _____ () C:\Users\Conny\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-18 20:51 - 2014-07-18 20:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Systweak 2014-07-18 20:50 - 2006-11-02 14:47 - 00323320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-18 06:01 - 2014-07-18 20:56 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys 2014-07-17 23:03 - 2014-07-17 23:02 - 00000000 ____D () C:\ProgramData\Protexis 2014-07-17 23:02 - 2014-07-17 22:52 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Corel 2014-07-17 23:02 - 2010-08-29 22:27 - 00082968 _____ () C:\Users\Rainer-User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-17 22:58 - 2014-07-17 22:57 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-07-17 22:58 - 2014-07-17 22:57 - 00000000 ____D () C:\Program Files\SupTab 2014-07-17 22:58 - 2014-07-17 21:25 - 875606016 _____ (Acresso Software Inc. ) C:\Users\Rainer\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE [1].exe 2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\sweet-page 2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-07-17 21:51 - 2014-07-17 21:27 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5 2014-07-17 21:48 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2014-07-17 21:48 - 2009-06-09 11:35 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Visual Studio 2008 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Corel 2014-07-17 21:44 - 2014-07-17 21:44 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Microsoft Help 2014-07-17 21:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-07-17 21:42 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs 2014-07-17 21:38 - 2014-07-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Corel 2014-07-17 21:38 - 2014-07-17 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Corel 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Common Files\Protexis 2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Program Files\Corel 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\Documents\PC Speed Maximizer 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC Speed Maximizer 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Opera Software 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Opera Software 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-07-17 21:25 - 2014-07-17 21:25 - 00000000 ____D () C:\Program Files\LPT 2014-07-17 21:24 - 2014-07-17 21:24 - 00002181 _____ () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00002151 _____ () C:\Users\Rainer\Desktop\Search.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Smartbar 2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\LPT 2014-07-17 21:22 - 2014-07-17 21:22 - 00000919 _____ () C:\Users\Rainer\Desktop\PC Speed Maximizer.lnk 2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\Program Files\PC Speed Maximizer 2014-07-17 21:21 - 2014-07-17 21:20 - 00756224 _____ ( ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE.exe 2014-07-17 21:17 - 2014-07-17 21:15 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7 2014-07-17 21:14 - 2014-07-17 21:12 - 489408088 _____ (Acresso Software Inc. ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE32Bit.exe 2014-07-17 17:33 - 2011-11-24 17:13 - 00000000 ____D () C:\Users\Marie-Sophie\AppData\Roaming\Skype 2014-07-17 16:33 - 2014-07-20 13:23 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys 2014-07-16 17:49 - 2014-07-17 22:55 - 00018280 _____ () C:\Windows\system32\roboot.exe 2014-07-12 09:11 - 2012-04-04 21:24 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-12 09:11 - 2011-06-01 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-11 16:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-11 16:42 - 2013-08-07 12:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-11 16:35 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP: ==================== C:\Users\Rainer\AppData\Local\temp\APNSetup.exe C:\Users\Rainer\AppData\Local\temp\AudibleDM_iTunesSetup(2).exe C:\Users\Rainer\AppData\Local\temp\g2bacafe.dll C:\Users\Rainer\AppData\Local\temp\h-dwhgph.dll C:\Users\Rainer\AppData\Local\temp\ivy7kdfr.dll C:\Users\Rainer\AppData\Local\temp\j6prhjk4.dll C:\Users\Rainer\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe C:\Users\Rainer\AppData\Local\temp\mebma8zd.dll C:\Users\Rainer\AppData\Local\temp\qivaiijj.dll C:\Users\Rainer\AppData\Local\temp\Quarantine.exe C:\Users\Rainer\AppData\Local\temp\ww_8aipr.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-10 21:46 ==================== End Of Log ============================ Hier Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01
Ran by Rainer at 2014-08-10 22:09:18
Running from C:\Users\Rainer\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoBase 3 (HKLM\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version: - )
ArcSoft PhotoStudio 5 (HKLM\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version: - )
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{4324E4DD-C67C-A413-5C12-5DC694A99AF6}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Guard (HKLM\...\Browser Guard) (Version: - )
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
Caminos neu A1 Vokabeltrainer (HKLM\...\de.klett.vokabeltrainer.caminosneua1.CE0E3A60A72FE7E3EB57F417A8115A03D988FEF4.1) (Version: 1.1 - Ernst Klett Sprachen GmbH)
Caminos neu A1 Vokabeltrainer (Version: 1.1 - Ernst Klett Sprachen GmbH) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0421.2132.36832 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0421.2132.36832 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Czech (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Danish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Dutch (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help English (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Finnish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help French (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help German (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Greek (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Italian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Japanese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Korean (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Polish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Russian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Spanish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Swedish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Thai (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Turkish (Version: 2009.0421.2131.36832 - ATI) Hidden
ccc-core-static (Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0421.2132.36832 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Deal Keeper (HKLM\...\Deal Keeper) (Version: 2014.07.17.190627 - Deal Keeper) <==== ATTENTION
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
dm Digi Foto (HKLM\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Dr Kawashima (HKCU\...\DrKawashima) (Version: 1.0 - )
EG21 Vokabelkartei interaktiv 3 (HKLM\...\{D14B5875-A7FB-4169-BE5B-C9003A5C71AC}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular 12.3.2.6814k) (Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
F-Editor (HKLM\...\{2A8AEFF7-E7DA-4440-979A-2AB137BE185C}_is1) (Version: 1.03 - Technische Alternative)
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.0 - Nikon)
FOTOParadies (HKLM\...\{1CEA14B0-9E95-43FC-8D79-C81D20052375}}_is1) (Version: 3.1.10.253 - Foto Online Service GmbH)
FOTOParadies (HKLM\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.1 - Foto Online Service GmbH)
Free Audio CD Burner version 1.4 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.)
FTDI FTD2XX USB Drivers (HKLM\...\FTD2XX) (Version: - )
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Haufe iDesk-Browser (HKLM\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM\...\{27F10580-E040-11DF-8C28-005056B12123}) (Version: 10.10.25.7810 - Haufe)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP OrderReminder (HKLM\...\HP OrderReminder) (Version: 2.1 - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
International Karting - from Midas (HKLM\...\International Karting - from Midas) (Version: - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Klett Lernsoftware Mathematik - Lambacher Schweizer (2. Lernjah (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schwei~B0BDFB6A_is1) (Version: - )
Klett Lernsoftware Mathematik - Lambacher Schweizer (4. Lernjah (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schwei~F7563B51_is1) (Version: - )
LaserJet 1018 (HKLM\...\HP-LaserJet 1018) (Version: - )
LCN-PRO 3 (HKLM\...\{5037D595-CA93-4463-7F05-4416F53D0C7D}) (Version: - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
LEGO® Der Herr der Ringe™ (HKLM\...\{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
LPT System Updater Service (HKLM\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Manual CanoScan 5000,5000F,8000F (HKLM\...\{D9261CAB-3E1D-423C-9DD6-2001056DA292}) (Version: - )
McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: - )
Meine Tierarztpraxis in Australien (Nur Entfernen) (HKLM\...\Meine Tierarztpraxis in Australien) (Version: - )
Memory Manager 2.08 (HKLM\...\Memory Manager_is1) (Version: 2.08 - Technische Alternative GmbH)
metaCrawler (HKLM\...\metaCrawler) (Version: - metaCrawler) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Motocross Madness 2 (HKLM\...\Motocross Madness 2) (Version: - )
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.65 (HKLM\...\myphotobook) (Version: 3.65 - myphotobook)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon RAW Codec (HKLM\...\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}) (Version: 1.00.0000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.4.0 - Nikon)
Opera Stable 23.0.1522.72 (HKLM\...\Opera 23.0.1522.72) (Version: 23.0.1522.72 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PC Speed Maximizer v3.2 (HKLM\...\PC Speed Maximizer_is1) (Version: 3.2 - SoftCity)
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.5 - Nikon)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
Presto! PageManager 6 (HKLM\...\{580183A6-FF92-11D5-9294-0050BA073EEC}) (Version: - )
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0003 - Realtek)
RegUse (HKLM\...\RegUse) (Version: 1.0.3.2 - Honlyn (Macao Commercial Offshore) Limited)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeFinder Smartbar (HKLM\...\{877D0E59-6CBD-43C6-966F-1F4BA343AEEC}) (Version: 11.75.72.18057 - Linkury Ltd.) <==== ATTENTION
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: - )
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skins (Version: 2009.0421.2132.36832 - ATI) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spielefieber Braingames für Vista (HKLM\...\Spielefieber Braingames für Vista) (Version: - KlickMedia)
Star Stable 4 (HKLM\...\{A8522694-A08C-4844-872B-F69A175EF59C}) (Version: 1.00.0000 - Stabenfeldt)
Star Wars Empire at War (HKLM\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Steuer-Hilfesammlung 2010 (HKLM\...\{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG)
Steuer-Sparer 2012 (HKLM\...\{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Sparer 2013 (HKLM\...\{0B914F2C-6CC2-4328-B84E-411A81B50FA4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
sweet-page uninstall (HKLM\...\sweet-page uninstall) (Version: - sweet-page) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
TAPPS 1.29 DE (HKLM\...\TAPPS DE_is1) (Version: 1.29 - Technische Alternative GmbH)
TFD128 1.00 (HKLM\...\TFD_Deploy_0) (Version: - )
TOSHIBA Accessibility (HKLM\...\InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}) (Version: 1.62.0.6C - TOSHIBA)
TOSHIBA Accessibility (Version: 1.62.0.6C - TOSHIBA) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Controls Driver (Version: 2.62.0.1C - TOSHIBA) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.3.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.0.3.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.1 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.0.0.1 - TOSHIBA Corporation) Hidden
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (Version: 1.00.0017 - TOSHIBA) Hidden
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisor Password (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA) Hidden
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.171 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.171 - TuneUp Software) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - )
Utility Common Driver (Version: 1.0.50.24C - TOSHIBA) Hidden
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.3.0 - Nikon)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VoiceTracer (HKLM\...\{54A13435-82CF-11D6-B859-C6D4DE0EF860}) (Version: 1.95 - )
Vokabelkartei interaktiv À plus! 2 (HKLM\...\{08DBA737-EAD2-4DDA-A48B-E7A8AEC45BD8}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Vokabelkartei interaktiv À plus! 4 (HKLM\...\{4D230951-6E24-4588-8B8C-D78E06F10A1C}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Wildlife Park 2 Familien Edition (HKLM\...\{740B51D7-C903-4536-9530-B6304C937F51}) (Version: 2.00 - Deep Silver)
Wildlife Park 2 Horses (HKLM\...\{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}) (Version: 2.00 - Deep Silver)
Wildlife Park 3 v1.0 (HKLM\...\Wildlife Park 3_is1) (Version: - bitComposer Games)
WildTangent-Spiele (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WindowsMangerProtect20.0.0.502 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
Winsol 2.00 (HKLM\...\Winsol_is1) (Version: 2.00 - Technische Alternative GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
==================== Restore Points =========================
15-07-2014 11:23:26 Windows Update
17-07-2014 21:00:29 RCP Do, Jul 17, 14 23:00
18-07-2014 18:59:13 Windows Update
22-07-2014 12:00:13 Windows Update
24-07-2014 11:49:41 Geplanter Prüfpunkt
29-07-2014 12:50:07 Windows Update
04-08-2014 21:38:05 Installed TOSHIBA Value Added Package
06-08-2014 06:53:17 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2014-04-27 14:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D494D4F-C171-4567-9A2B-EF54F35F50A4} - System32\Tasks\ASP => C:\Program Files\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {15B72F65-D23D-463C-A89C-D302BECADA67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.)
Task: {1A27D10D-6B90-4FCB-B9AF-5C6501316B34} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files\PC Speed Maximizer\SPMLauncher.exe [2014-04-28] (Smart PC Solutions)
Task: {1AFDE751-66A1-420C-BAED-2F748CD6E04D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23E19204-A4C0-4FE1-B046-07C8C569482F} - System32\Tasks\{14AD0C82-FB85-4C18-8A14-04D561BC579D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {34DF98C5-A9D6-47F6-8294-54CAA3D1CB3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {39D70AAE-4BA4-4E66-8AEC-5ADF274EE5AE} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {57FB448F-C823-41DB-B91A-1C0586C1CDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {6669A209-B771-4A2B-B9C7-B8070FEE4E1A} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG)
Task: {73D58360-79E6-4978-83D3-4FF2663087E5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {81D6AAFD-88F3-4289-B3AA-74297386338D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Conny => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {9B8B1DD8-E318-48DB-BE03-A5E343B59A6B} - System32\Tasks\{FFCD702D-C383-483E-9222-78453479684B} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {BBCEF35F-709C-41BA-8461-A10BF63007AF} - System32\Tasks\{28CC4EDD-F8B3-4A32-AE6A-97AA732C005D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {C27DC93F-4B21-45E0-BDB8-C711D34B55C8} - System32\Tasks\Opera scheduled Autoupdate 1405625202 => C:\Program Files\Opera\launcher.exe [2014-08-05] (Opera Software)
Task: {D21B4A59-B972-4028-9D35-A15048FBBD99} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F851638C-3015-4550-B49A-5F3C8A042324} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {FA228AC1-CD41-427F-BE9E-59DBF4D1E3D2} - System32\Tasks\{443024A5-EF36-4634-ADDC-CA05EF656195} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?page=tsProgressBar
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-02-24 09:49 - 2009-04-21 23:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00033560 _____ () C:\Program Files\LPT\srpts.exe
2014-06-25 16:28 - 2014-06-25 16:28 - 00043288 _____ () C:\Program Files\LPT\srptc.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00018200 _____ () C:\Program Files\LPT\Smartbar.Common.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00037656 _____ () C:\Program Files\LPT\srptsl.exe
2014-06-25 16:28 - 2014-06-25 16:28 - 00066840 _____ () C:\Program Files\LPT\srut.dll
2009-04-24 12:39 - 2009-04-24 12:39 - 00516096 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2014-07-17 21:06 - 2014-08-10 09:23 - 00323320 _____ () C:\Program Files\Deal Keeper\updateDealKeeper.exe
2014-07-18 20:54 - 2014-08-10 09:22 - 00323320 _____ () C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe
2009-01-30 22:11 - 2009-01-30 22:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
1997-09-04 00:00 - 1997-09-04 00:00 - 03782416 _____ () C:\Program Files\Microsoft Office\Office\MSO97.DLL
2008-02-24 09:50 - 2008-02-24 09:50 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-01-30 11:41 - 2009-01-30 11:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2008-02-24 09:50 - 2008-02-24 09:50 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-09 17:38 - 2014-08-10 11:23 - 00239352 _____ () C:\Program Files\Deal Keeper\bin\DealKeeper.PurBrowse.exe
2014-07-18 20:56 - 2014-08-10 20:23 - 00096504 _____ () C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
2014-06-25 16:28 - 2014-06-25 16:28 - 00047384 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00070936 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srau.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00166680 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 02344216 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00067864 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\spbl.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00158488 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00015128 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\siem.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00067864 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\sppsm.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00697624 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00015640 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00079640 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00027928 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00066840 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srut.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00030488 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srsbs.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00066328 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00150808 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smti.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00032024 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srom.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00031512 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smtu.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00040216 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smta.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00062744 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smsp.dll
2014-07-17 21:24 - 2014-07-17 21:24 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00046872 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srbu.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00024856 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\sgml.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00062744 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00025880 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srpdm.dll
2014-06-25 16:26 - 2014-06-25 16:26 - 00044312 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-06-25 16:18 - 2014-06-25 16:18 - 00025880 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00036120 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00193816 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\sgmu.dll
2014-05-12 11:21 - 2014-05-12 11:21 - 00061440 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00256280 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srns.dll
2014-07-30 15:23 - 2014-07-30 15:24 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-18 20:56 - 2014-08-10 20:23 - 00195320 _____ () C:\Program Files\Deal Keeper\bin\DealKeeperBAApp.dll
2014-07-12 09:11 - 2014-07-12 09:11 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00023832 _____ () C:\Program Files\LPT\srptm.exe
2014-06-25 16:28 - 2014-06-25 16:28 - 00081688 _____ () C:\Program Files\LPT\srpt.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HRService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SXDS10 => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winsol_Autostart.lnk => C:\Windows\pss\Winsol_Autostart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Rainer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: cfFncEnabler.exe => "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
MSCONFIG\startupreg: NDSTray.exe => "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TPCHWMsg => %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/10/2014 09:54:26 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp458800700b7
Error: (08/10/2014 09:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, fehlerhaftes Modul FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, Ausnahmecode 0x40000015, Fehleroffset 0x00017670,
Prozess-ID 0x1834, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_145.exe0.
Error: (08/10/2014 09:48:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (08/10/2014 09:48:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (08/10/2014 09:46:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, fehlerhaftes Modul FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, Ausnahmecode 0x40000015, Fehleroffset 0x00017670,
Prozess-ID 0x101c, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_145.exe0.
Error: (08/10/2014 09:38:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung MSOFFICE.EXE, Version 8.0.0.3512, Zeitstempel 0x3287ddb4, fehlerhaftes Modul MSOFFICE.EXE, Version 8.0.0.3512, Zeitstempel 0x3287ddb4, Ausnahmecode 0xc0000005, Fehleroffset 0x0000acfd,
Prozess-ID 0x1280, Anwendungsstartzeit MSOFFICE.EXE0.
Error: (08/10/2014 09:38:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 00:28:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 09:22:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 05:37:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (08/10/2014 09:57:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Platform Services%%1053
Error: (08/10/2014 09:57:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Platform Services
Error: (08/10/2014 09:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Platform Services%%1053
Error: (08/10/2014 09:57:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Platform Services
Error: (08/10/2014 09:57:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}
Error: (08/10/2014 09:56:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}
Error: (08/10/2014 09:50:16 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (08/10/2014 09:39:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}
Error: (08/10/2014 09:38:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (08/10/2014 09:36:31 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-08-10 21:49:12.322
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-10 21:49:11.229
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-10 21:49:10.128
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-10 21:49:08.643
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-10 21:49:06.628
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-10 21:49:05.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-10 21:49:04.987
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-10 21:49:04.343
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-07 15:11:49.325
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-07 15:11:48.698
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 68%
Total physical RAM: 3035.93 MB
Available physical RAM: 969 MB
Total Pagefile: 6276.09 MB
Available Pagefile: 3900.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.65 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:19.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:184.84 GB) (Free:108.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-10 22:52:03
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG01 372.61GB
Running: Gmer-19357.exe; Driver: C:\Users\Rainer\AppData\Local\Temp\kxliqpog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x84B50480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x84B91900, 0x3CA, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A09000, 0x263970, 0xE8000020]
.reloc C:\Windows\system32\drivers\acehlp10.sys section is executable [0x91011B80, 0x37FC7, 0xE0000060]
.reloc C:\Windows\system32\drivers\acedrv10.sys section is executable [0xA10A4000, 0x459C1, 0xE0000060]
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA111169D]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[1312] kernel32.dll!LoadLibraryW 75F694F8 5 Bytes JMP 6354B470 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll
.text C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[1312] kernel32.dll!LoadLibraryA 75F69674 5 Bytes JMP 6354B370 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp {55dce8ba-9dec-4013-937e-adbf9317d990}t.sys
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys
AttachedDevice \Driver\tdx \Device\Udp {55dce8ba-9dec-4013-937e-adbf9317d990}t.sys
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x40 0x52 0xCB 0x8F ...
---- EOF - GMER 2.1 ----
Die unerwünschte Umleitung ist immer noch aktiv... Viele Grüße und vielen Dank Rainer Geändert von Romanos (10.08.2014 um 22:18 Uhr) |
|
10.08.2014, 23:34
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
12.08.2014, 21:14
| #3 |
| | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Hallo Cosinus,
__________________nein, keine anderen gemacht... Viele Grüße Romanos |
|
12.08.2014, 22:15
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.08.2014, 20:33
| #5 |
| | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Hallo Cosinus, ok, 1. Schritt: adwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 27/10/2013 um 21:31:26
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Rainer - RAINER-PC
# Gestartet von : C:\Users\Rainer-User\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : vToolbarUpdater17.0.12
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Program Files\ParetoLogic
Ordner Gelöscht : C:\Program Files\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\Rainer\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Conny\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Rainer-User\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\n543x2gz.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_833916\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
[!] Ordner Gelöscht : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\pqwcenxs.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\5mq7bxlg.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\n543x2gz.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_833916\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Datei Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\n543x2gz.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_833916\searchplugins\bingp.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Browser Updater
Datei Gelöscht : C:\Windows\System32\Tasks\ProtectedSearch
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.19475
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\n543x2gz.default\prefs.js ]
[ Datei : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_833916\prefs.js ]
[ Datei : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\prefs.js ]
[ Datei : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\pqwcenxs.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
[ Datei : C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\5mq7bxlg.default\prefs.js ]
[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [102604 octets] - [07/10/2013 22:17:36]
AdwCleaner[R1].txt - [3755 octets] - [27/10/2013 21:15:21]
AdwCleaner[S0].txt - [95082 octets] - [07/10/2013 22:21:25]
AdwCleaner[S1].txt - [3702 octets] - [27/10/2013 21:31:26]
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [3762 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.305 - Bericht erstellt am 15/08/2014 um 21:16:19
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Rainer - RAINER-PC
# Gestartet von : C:\Users\Rainer\Downloads\adwcleaner_3.305.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : LPTSystemUpdater
[#] Dienst Gelöscht : Update Deal Keeper
[#] Dienst Gelöscht : Util Deal Keeper
[#] Dienst Gelöscht : {55dce8ba-9dec-4013-937e-adbf9317d990}Gt
[#] Dienst Gelöscht : {55dce8ba-9dec-4013-937e-adbf9317d990}t
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\FileCure
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files\LPT
Ordner Gelöscht : C:\Program Files\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files\SupTab
[!] Ordner Gelöscht : C:\Program Files\Deal Keeper
Ordner Gelöscht : C:\Users\Conny\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Conny\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Felix\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Marie-Sophie\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Rainer\AppData\Local\LPT
Ordner Gelöscht : C:\Users\Rainer\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Rainer\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Rainer\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Rainer\AppData\Local\Temp\Deal Keeper
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Rainer\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Rainer-User\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\faststartff@gmail.com
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys
Datei Gelöscht : C:\Windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys
Datei Gelöscht : C:\Users\Rainer\Desktop\PC Speed Maximizer.lnk
Datei Gelöscht : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\gpptex8c.default-1399582062237\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\1kgaslal.default-1399581076297\searchplugins\ask-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\sweet-page.xml
Datei Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\user.js
***** [ Tasks ] *****
Task Gelöscht : ASP
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Deal Keeper
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\pc speed maximizer
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Deal Keeper
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.19553
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\tnayw4n9.default-1384290331207\prefs.js ]
[ Datei : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\prefs.js ]
[ Datei : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\prefs.js ]
[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\prefs.js ]
[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\gpptex8c.default-1399582062237\prefs.js ]
[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\tg3604ts.default-1384291631991\prefs.js ]
[ Datei : C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\5mq7bxlg.default\prefs.js ]
[ Datei : C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\prefs.js ]
[ Datei : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "sweet-page");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "sweet-page");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1405625155");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1405583345256");
[ Datei : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\1kgaslal.default-1399581076297\prefs.js ]
[ Datei : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\65usia27.default-1384288767431\prefs.js ]
[ Datei : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\pqwcenxs.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [109349 octets] - [07/10/2013 23:17:36]
AdwCleaner[R1].txt - [16569 octets] - [27/10/2013 22:15:21]
AdwCleaner[S0].txt - [101709 octets] - [07/10/2013 23:21:25]
AdwCleaner[S1].txt - [15335 octets] - [27/10/2013 22:31:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15396 octets] ##########
Dann 2. Schritt: JRT - Junkware Removal Tool Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Rainer on 15.08.2014 at 21:40:31.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Rainer\AppData\Roaming\mozilla\firefox\profiles\yztin5xb.default\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.08.2014 at 21:48:26.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014 Ran by Rainer (administrator) on RAINER-PC on 15-08-2014 21:52:07 Running from C:\Users\Rainer\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe (Thisisu) C:\Users\Rainer\Downloads\JRT(2).exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Farbar) C:\Users\Rainer\Downloads\FRST(2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut-Leiste.lnk ShortcutTarget: Microsoft Office Shortcut-Leiste.lnk -> C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft-Indexerstellung.lnk ShortcutTarget: Microsoft-Indexerstellung.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation) Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKCU - F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: haufereader - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default FF NewTab: chrome://quick_start/content/index.html FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: SafeFinder Smartbar - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\{72d7ceec-c464-5081-0713-43871ac8b749} [2014-07-17] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-12-15] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-12-15] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx [] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-15] CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-02-11] (WildTangent, Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 HRService; C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2010-10-25] () S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-06] (soft Xpansion) R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed] R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation) S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software) S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH) R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH) R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.) S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [29292 2004-10-15] (FTDI Ltd.) [File not signed] S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2011-01-24] (FTDI Ltd.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-15] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.) R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.) R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider) S3 SAFAUSB; C:\Windows\System32\Drivers\VocTrace.sys [16035 2003-12-19] (Windows (R) 2000 DDK provider) S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software) R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-21] (TOSHIBA Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X] S3 catchme; \??\C:\Users\Rainer\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 21:51 - 2014-08-15 21:51 - 01092096 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(2).exe 2014-08-15 21:48 - 2014-08-15 21:48 - 00000870 _____ () C:\Users\Rainer\Desktop\JRT.txt 2014-08-15 21:39 - 2014-08-15 21:39 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(2).exe 2014-08-15 21:38 - 2014-08-15 21:38 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(1).exe 2014-08-15 21:37 - 2014-08-15 21:37 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-15 21:36 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-15 21:36 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-15 21:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-15 21:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-15 21:34 - 2014-08-15 21:36 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-08-15 21:31 - 2014-08-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-15 21:09 - 2014-08-15 21:09 - 01356107 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.305.exe 2014-08-15 21:09 - 2014-08-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-15 10:16 - 2014-08-15 10:16 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml 2014-08-15 09:29 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-15 09:29 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-15 09:29 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-15 09:29 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-14 09:07 - 2014-07-24 23:33 - 11083264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 06024192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-14 09:07 - 2014-07-24 23:33 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-08-14 09:07 - 2014-07-24 21:56 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-14 09:07 - 2014-07-24 21:49 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-14 09:07 - 2014-07-24 21:49 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-14 09:07 - 2014-07-24 21:48 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-14 09:07 - 2014-07-24 21:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-14 09:07 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-14 09:07 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-14 09:07 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-14 09:07 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-14 09:07 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-14 09:07 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-14 09:07 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-08-14 09:07 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-14 09:06 - 2014-07-25 06:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-14 09:06 - 2014-07-25 04:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-10 22:52 - 2014-08-10 22:52 - 00002904 _____ () C:\Users\Rainer\Downloads\Gmer.txt 2014-08-10 22:13 - 2014-08-10 22:13 - 00380416 _____ () C:\Users\Rainer\Downloads\Gmer-19357.exe 2014-08-10 22:09 - 2014-08-10 22:12 - 00053977 _____ () C:\Users\Rainer\Downloads\Addition.txt 2014-08-10 22:03 - 2014-08-15 21:52 - 00021409 _____ () C:\Users\Rainer\Downloads\FRST.txt 2014-08-10 22:02 - 2014-08-10 22:02 - 01091072 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe 2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log 2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable 2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe 2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls 2014-07-30 15:23 - 2014-07-30 15:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-26 11:46 - 2014-07-26 11:47 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif 2014-07-26 11:44 - 2014-07-26 11:45 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif 2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif 2014-07-26 11:43 - 2014-07-26 11:44 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif 2014-07-23 09:38 - 2014-08-15 21:09 - 00000000 ____D () C:\Program Files\iTunes 2014-07-23 09:38 - 2014-08-15 21:08 - 00000000 ____D () C:\Program Files\iPod 2014-07-23 09:38 - 2014-08-15 21:04 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software 2014-07-17 23:03 - 2014-07-21 00:27 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel 2014-07-17 23:02 - 2014-07-17 23:03 - 00000000 ____D () C:\ProgramData\Protexis 2014-07-17 22:57 - 2014-08-15 21:16 - 00000000 ____D () C:\Program Files\Deal Keeper 2014-07-17 22:52 - 2014-07-17 23:02 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Corel 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Visual Studio 2008 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Corel 2014-07-17 21:44 - 2014-07-17 21:44 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Microsoft Help 2014-07-17 21:42 - 2014-07-17 21:48 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2014-07-17 21:42 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs 2014-07-17 21:38 - 2014-07-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Corel 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Corel 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Common Files\Protexis 2014-07-17 21:31 - 2014-07-17 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Program Files\Corel 2014-07-17 21:27 - 2014-07-17 21:51 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Opera Software 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Opera Software 2014-07-17 21:26 - 2014-08-12 11:40 - 00000000 ____D () C:\Program Files\Opera 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-07-17 21:25 - 2014-07-17 22:58 - 875606016 _____ (Acresso Software Inc. ) C:\Users\Rainer\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE [1].exe 2014-07-17 21:24 - 2014-07-17 21:24 - 00002181 _____ () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00002151 _____ () C:\Users\Rainer\Desktop\Search.lnk 2014-07-17 21:15 - 2014-07-17 21:17 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7 2014-07-17 21:12 - 2014-07-17 21:14 - 489408088 _____ (Acresso Software Inc. ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE32Bit.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 21:53 - 2014-08-10 22:03 - 00021409 _____ () C:\Users\Rainer\Downloads\FRST.txt 2014-08-15 21:52 - 2013-11-11 00:10 - 00000000 ____D () C:\FRST 2014-08-15 21:51 - 2014-08-15 21:51 - 01092096 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(2).exe 2014-08-15 21:48 - 2014-08-15 21:48 - 00000870 _____ () C:\Users\Rainer\Desktop\JRT.txt 2014-08-15 21:43 - 2014-04-28 22:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-15 21:39 - 2014-08-15 21:39 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(2).exe 2014-08-15 21:38 - 2014-08-15 21:38 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(1).exe 2014-08-15 21:38 - 2012-04-04 21:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-15 21:37 - 2014-08-15 21:37 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-15 21:36 - 2014-08-15 21:34 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-08-15 21:36 - 2009-06-09 11:10 - 00000000 ____D () C:\Program Files\Java 2014-08-15 21:34 - 2011-09-26 23:43 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-15 21:31 - 2014-08-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-15 21:31 - 2013-02-20 08:55 - 00001756 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-08-15 21:30 - 2012-04-04 21:24 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-15 21:30 - 2011-06-01 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-15 21:29 - 2008-02-24 09:46 - 01229829 _____ () C:\Windows\WindowsUpdate.log 2014-08-15 21:26 - 2014-06-22 14:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job 2014-08-15 21:24 - 2008-01-21 04:47 - 00973488 _____ () C:\Windows\PFRO.log 2014-08-15 21:24 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-15 21:24 - 2006-11-02 14:47 - 00323320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-15 21:24 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-15 21:24 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-15 21:23 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-15 21:22 - 2013-10-07 23:17 - 00000000 ____D () C:\AdwCleaner 2014-08-15 21:17 - 2006-11-02 12:23 - 00000462 _____ () C:\Windows\win.ini 2014-08-15 21:16 - 2014-07-17 22:57 - 00000000 ____D () C:\Program Files\Deal Keeper 2014-08-15 21:09 - 2014-08-15 21:09 - 01356107 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.305.exe 2014-08-15 21:09 - 2014-08-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-15 21:09 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iTunes 2014-08-15 21:08 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iPod 2014-08-15 21:04 - 2014-07-23 09:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-08-15 15:44 - 2011-12-02 22:18 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-08-15 10:30 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2014-08-15 10:27 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-15 10:18 - 2008-01-21 09:16 - 01626604 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-15 10:16 - 2014-08-15 10:16 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml 2014-08-15 10:06 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-08-15 09:34 - 2013-08-07 12:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-15 09:34 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-08-13 18:39 - 2010-11-17 08:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Skype 2014-08-12 12:37 - 2011-11-24 17:13 - 00000000 ____D () C:\Users\Marie-Sophie\AppData\Roaming\Skype 2014-08-12 11:40 - 2014-07-17 21:26 - 00000000 ____D () C:\Program Files\Opera 2014-08-12 11:37 - 2010-09-01 12:44 - 00082968 _____ () C:\Users\Marie-Sophie\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-10 22:52 - 2014-08-10 22:52 - 00002904 _____ () C:\Users\Rainer\Downloads\Gmer.txt 2014-08-10 22:22 - 2010-11-14 21:59 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Skype 2014-08-10 22:13 - 2014-08-10 22:13 - 00380416 _____ () C:\Users\Rainer\Downloads\Gmer-19357.exe 2014-08-10 22:12 - 2014-08-10 22:09 - 00053977 _____ () C:\Users\Rainer\Downloads\Addition.txt 2014-08-10 22:02 - 2014-08-10 22:02 - 01091072 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe 2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log 2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable 2014-08-10 22:01 - 2010-08-29 23:01 - 00000000 ____D () C:\Users\Rainer 2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe 2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls 2014-08-04 23:44 - 2014-04-28 22:25 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-04 23:42 - 2010-08-29 22:04 - 00082968 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-04 22:21 - 2011-11-20 21:37 - 00000020 ____H () C:\ProgramData\PKP_DLdw.DAT 2014-08-04 22:21 - 2011-11-20 21:35 - 00000020 ____H () C:\ProgramData\PKP_DLdu.DAT 2014-07-31 11:34 - 2011-11-26 10:09 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype 2014-07-31 11:29 - 2014-05-07 23:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-30 15:24 - 2014-07-30 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-26 11:47 - 2014-07-26 11:46 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif 2014-07-26 11:45 - 2014-07-26 11:44 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif 2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif 2014-07-26 11:44 - 2014-07-26 11:43 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif 2014-07-25 21:50 - 2011-12-15 01:57 - 00000000 ____D () C:\Program Files\Common Files\Mcafee 2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif 2014-07-25 12:55 - 2014-08-15 21:36 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-25 12:49 - 2014-08-15 21:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-25 12:49 - 2014-08-15 21:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-25 12:49 - 2014-08-15 21:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-25 06:26 - 2014-08-14 09:06 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-07-25 04:53 - 2014-08-14 09:06 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-24 23:33 - 2014-08-14 09:07 - 11083264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 06024192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-24 23:33 - 2014-08-14 09:07 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-07-24 21:56 - 2014-08-14 09:07 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-07-24 21:49 - 2014-08-14 09:07 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-24 21:49 - 2014-08-14 09:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-24 21:48 - 2014-08-14 09:07 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-24 21:48 - 2014-08-14 09:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-07-23 09:38 - 2011-08-09 23:12 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-21 00:27 - 2014-07-17 23:03 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel 2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-20 18:54 - 2010-09-18 16:08 - 00082968 _____ () C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software 2014-07-18 20:52 - 2010-08-30 08:29 - 00082968 _____ () C:\Users\Conny\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-17 23:03 - 2014-07-17 23:02 - 00000000 ____D () C:\ProgramData\Protexis 2014-07-17 23:02 - 2014-07-17 22:52 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Corel 2014-07-17 23:02 - 2010-08-29 22:27 - 00082968 _____ () C:\Users\Rainer-User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-17 22:58 - 2014-07-17 21:25 - 875606016 _____ (Acresso Software Inc. ) C:\Users\Rainer\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE [1].exe 2014-07-17 21:51 - 2014-07-17 21:27 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5 2014-07-17 21:48 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2014-07-17 21:48 - 2009-06-09 11:35 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Visual Studio 2008 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Corel 2014-07-17 21:44 - 2014-07-17 21:44 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Microsoft Help 2014-07-17 21:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-07-17 21:42 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs 2014-07-17 21:38 - 2014-07-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Corel 2014-07-17 21:38 - 2014-07-17 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Corel 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Common Files\Protexis 2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Program Files\Corel 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Opera Software 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Opera Software 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00002181 _____ () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00002151 _____ () C:\Users\Rainer\Desktop\Search.lnk 2014-07-17 21:17 - 2014-07-17 21:15 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7 2014-07-17 21:14 - 2014-07-17 21:12 - 489408088 _____ (Acresso Software Inc. ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE32Bit.exe Some content of TEMP: ==================== C:\Users\Rainer\AppData\Local\temp\APNSetup.exe C:\Users\Rainer\AppData\Local\temp\AudibleDM_iTunesSetup(2).exe C:\Users\Rainer\AppData\Local\temp\g2bacafe.dll C:\Users\Rainer\AppData\Local\temp\h-dwhgph.dll C:\Users\Rainer\AppData\Local\temp\ivy7kdfr.dll C:\Users\Rainer\AppData\Local\temp\j6prhjk4.dll C:\Users\Rainer\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe C:\Users\Rainer\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe C:\Users\Rainer\AppData\Local\temp\mebma8zd.dll C:\Users\Rainer\AppData\Local\temp\qivaiijj.dll C:\Users\Rainer\AppData\Local\temp\Quarantine.exe C:\Users\Rainer\AppData\Local\temp\ww_8aipr.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-15 21:32 ==================== End Of Log ============================ --- --- --- Ist jetzt alles sauber? Grüße, und vielen herzlichen Dank für Deine Hilfe Rainer Geändert von Romanos (15.08.2014 um 20:56 Uhr) |
|
15.08.2014, 23:08
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. 
__________________ --> Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download |
|
17.08.2014, 21:02
| #7 |
| | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Hallo Cosinus, Achtung: ich habe die letzten Tage meine Festplatten defragmentiert, und danach hat Malwarebyte gemeint, es habe neue Dinge entdeckt, die es zu verbessern gäbe (:-)). Ergebnis: Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?>
- <logs>
<record severity="debug" LoggingEventType="1" datetime="2014-08-17T13:22:37.763374+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="RAINER-PC" fromVersion="2014.8.15.1" last_modified_tag="6196fa69-2411-45fe-9080-eba453578fd4" name="Rootkit Database" toVersion="2014.8.16.1" />
<record severity="debug" LoggingEventType="1" datetime="2014-08-17T13:22:40.584374+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="RAINER-PC" fromVersion="2014.8.16.6" last_modified_tag="84ae2a20-2e01-4a61-8d99-e0f0eb0bd4d2" name="Malware Database" toVersion="2014.8.17.1" />
<record severity="debug" LoggingEventType="1" datetime="2014-08-17T15:53:24.575879+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="RAINER-PC" fromVersion="2014.8.17.1" last_modified_tag="63e012a4-e4b9-4ba0-b27b-0448371e746f" name="Malware Database" toVersion="2014.8.17.3" />
<record severity="debug" LoggingEventType="1" datetime="2014-08-17T20:57:56.406355+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="RAINER-PC" fromVersion="2014.8.17.3" last_modified_tag="299d3c46-df9e-4656-abc5-fa1345b72398" name="Malware Database" toVersion="2014.8.17.5" />
</logs>
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-08-2014 03
Ran by Rainer at 2014-08-17 22:05:49
Running from c:\Users\Rainer\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoBase 3 (HKLM\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version: - )
ArcSoft PhotoStudio 5 (HKLM\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version: - )
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{4324E4DD-C67C-A413-5C12-5DC694A99AF6}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Guard (HKLM\...\Browser Guard) (Version: - )
Caminos neu A1 Vokabeltrainer (HKLM\...\de.klett.vokabeltrainer.caminosneua1.CE0E3A60A72FE7E3EB57F417A8115A03D988FEF4.1) (Version: 1.1 - Ernst Klett Sprachen GmbH)
Caminos neu A1 Vokabeltrainer (Version: 1.1 - Ernst Klett Sprachen GmbH) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0421.2132.36832 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0421.2132.36832 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Czech (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Danish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Dutch (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help English (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Finnish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help French (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help German (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Greek (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Italian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Japanese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Korean (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Polish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Russian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Spanish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Swedish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Thai (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Turkish (Version: 2009.0421.2131.36832 - ATI) Hidden
ccc-core-static (Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0421.2132.36832 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
dm Digi Foto (HKLM\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Dr Kawashima (HKCU\...\DrKawashima) (Version: 1.0 - )
EG21 Vokabelkartei interaktiv 3 (HKLM\...\{D14B5875-A7FB-4169-BE5B-C9003A5C71AC}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular 12.3.2.6814k) (Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
F-Editor (HKLM\...\{2A8AEFF7-E7DA-4440-979A-2AB137BE185C}_is1) (Version: 1.03 - Technische Alternative)
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.0 - Nikon)
FOTOParadies (HKLM\...\{1CEA14B0-9E95-43FC-8D79-C81D20052375}}_is1) (Version: 3.1.10.253 - Foto Online Service GmbH)
FOTOParadies (HKLM\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.1 - Foto Online Service GmbH)
Free Audio CD Burner version 1.4 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.)
FTDI FTD2XX USB Drivers (HKLM\...\FTD2XX) (Version: - )
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Haufe iDesk-Browser (HKLM\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM\...\{27F10580-E040-11DF-8C28-005056B12123}) (Version: 10.10.25.7810 - Haufe)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP OrderReminder (HKLM\...\HP OrderReminder) (Version: 2.1 - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
International Karting - from Midas (HKLM\...\International Karting - from Midas) (Version: - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Klett Lernsoftware Mathematik - Lambacher Schweizer (2. Lernjah (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schwei~B0BDFB6A_is1) (Version: - )
Klett Lernsoftware Mathematik - Lambacher Schweizer (4. Lernjah (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schwei~F7563B51_is1) (Version: - )
LaserJet 1018 (HKLM\...\HP-LaserJet 1018) (Version: - )
LCN-PRO 3 (HKLM\...\{5037D595-CA93-4463-7F05-4416F53D0C7D}) (Version: - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
LEGO® Der Herr der Ringe™ (HKLM\...\{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Manual CanoScan 5000,5000F,8000F (HKLM\...\{D9261CAB-3E1D-423C-9DD6-2001056DA292}) (Version: - )
McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: - )
Meine Tierarztpraxis in Australien (Nur Entfernen) (HKLM\...\Meine Tierarztpraxis in Australien) (Version: - )
Memory Manager 2.08 (HKLM\...\Memory Manager_is1) (Version: 2.08 - Technische Alternative GmbH)
metaCrawler (HKLM\...\metaCrawler) (Version: - metaCrawler) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Motocross Madness 2 (HKLM\...\Motocross Madness 2) (Version: - )
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.65 (HKLM\...\myphotobook) (Version: 3.65 - myphotobook)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon RAW Codec (HKLM\...\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}) (Version: 1.00.0000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.4.0 - Nikon)
Opera Stable 23.0.1522.75 (HKLM\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.5 - Nikon)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
Presto! PageManager 6 (HKLM\...\{580183A6-FF92-11D5-9294-0050BA073EEC}) (Version: - )
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0003 - Realtek)
RegUse (HKLM\...\RegUse) (Version: 1.0.3.2 - Honlyn (Macao Commercial Offshore) Limited)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeFinder Smartbar (HKLM\...\{877D0E59-6CBD-43C6-966F-1F4BA343AEEC}) (Version: 11.75.72.18057 - Linkury Ltd.) <==== ATTENTION
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: - )
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skins (Version: 2009.0421.2132.36832 - ATI) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spielefieber Braingames für Vista (HKLM\...\Spielefieber Braingames für Vista) (Version: - KlickMedia)
Star Stable 4 (HKLM\...\{A8522694-A08C-4844-872B-F69A175EF59C}) (Version: 1.00.0000 - Stabenfeldt)
Star Wars Empire at War (HKLM\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Steuer-Hilfesammlung 2010 (HKLM\...\{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG)
Steuer-Sparer 2012 (HKLM\...\{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Sparer 2013 (HKLM\...\{0B914F2C-6CC2-4328-B84E-411A81B50FA4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
sweet-page uninstall (HKLM\...\sweet-page uninstall) (Version: - sweet-page) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
TAPPS 1.29 DE (HKLM\...\TAPPS DE_is1) (Version: 1.29 - Technische Alternative GmbH)
TFD128 1.00 (HKLM\...\TFD_Deploy_0) (Version: - )
TOSHIBA Accessibility (HKLM\...\InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}) (Version: 1.62.0.6C - TOSHIBA)
TOSHIBA Accessibility (Version: 1.62.0.6C - TOSHIBA) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Controls Driver (Version: 2.62.0.1C - TOSHIBA) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.3.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.0.3.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.1 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.0.0.1 - TOSHIBA Corporation) Hidden
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (Version: 1.00.0017 - TOSHIBA) Hidden
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisor Password (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA) Hidden
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.171 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.171 - TuneUp Software) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - )
Utility Common Driver (Version: 1.0.50.24C - TOSHIBA) Hidden
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.3.0 - Nikon)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VoiceTracer (HKLM\...\{54A13435-82CF-11D6-B859-C6D4DE0EF860}) (Version: 1.95 - )
Vokabelkartei interaktiv À plus! 2 (HKLM\...\{08DBA737-EAD2-4DDA-A48B-E7A8AEC45BD8}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Vokabelkartei interaktiv À plus! 4 (HKLM\...\{4D230951-6E24-4588-8B8C-D78E06F10A1C}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Wildlife Park 2 Familien Edition (HKLM\...\{740B51D7-C903-4536-9530-B6304C937F51}) (Version: 2.00 - Deep Silver)
Wildlife Park 2 Horses (HKLM\...\{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}) (Version: 2.00 - Deep Silver)
Wildlife Park 3 v1.0 (HKLM\...\Wildlife Park 3_is1) (Version: - bitComposer Games)
WildTangent-Spiele (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Winsol 2.00 (HKLM\...\Winsol_is1) (Version: 2.00 - Technische Alternative GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2014-04-27 14:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {15B72F65-D23D-463C-A89C-D302BECADA67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.)
Task: {1AFDE751-66A1-420C-BAED-2F748CD6E04D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23E19204-A4C0-4FE1-B046-07C8C569482F} - System32\Tasks\{14AD0C82-FB85-4C18-8A14-04D561BC579D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {2E4B6627-FA39-47F7-986F-BC68B44C2A1A} - System32\Tasks\Opera scheduled Autoupdate 1405625202 => C:\Program Files\Opera\launcher.exe [2014-08-08] (Opera Software)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {34DF98C5-A9D6-47F6-8294-54CAA3D1CB3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {39D70AAE-4BA4-4E66-8AEC-5ADF274EE5AE} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {57FB448F-C823-41DB-B91A-1C0586C1CDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {6669A209-B771-4A2B-B9C7-B8070FEE4E1A} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG)
Task: {73D58360-79E6-4978-83D3-4FF2663087E5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {81D6AAFD-88F3-4289-B3AA-74297386338D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Conny => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {9B8B1DD8-E318-48DB-BE03-A5E343B59A6B} - System32\Tasks\{FFCD702D-C383-483E-9222-78453479684B} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {BBCEF35F-709C-41BA-8461-A10BF63007AF} - System32\Tasks\{28CC4EDD-F8B3-4A32-AE6A-97AA732C005D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {D21B4A59-B972-4028-9D35-A15048FBBD99} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F851638C-3015-4550-B49A-5F3C8A042324} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {FA228AC1-CD41-427F-BE9E-59DBF4D1E3D2} - System32\Tasks\{443024A5-EF36-4634-ADDC-CA05EF656195} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?page=tsProgressBar
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-24 12:39 - 2009-04-24 12:39 - 00516096 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2008-02-24 09:49 - 2009-04-21 23:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-01-30 22:11 - 2009-01-30 22:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
1997-09-04 00:00 - 1997-09-04 00:00 - 03782416 _____ () C:\Program Files\Microsoft Office\Office\MSO97.DLL
2008-02-24 09:50 - 2008-02-24 09:50 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-01-30 11:41 - 2009-01-30 11:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2008-02-24 09:50 - 2008-02-24 09:50 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-30 15:23 - 2014-07-30 15:24 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HRService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SXDS10 => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winsol_Autostart.lnk => C:\Windows\pss\Winsol_Autostart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Rainer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: cfFncEnabler.exe => "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
MSCONFIG\startupreg: NDSTray.exe => "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TPCHWMsg => %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/17/2014 09:52:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/17/2014 08:46:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_179.exe, Version 14.0.0.179, Zeitstempel 0x53dc28d1, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6d7f4618,
Prozess-ID 0x16f8, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_179.exe0.
Error: (08/17/2014 08:45:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_179.exe, Version 14.0.0.179, Zeitstempel 0x53dc28d1, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6d7f4618,
Prozess-ID 0x530, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_179.exe0.
Error: (08/17/2014 08:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_179.exe, Version 14.0.0.179, Zeitstempel 0x53dc28d1, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6d7f4618,
Prozess-ID 0x12d8, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_179.exe0.
Error: (08/17/2014 08:45:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_179.exe, Version 14.0.0.179, Zeitstempel 0x53dc28d1, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6d7f4618,
Prozess-ID 0x14dc, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_179.exe0.
Error: (08/17/2014 08:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_179.exe, Version 14.0.0.179, Zeitstempel 0x53dc28d1, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6d7f4618,
Prozess-ID 0x150c, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_179.exe0.
Error: (08/17/2014 08:19:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/17/2014 02:47:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CONNY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (08/17/2014 02:47:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CONNY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (08/17/2014 02:47:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CONNY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (08/17/2014 09:52:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (08/17/2014 09:52:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: WindowsMangerProtect Service%%3
Error: (08/17/2014 09:50:46 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402
Error: (08/17/2014 08:23:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (08/17/2014 08:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (08/17/2014 08:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: WindowsMangerProtect Service%%3
Error: (08/17/2014 08:18:03 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (08/17/2014 08:17:56 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402
Error: (08/17/2014 02:42:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (08/17/2014 02:42:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: WindowsMangerProtect Service%%3
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-08-17 13:30:05.967
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-17 13:30:04.686
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-17 13:30:03.357
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-17 13:30:01.957
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-17 13:30:00.095
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-17 13:29:58.693
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-17 13:29:57.353
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-17 13:29:56.004
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-16 13:40:23.962
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-16 13:40:23.294
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 46%
Total physical RAM: 3035.93 MB
Available physical RAM: 1637.64 MB
Total Pagefile: 6276.09 MB
Available Pagefile: 4859.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.64 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:37.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:184.84 GB) (Free:108.41 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 372.6 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=184.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 03 Ran by Rainer (administrator) on RAINER-PC on 17-08-2014 22:04:08 Running from c:\Users\Rainer\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut-Leiste.lnk ShortcutTarget: Microsoft Office Shortcut-Leiste.lnk -> C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft-Indexerstellung.lnk ShortcutTarget: Microsoft-Indexerstellung.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation) Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: haufereader - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default FF NewTab: chrome://quick_start/content/index.html FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: SafeFinder Smartbar - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\{72d7ceec-c464-5081-0713-43871ac8b749} [2014-07-17] FF Extension: Ghostery - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\firefox@ghostery.com.xpi [2014-08-15] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-12-15] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-12-15] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx [] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-15] CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-02-11] (WildTangent, Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 HRService; C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2010-10-25] () S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-06] (soft Xpansion) R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed] R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation) S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software) S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH) R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH) R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.) S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [29292 2004-10-15] (FTDI Ltd.) [File not signed] S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2011-01-24] (FTDI Ltd.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-17] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.) R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.) R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider) S3 SAFAUSB; C:\Windows\System32\Drivers\VocTrace.sys [16035 2003-12-19] (Windows (R) 2000 DDK provider) S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software) R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-21] (TOSHIBA Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X] S3 catchme; \??\C:\Users\Rainer\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-17 22:03 - 2014-08-17 22:03 - 00000000 ____D () C:\Users\Rainer\Downloads\FRST-OlderVersion 2014-08-17 21:56 - 2014-08-17 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-15 23:20 - 2014-08-15 23:20 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-08-15 21:48 - 2014-08-15 21:48 - 00000870 _____ () C:\Users\Rainer\Desktop\JRT.txt 2014-08-15 21:39 - 2014-08-15 21:39 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(2).exe 2014-08-15 21:38 - 2014-08-15 21:38 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(1).exe 2014-08-15 21:37 - 2014-08-15 21:37 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-15 21:36 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-15 21:36 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-15 21:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-15 21:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-15 21:34 - 2014-08-15 21:36 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-08-15 21:09 - 2014-08-15 21:09 - 01356107 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.305.exe 2014-08-15 21:09 - 2014-08-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-15 10:16 - 2014-08-15 10:16 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml 2014-08-15 09:29 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-15 09:29 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-15 09:29 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-15 09:29 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-14 09:07 - 2014-07-24 23:33 - 11083264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 06024192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-14 09:07 - 2014-07-24 23:33 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-14 09:07 - 2014-07-24 23:33 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-08-14 09:07 - 2014-07-24 21:56 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-14 09:07 - 2014-07-24 21:49 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-14 09:07 - 2014-07-24 21:49 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-14 09:07 - 2014-07-24 21:48 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-14 09:07 - 2014-07-24 21:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-14 09:07 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-14 09:07 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-14 09:07 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-14 09:07 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-14 09:07 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-14 09:07 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-14 09:07 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-08-14 09:07 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-14 09:06 - 2014-07-25 06:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-14 09:06 - 2014-07-25 04:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-10 22:52 - 2014-08-10 22:52 - 00002904 _____ () C:\Users\Rainer\Downloads\Gmer.txt 2014-08-10 22:13 - 2014-08-10 22:13 - 00380416 _____ () C:\Users\Rainer\Downloads\Gmer-19357.exe 2014-08-10 22:09 - 2014-08-10 22:12 - 00053977 _____ () C:\Users\Rainer\Downloads\Addition.txt 2014-08-10 22:03 - 2014-08-17 22:04 - 00021391 _____ () C:\Users\Rainer\Downloads\FRST.txt 2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log 2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable 2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe 2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls 2014-07-30 15:23 - 2014-07-30 15:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-26 11:46 - 2014-07-26 11:47 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif 2014-07-26 11:44 - 2014-07-26 11:45 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif 2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif 2014-07-26 11:43 - 2014-07-26 11:44 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif 2014-07-23 09:38 - 2014-08-15 21:09 - 00000000 ____D () C:\Program Files\iTunes 2014-07-23 09:38 - 2014-08-15 21:08 - 00000000 ____D () C:\Program Files\iPod 2014-07-23 09:38 - 2014-08-15 21:04 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-17 22:04 - 2014-08-10 22:03 - 00021391 _____ () C:\Users\Rainer\Downloads\FRST.txt 2014-08-17 22:04 - 2013-11-11 00:10 - 00000000 ____D () C:\FRST 2014-08-17 22:03 - 2014-08-17 22:03 - 00000000 ____D () C:\Users\Rainer\Downloads\FRST-OlderVersion 2014-08-17 22:03 - 2014-04-29 00:09 - 01093632 _____ (Farbar) C:\Users\Rainer\Downloads\FRST.exe 2014-08-17 21:56 - 2014-08-17 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-17 21:56 - 2014-04-28 22:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-17 21:56 - 2013-02-20 08:55 - 00001756 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-08-17 21:54 - 2008-02-24 09:46 - 01277335 _____ () C:\Windows\WindowsUpdate.log 2014-08-17 21:51 - 2014-06-22 14:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job 2014-08-17 21:50 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-17 21:50 - 2006-11-02 14:47 - 00323320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-17 21:50 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-17 21:50 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-17 20:58 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-17 20:38 - 2012-04-04 21:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-17 20:34 - 2011-09-26 23:43 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-17 20:21 - 2011-11-26 10:09 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype 2014-08-17 20:20 - 2011-12-02 22:18 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-08-17 14:46 - 2010-11-17 08:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Skype 2014-08-17 13:07 - 2011-11-24 17:13 - 00000000 ____D () C:\Users\Marie-Sophie\AppData\Roaming\Skype 2014-08-17 13:04 - 2008-01-21 04:47 - 00974680 _____ () C:\Windows\PFRO.log 2014-08-16 00:36 - 2011-09-25 08:05 - 00000000 ____D () C:\Windows\Minidump 2014-08-15 23:20 - 2014-08-15 23:20 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-08-15 23:20 - 2010-11-14 21:59 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Skype 2014-08-15 23:20 - 2010-11-14 21:59 - 00000000 ____D () C:\ProgramData\Skype 2014-08-15 21:48 - 2014-08-15 21:48 - 00000870 _____ () C:\Users\Rainer\Desktop\JRT.txt 2014-08-15 21:39 - 2014-08-15 21:39 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(2).exe 2014-08-15 21:38 - 2014-08-15 21:38 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(1).exe 2014-08-15 21:37 - 2014-08-15 21:37 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-15 21:36 - 2014-08-15 21:34 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-08-15 21:36 - 2009-06-09 11:10 - 00000000 ____D () C:\Program Files\Java 2014-08-15 21:30 - 2012-04-04 21:24 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-15 21:30 - 2011-06-01 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-15 21:22 - 2013-10-07 23:17 - 00000000 ____D () C:\AdwCleaner 2014-08-15 21:17 - 2006-11-02 12:23 - 00000462 _____ () C:\Windows\win.ini 2014-08-15 21:16 - 2014-07-17 22:57 - 00000000 ____D () C:\Program Files\Deal Keeper 2014-08-15 21:09 - 2014-08-15 21:09 - 01356107 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.305.exe 2014-08-15 21:09 - 2014-08-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-15 21:09 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iTunes 2014-08-15 21:08 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iPod 2014-08-15 21:04 - 2014-07-23 09:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-08-15 10:30 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2014-08-15 10:27 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-15 10:18 - 2008-01-21 09:16 - 01626604 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-15 10:16 - 2014-08-15 10:16 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml 2014-08-15 10:06 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-08-15 09:54 - 2013-08-07 12:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-15 09:34 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-08-12 11:40 - 2014-07-17 21:26 - 00000000 ____D () C:\Program Files\Opera 2014-08-12 11:37 - 2010-09-01 12:44 - 00082968 _____ () C:\Users\Marie-Sophie\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-10 22:52 - 2014-08-10 22:52 - 00002904 _____ () C:\Users\Rainer\Downloads\Gmer.txt 2014-08-10 22:13 - 2014-08-10 22:13 - 00380416 _____ () C:\Users\Rainer\Downloads\Gmer-19357.exe 2014-08-10 22:12 - 2014-08-10 22:09 - 00053977 _____ () C:\Users\Rainer\Downloads\Addition.txt 2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log 2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable 2014-08-10 22:01 - 2010-08-29 23:01 - 00000000 ____D () C:\Users\Rainer 2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe 2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls 2014-08-04 23:44 - 2014-04-28 22:25 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-04 23:42 - 2010-08-29 22:04 - 00082968 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-04 22:21 - 2011-11-20 21:37 - 00000020 ____H () C:\ProgramData\PKP_DLdw.DAT 2014-08-04 22:21 - 2011-11-20 21:35 - 00000020 ____H () C:\ProgramData\PKP_DLdu.DAT 2014-07-31 11:29 - 2014-05-07 23:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-30 15:24 - 2014-07-30 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-26 11:47 - 2014-07-26 11:46 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif 2014-07-26 11:45 - 2014-07-26 11:44 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif 2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif 2014-07-26 11:44 - 2014-07-26 11:43 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif 2014-07-25 21:50 - 2011-12-15 01:57 - 00000000 ____D () C:\Program Files\Common Files\Mcafee 2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif 2014-07-25 12:55 - 2014-08-15 21:36 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-25 12:49 - 2014-08-15 21:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-25 12:49 - 2014-08-15 21:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-25 12:49 - 2014-08-15 21:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-25 06:26 - 2014-08-14 09:06 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-07-25 04:53 - 2014-08-14 09:06 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-24 23:33 - 2014-08-14 09:07 - 11083264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 06024192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-24 23:33 - 2014-08-14 09:07 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-24 23:33 - 2014-08-14 09:07 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-07-24 21:56 - 2014-08-14 09:07 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-07-24 21:49 - 2014-08-14 09:07 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-24 21:49 - 2014-08-14 09:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-24 21:48 - 2014-08-14 09:07 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-24 21:48 - 2014-08-14 09:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-07-23 09:38 - 2011-08-09 23:12 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-21 00:27 - 2014-07-17 23:03 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel 2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-20 18:54 - 2010-09-18 16:08 - 00082968 _____ () C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software 2014-07-18 20:52 - 2010-08-30 08:29 - 00082968 _____ () C:\Users\Conny\AppData\Local\GDIPFONTCACHEV1.DAT ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-17 21:56 ==================== End Of Log ============================ Ist der Rechner jetzt sauber? Noch was ist mir aufgefallen: MALWAREBYTE hat sein file als XML-Dokument gespeichert, beim Öffnen hat sich daraufhin der WIN-EXPLORER geöffnet, und der hat mir einen Warnhinweis geschickt, daß ein fremdes Programm die Starteinstellungen geändert habe, und EXPLORER habe dies verhindert. Viele Grüße und vielen herzlichen Dank für Deine Hilfe. Rainer Geändert von Romanos (17.08.2014 um 21:19 Uhr) |
|
17.08.2014, 21:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Defrag hat rein garnix mit Malwareerkennung zu tun. Ich warte immer noch auf das neue Addition.txt Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2014, 21:29
| #9 |
| | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Hallo Cosinus, das habe ich doch als zweites file in meine letzte Antwort hinzugefügt  War das was falsches? Grüße Rainer |
|
17.08.2014, 21:46
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml
CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx []
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15]
C:\Program Files\Browser Guard
C:\Program Files\HomeTab
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2014, 23:03
| #11 |
| | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Hallo Cosinus, ... ok: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-08-2014 03
Ran by Rainer at 2014-08-18 00:01:09 Run:2
Running from c:\Users\Rainer\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml
CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx []
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15]
C:\Program Files\Browser Guard
C:\Program Files\HomeTab
*****************
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bddpogknpjlgfpbboediomaiiaecfajn" => Key deleted successfully.
"C:\Program Files\HomeTab\chrome\HomeTab.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\kfepagcelbegkpkcjgfeecmlnmkedjin" => Key deleted successfully.
"C:\Program Files\Browser Guard\browserguard.crx" => File/Directory not found.
"C:\Program Files\Browser Guard" => File/Directory not found.
"C:\Program Files\HomeTab" => File/Directory not found.
==== End of Fixlog ====
Rainer |
|
17.08.2014, 23:28
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2014, 21:56
| #13 |
| | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Hallo Cosinus, hier mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.08.2014 Suchlauf-Zeit: 21:39:23 Logdatei: Administrator: Nein Version: 2.00.2.1012 Malware Datenbank: v2014.08.18.09 Rootkit Datenbank: v2014.08.16.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Rainer-User Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 350521 Verstrichene Zeit: 13 Min, 40 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\Deal Keeper, Löschen bei Neustart, [32df33959edd64d270b78364bc4645bb], Registrierungswerte: 1 PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1381094394899&tguid=66920-6787-1381094394899-AF07B6AD22DF51CE02B3D1B428BA0F24&q=%s, Löschen bei Neustart, [fa17e9df5526290d1bc8ac41956d9070] Registrierungsdaten: 1 PUP.Optional.SafeFinder.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}),Löschen bei Neustart,[c34e3a8e0d6e74c2346412b826deb34d] Ordner: 0 (No malicious items detected) Dateien: 12 PUP.Optional.SmartBar, C:\Windows\Installer\16f349.msi, Löschen bei Neustart, [29e8c3050d6eb284b78fd8569769e020], PUP.Optional.SafeFinder.A, C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\searchplugins\SafeFinder Search.xml, Löschen bei Neustart, [6da4c008eb90d660ebc9e3fdbd45f60a], PUP.Optional.SafeFinder.A, C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\searchplugins\SafeFinder Search.xml, Löschen bei Neustart, [db36fbcd9fdcfe3872423fa12fd3f709], PUP.Optional.HomeTab.A, c:\Windows\System32\Tasks\browser updater, Löschen bei Neustart, [57ba7b4d700b270f1f7df4f825dd3fc1], PUP.Optional.SafeFinder.A, C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLhEp2_hNugXObfirxBr1d1ge_nnAo8Ty_j-HcUT5JZxni7GS4_nN1zieGv6JVnk7VIeMgR0q-P9z7IVfnnt0Og,,");), Entfernung fehlgeschlagen,[2be606c28eedea4cb2db27de34d1b34d] PUP.Optional.SafeFinder.A, C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLhcoVNGd0ftxUi4j2AO7hJN0DRWRoBFUjrMFw8_5xjaFphdr5FJozVxiSsrQeLB0bIa91kp5kNR7umA_W843vg,,");), Entfernung fehlgeschlagen,[63aee9dfe29980b6018d52b380856799] PUP.Optional.SafeFinder.A, C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q=");), Entfernung fehlgeschlagen,[947d1dabd4a7082eccc38e77b055ab55] PUP.Optional.SafeFinder.A, C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLhEp2_hNugXObfirxBr1d1ge_nnAo8Ty_j-HcUT5JZxni7GS4_nN1zieGv6JVnk7VIeMgR0q-P9z7IVfnnt0Og,,");), Entfernung fehlgeschlagen,[5eb380486e0d2c0ad7b60afbde278f71] PUP.Optional.SafeFinder.A, C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLhcoVNGd0ftxUi4j2AO7hJN0DRWRoBFUjrMFw8_5xjaFphdr5FJozVxiSsrQeLB0bIa91kp5kNR7umA_W843vg,,");), Entfernung fehlgeschlagen,[ec258741463542f43c523fc6d92c0af6] PUP.Optional.SafeFinder.A, C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q=");), Entfernung fehlgeschlagen,[0b06d7f17506fb3b5f3048bd4eb7a65a] PUP.Optional.SafeFinder.A, C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q=");), Entfernung fehlgeschlagen,[918014b48bf09a9c652a759029dc4bb5] PUP.Optional.QuickStart.A, C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Entfernung fehlgeschlagen,[c24f5276adcebc7aa9eaac5961a4629e] Physische Sektoren: 0 (No malicious items detected) (end) das ESET Programm läuft gerade, ... warum ich die Bedrohungen nicht entfernen soll, verstehe ich nicht recht, ... es scheint mir, daß der Rechner noch die ganze Zeit damit zu tun hat, ... ich poste das dann später, ja? Grüße Romanos |
|
18.08.2014, 23:37
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Zum Scan den wir aufgeben brauchst du keine Softwarelizenzen zu kaufen Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.08.2014, 07:35
| #15 |
| | Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Hallo Cosinus, hier Teil 2, ESET: C:\Programme\Eset\EsetOnlineScanner\log.txt: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0c3c12671b349a44a6b04c72e8bf3b5c
# engine=19718
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-19 05:59:42
# local_time=2014-08-19 07:59:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 100 100 2073873 94846597 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 83104 245960709 0 0
# scanned=1179588
# found=349
# cleaned=0
# scan_time=34611
sh=7E0CDD6AE0E47C45992BEE330DB97DD842A90DE5 ft=1 fh=5fa355266699fe94 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\GenericAskToolbar.dll.vir"
sh=0BB64F54CAA8A47889A19FC122706A789656E0AA ft=1 fh=96ba92304b133aaf vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\precache.exe.vir"
sh=C6BFD87DFA88D2079A16DC77887D9A4CC133B274 ft=1 fh=8e4a37a044b6b1cc vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\SaUpdate.exe.vir"
sh=C2EAFF8EE17CAA897838770F3344B4822A587CBF ft=1 fh=e234678fdc8a8642 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\UpdateTask.exe.vir"
sh=51E5F9D19ED3EC2EEFCB4BF3B2105A464BEC2D4A ft=1 fh=6931b7fb73b262fc vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\Updater\Updater.exe.vir"
sh=6E31A6D60056AE0AA43DC0EF2501E0A83FF0C782 ft=1 fh=ec910ffbdbda110c vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngine.dll.vir"
sh=59DD5EE915CCCA98D1329605AD77B127B98893FE ft=1 fh=eb4cb7c197bff82c vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\DealKeeperUn.exe.vir"
sh=9E1FE41121F8E7BAEA352108420B53D04AC1B320 ft=1 fh=8168a9cff5679a6a vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\DealKeeperUninstall.exe.vir"
sh=016147552B73B0C35629533AB28CF138004241AD ft=1 fh=f50887e7fa60f0c2 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\updateDealKeeper.exe.vir"
sh=F62AAB033BDFA26DAA7D24C9F2F2E6805F6D9EC9 ft=1 fh=ba0a88b2634d5585 vn="Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\DealKeeperBAApp.dll.vir"
sh=016147552B73B0C35629533AB28CF138004241AD ft=1 fh=f50887e7fa60f0c2 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\utilDealKeeper.exe.vir"
sh=F37EC95938B0636F85ED97DDF6BF84513988EBEB ft=1 fh=d41af64508c77e9b vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\{55dce8ba-9dec-4013-937e-adbf9317d990}.dll.vir"
sh=170E2E527537D8809934FBC7FBC1A2B86A76820F ft=1 fh=1871d3b7ca647c48 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.Bromon.dll.vir"
sh=88A7C46AF7FA6CB71E5CAC3B303DC5646EA42196 ft=1 fh=d4937639555307fb vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.BroStats.dll.vir"
sh=FAF16B66DB3D0A5FF26FBD632F94E7A57B056321 ft=1 fh=e55fa3e436817ab4 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.BrowserAdapter.dll.vir"
sh=43EF7F47578237FD717FBED0DFD2998763858047 ft=1 fh=c6a0b13f30eb7a42 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.BrowserAdapterS.dll.vir"
sh=4E898476840715216B199B76595010C3CDF4FE9A ft=1 fh=6cb10df9cd248cc9 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.CompatibilityChecker.dll.vir"
sh=09E71B4C36BAC173B063D88C3AFE49D141DBDB70 ft=1 fh=f1b6340f9ee3c645 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.FeSvc.dll.vir"
sh=5882D0ABAAB4A5487FC2DB7B13EBAD7318EC0C54 ft=1 fh=f1999664eccf318b vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.FFUpdate.dll.vir"
sh=E9399C2FC030B062B6DB28578CAA2BB9AE7B5EC1 ft=1 fh=a70719939dba606e vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.IEUpdate.dll.vir"
sh=998FEBA8B46DCA3EAC3FEE3528A0A19386002F85 ft=1 fh=5aa61d4f42aa1a5f vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.PurBrowse.dll.vir"
sh=6ACA208EFB74E1C10361E2A621FC8A7320DC5153 ft=1 fh=846de44f9831ddf1 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.PurBrowseG.dll.vir"
sh=EA7D526464C82551DBE57058EAD544A703409898 ft=1 fh=31515d7da495dc35 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.Repmon.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=9CF018684393E69865300D99624C931E872A9F7B ft=1 fh=b12e741996076995 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\lrrot.dll.vir"
sh=71F62255522F1F32BB5FF63B9AE8F7A84617B37B ft=1 fh=9716dd8dca1bb304 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Newtonsoft.Json.dll.vir"
sh=896771FB238679DDE1023EB8AFE287E7BC783E23 ft=1 fh=597c7428fcc19575 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Proxy.Lib.dll.vir"
sh=BD7AB5939C43A8BE1524B7FD78118DA81C4BCAE1 ft=1 fh=c88f82e57ccd8c61 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\ProxySettings.dll.vir"
sh=7A25525A155F22BF98F1E6E1D016A9812A117B18 ft=1 fh=b7fbaed19c0a7686 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Common.dll.vir"
sh=863FE39D295E1D7E96A7EE009B2C7456FED16449 ft=1 fh=18674c0a95b0173f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Communication.dll.vir"
sh=56BD28D693AD3BC8FA79C638DDC4121AE4DA6B55 ft=1 fh=940d9f22e74044fa vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=37587615A4500A9EECBE9FBDF7BFCE0CA6D02B48 ft=1 fh=34f33309d22a4aff vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=9B0F22B09A5ACDA53EDA76160013911918BC1486 ft=1 fh=01ec60b0a0ba7b18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A8DC29F034558D1C70383D7CD14375B0AED94A7E ft=1 fh=d7e44ab44ab7ff2e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Personalization.Common.dll.vir"
sh=7F2C55216BCA6940A351CDE50C911CF0B7651464 ft=1 fh=50fbeb6677732462 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=58F052110022BA25E5C9E869577B4305396228A9 ft=1 fh=3a0c3ae81814d05c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\sppsm.dll.vir"
sh=2927A2C78423767C3B96039927029E3A73B71BF5 ft=1 fh=46487f41c982834c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\spusm.dll.vir"
sh=6218EB794854535C2FD36020D96E77E8634A70FD ft=1 fh=0875018d2826076d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbs.dll.vir"
sh=3BBC4A354F9E2B3F9BC9301D1EF19D7F04E6E1C6 ft=1 fh=522df960df61867e vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbu.dll.vir"
sh=E9B6F5B64B77D49656BAA3217F0387A8945E4932 ft=1 fh=6eaebdec584573ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\sreu.dll.vir"
sh=7DF240F9FE38A5AD6FDC624FB022CEEF09CAE410 ft=1 fh=32dd00cb81e4e834 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srpdm.dll.vir"
sh=F5593CAA1EBF8D0B2BF25F36090487E49417D8AF ft=1 fh=03c41d3497d7f529 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srprl.dll.vir"
sh=A0A37F1C39EDAD40BB8EF1B0CDEB0E8BAB9BF441 ft=1 fh=84d285d19f31b8ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srpt.dll.vir"
sh=E4D8D4A8321C7B2585C1A8A6988676CD81EA0EBD ft=1 fh=5729fd530997fafe vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srptc.dll.vir"
sh=BD3C19B1522A7E341D4C6EB015D8A68F94F68B5C ft=1 fh=595fec7cd405d0d6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srut.dll.vir"
sh=C60A7F65B55FF089C5AB2EC2C6E9D6629314A9D8 ft=1 fh=c71c001174b731d0 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MetaCrawler\1.8.19.0\metacrawlerEng.dll.vir"
sh=B7132AC57753BA910A2A449B424D90F3DC26E25F ft=1 fh=c71c0011fec1b59e vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MetaCrawler\1.8.19.0\metacrawlersrv.exe.vir"
sh=CED05266ECDC6547AFB0B18E7AB4DBCCA5535FB9 ft=1 fh=2791e6518558f99b vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=1DBF1556C82A78CA45882E66DD83C0A977BF8D23 ft=1 fh=328989ef9803066c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=C5883F4245AE2C0515FB1D04A08FD82885B06398 ft=1 fh=8d649859311d4519 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"
sh=EA186A56E0445AF8E5F382F56F42F91682CFED3B ft=1 fh=875c743a5b727b00 vn="Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir"
sh=9E90A050EB0BB1CEAB5633BCE404E5D5BC307647 ft=1 fh=2563181150dc44ea vn="Win32/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"
sh=16CF5D6E11C0F55548A67B8B5D04FA3460C76A2D ft=1 fh=7418003a088e68c3 vn="Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"
sh=C03584BE4ED7835858158D1C38D6B08317E2FC82 ft=1 fh=a96a1125b953bd6a vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir"
sh=67642DACDC22ED45AF7947E4F47B1B8463E4162C ft=1 fh=b08cc40f36e9035a vn="Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir"
sh=9042385F0336C5429FCD45FC347CC29A9BC06BB0 ft=1 fh=a7a426d7c77c80fb vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=58082C6FD69B624C913A4F5B4F0E1641EAAB2C6F ft=1 fh=311ff3fd5f86bccf vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=9CA8EBFF024F34D076C7BFFF92B978D99251DC66 ft=1 fh=03cf8fdbea9a76d3 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Conny\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Felix\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Felix\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=ED655701B03936B871651E5770585386DDAAB078 ft=1 fh=3593d5f1ffbf9e69 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Felix\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Felix\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marie-Sophie\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marie-Sophie\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=9CF018684393E69865300D99624C931E872A9F7B ft=1 fh=b12e741996076995 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\lrrot.dll.vir"
sh=71F62255522F1F32BB5FF63B9AE8F7A84617B37B ft=1 fh=9716dd8dca1bb304 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Newtonsoft.Json.dll.vir"
sh=896771FB238679DDE1023EB8AFE287E7BC783E23 ft=1 fh=597c7428fcc19575 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Proxy.Lib.dll.vir"
sh=BD7AB5939C43A8BE1524B7FD78118DA81C4BCAE1 ft=1 fh=c88f82e57ccd8c61 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\ProxySettings.dll.vir"
sh=7E47A57ED8B727A31476E461735B6D4382F52FC2 ft=1 fh=aee3bc185f460d7d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Common.dll.vir"
sh=82D5BA9ED459A56889AB2F52A994E5D9A67280E6 ft=1 fh=1cc7a8b23dfb8150 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Communication.dll.vir"
sh=42DE5AC4ED9371EC4586F3707A9DBF08FEDE9F5F ft=1 fh=57f5791ff7e05ab3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=37587615A4500A9EECBE9FBDF7BFCE0CA6D02B48 ft=1 fh=34f33309d22a4aff vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=9B0F22B09A5ACDA53EDA76160013911918BC1486 ft=1 fh=01ec60b0a0ba7b18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A8DC29F034558D1C70383D7CD14375B0AED94A7E ft=1 fh=d7e44ab44ab7ff2e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Personalization.Common.dll.vir"
sh=7F2C55216BCA6940A351CDE50C911CF0B7651464 ft=1 fh=50fbeb6677732462 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=58F052110022BA25E5C9E869577B4305396228A9 ft=1 fh=3a0c3ae81814d05c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\sppsm.dll.vir"
sh=2927A2C78423767C3B96039927029E3A73B71BF5 ft=1 fh=46487f41c982834c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\spusm.dll.vir"
sh=6218EB794854535C2FD36020D96E77E8634A70FD ft=1 fh=0875018d2826076d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srbs.dll.vir"
sh=3BBC4A354F9E2B3F9BC9301D1EF19D7F04E6E1C6 ft=1 fh=522df960df61867e vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srbu.dll.vir"
sh=E9B6F5B64B77D49656BAA3217F0387A8945E4932 ft=1 fh=6eaebdec584573ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\sreu.dll.vir"
sh=7DF240F9FE38A5AD6FDC624FB022CEEF09CAE410 ft=1 fh=32dd00cb81e4e834 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srpdm.dll.vir"
sh=F5593CAA1EBF8D0B2BF25F36090487E49417D8AF ft=1 fh=03c41d3497d7f529 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srprl.dll.vir"
sh=A0A37F1C39EDAD40BB8EF1B0CDEB0E8BAB9BF441 ft=1 fh=84d285d19f31b8ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srpt.dll.vir"
sh=E4D8D4A8321C7B2585C1A8A6988676CD81EA0EBD ft=1 fh=5729fd530997fafe vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srptc.dll.vir"
sh=BD3C19B1522A7E341D4C6EB015D8A68F94F68B5C ft=1 fh=595fec7cd405d0d6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srut.dll.vir"
sh=4E5D92595443236644E528632B6699C8A7EBE8D5 ft=1 fh=1eb7510ee00f9c58 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll.vir"
sh=A55D4EA91A73476CFC39F9243AC27EC09E9C0F4D ft=1 fh=c54337ac7025bfe7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Interop.WMPLib.dll.vir"
sh=ED855898AD4B1A0517619E79885FD5D9759C3474 ft=1 fh=82dff98c028ea9bd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\lrcnt.dll.vir"
sh=9CF018684393E69865300D99624C931E872A9F7B ft=1 fh=b12e741996076995 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\lrrot.dll.vir"
sh=878A4617D726E071ABE4AF5DB1B4DA5957D1B16E ft=1 fh=d6fca51930e9dc58 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\MACTrackBarLib.dll.vir"
sh=6471E21EC42F3B4FF5477871DAF8418AD3507A6C ft=1 fh=6d68ef2b3a2291fd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\NDde.dll.vir"
sh=71F62255522F1F32BB5FF63B9AE8F7A84617B37B ft=1 fh=9716dd8dca1bb304 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Newtonsoft.Json.dll.vir"
sh=E9381BFA75212C12F3BDE68754A0B495D886AD41 ft=1 fh=4ba77598f07864e5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\PIFlagsManager.dll.vir"
sh=7D178D66ACCEC44EA92DDCBE65870F7274C79BB1 ft=1 fh=a1af8c319d24b6a5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\PILogger.dll.vir"
sh=6748E6203AEE40073ACE0F93A82D2657B9238608 ft=1 fh=b7c713bcf0a56eae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\PILogManager.dll.vir"
sh=896771FB238679DDE1023EB8AFE287E7BC783E23 ft=1 fh=597c7428fcc19575 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Proxy.Lib.dll.vir"
sh=BD7AB5939C43A8BE1524B7FD78118DA81C4BCAE1 ft=1 fh=c88f82e57ccd8c61 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\ProxySettings.dll.vir"
sh=21D908FA50C96DD091F51E08C3265726B04E01BB ft=1 fh=838329ef90e97a27 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sgml.dll.vir"
sh=F1528D4A05BEF26C2606D25B49188D2470D63438 ft=1 fh=58fe00ecdeeab471 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sgmu.dll.vir"
sh=A0D2F674357EDC8726D8F07076925EC5E381E724 ft=1 fh=07f2f155048055c9 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sidb.dll.vir"
sh=E7D1EDF68B80704460E90BCDD8D8F3B2439822CD ft=1 fh=c561291c53b1276d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\siem.dll.vir"
sh=5E839CD0FFACD4569708702BAE95819041E049A3 ft=1 fh=191560178ca36b9a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sipb.dll.vir"
sh=435F2D00B0365C1E1ADF690471C16985ED892DA9 ft=1 fh=445fd9948346c1a0 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sismlp.dll.vir"
sh=7E47A57ED8B727A31476E461735B6D4382F52FC2 ft=1 fh=aee3bc185f460d7d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Common.dll.vir"
sh=82D5BA9ED459A56889AB2F52A994E5D9A67280E6 ft=1 fh=1cc7a8b23dfb8150 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Communication.dll.vir"
sh=42DE5AC4ED9371EC4586F3707A9DBF08FEDE9F5F ft=1 fh=57f5791ff7e05ab3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Communication.NamedPipe.dll.vir"
sh=2904D7199A1567D28C7045CACDF3E50618EAFC51 ft=1 fh=6b291fa951dab9b6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir"
sh=EBE5900E2C2F82BB0AD455DF034D658016DDE774 ft=1 fh=e17f9ebc60461f4e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll.vir"
sh=6969CBC9D4F45BD6A52CA5FE737531FE0B86DD84 ft=1 fh=aa645310305a123c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir"
sh=F0EF421BB7C01DB13F8B0C74707F9CD831B7FEB2 ft=1 fh=a2d7d36dcaf29dce vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll.vir"
sh=A412FC8FF8700C198EB971D720B3DEB19F9D8258 ft=1 fh=fd562c508ad8db0f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=A8730785960F57126DE56B44DC9AEC6EF5AF869F ft=1 fh=df6562dfb6c60e8e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=3FDD76DF7F4C706455ACE776063134BEB204745A ft=1 fh=7f1e2b5f91faf715 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=3370FB9F2C83CBFD428D6AE58A68EC53C211C717 ft=1 fh=add2ba941aed0e75 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=37587615A4500A9EECBE9FBDF7BFCE0CA6D02B48 ft=1 fh=34f33309d22a4aff vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll.vir"
sh=9B0F22B09A5ACDA53EDA76160013911918BC1486 ft=1 fh=01ec60b0a0ba7b18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A8DC29F034558D1C70383D7CD14375B0AED94A7E ft=1 fh=d7e44ab44ab7ff2e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll.vir"
sh=7F2C55216BCA6940A351CDE50C911CF0B7651464 ft=1 fh=50fbeb6677732462 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=19FA34C3DF856B0A1C514D17E152E1ECE44A3764 ft=1 fh=4f8b99977320baf7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll.vir"
sh=8B04E5BDF0D7192B55C2CA8E409702A2C6F6167F ft=1 fh=bce0a968d3775b78 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll.vir"
sh=895AF5B66C0A8D2C8084DD0B9BCE3F940E65EBCB ft=1 fh=9b29fc376724d9fe vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll.vir"
sh=DE2B7F212165E3EE9BDCD389B017817929E52170 ft=1 fh=50f856c61d395278 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.Translations.dll.vir"
sh=B827BF672B0B58204F228D71BF81A5A9E154D3AD ft=1 fh=f478efe034b49c74 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=B827BF672B0B58204F228D71BF81A5A9E154D3AD ft=1 fh=f478efe034b49c74 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=A9451B3E09D7054FD33AEB8D967B68DEFF1F4A9C ft=1 fh=ba2aff9afb52849b vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=A9451B3E09D7054FD33AEB8D967B68DEFF1F4A9C ft=1 fh=ba2aff9afb52849b vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=9CADF895659371F2E3A946BAE3E4C2036F0D67C6 ft=1 fh=2b30f997065281d7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\smsp.dll.vir"
sh=62CD4B2693E21F15F28655778AC596903801A9D7 ft=1 fh=bcf91880b631dcf2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=29DFAAB6375D54EBB240D27E9B53E6B9D4D96D0F ft=1 fh=c4490daddc4e5410 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\smti.dll.vir"
sh=C880ECAB4D5D7D781C9B55A46D71A54B500724AB ft=1 fh=aaf5cca1ca842188 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=0A235F6957527BF97E97994C989FB499ED2AFB60 ft=1 fh=79739653ed904554 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=C73F41CF67F9F36B8873104573A9087D08470019 ft=1 fh=a9085c96aa7f9a4d vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=58F052110022BA25E5C9E869577B4305396228A9 ft=1 fh=3a0c3ae81814d05c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=771D9E380C97ABED3C294865A19629831EC976B4 ft=1 fh=3018766d6e6edcbf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\spsm.dll.vir"
sh=2927A2C78423767C3B96039927029E3A73B71BF5 ft=1 fh=46487f41c982834c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=4D7317B20576C5EBADD8DCDD6B759A0C56069945 ft=1 fh=8840b3fbb5ed21de vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srau.dll.vir"
sh=CEC509458B51EF2AE0C7A198778B897B7BF87394 ft=1 fh=5e4dcdd0e6ad900a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srbhu.dll.vir"
sh=6218EB794854535C2FD36020D96E77E8634A70FD ft=1 fh=0875018d2826076d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=3BBC4A354F9E2B3F9BC9301D1EF19D7F04E6E1C6 ft=1 fh=522df960df61867e vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=E9B6F5B64B77D49656BAA3217F0387A8945E4932 ft=1 fh=6eaebdec584573ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sreu.dll.vir"
sh=1508557D2782A75C925D674F99DDD9FC14516000 ft=1 fh=1b192f6bef5ecfda vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srgu.dll.vir"
sh=44BD5D02885387612AC91E2867633A4473493D1E ft=1 fh=3ffc7c6d773952bd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srns.dll.vir"
sh=05B583777EC524C960E226EC3572C0C936352924 ft=1 fh=dc7b18a77967e0a5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srom.dll.vir"
sh=7DF240F9FE38A5AD6FDC624FB022CEEF09CAE410 ft=1 fh=32dd00cb81e4e834 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srpdm.dll.vir"
sh=F5593CAA1EBF8D0B2BF25F36090487E49417D8AF ft=1 fh=03c41d3497d7f529 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srprl.dll.vir"
sh=21E353A7D259E8912FEEB9DE836A86934C3123C6 ft=1 fh=437f10d20ccd624e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=D0D91AA2A5D8750CF38A7B87DCD3DAB0B55277EB ft=1 fh=4fc8a58c6d53fb3d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srsbs.dll.vir"
sh=9DEE96BFBCAE69821A98B7988B287DA6D8B6D421 ft=1 fh=621702fb64f09bf3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srsbsau.dll.vir"
sh=55F3D2AAE33A9A68CE537946FCE80ECC6C322563 ft=1 fh=c01d5221a5da1280 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srsl.dll.vir"
sh=C062D4B2990D76407C210D32BB3564B183243113 ft=1 fh=d56cc839b06d8b01 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sruhs.dll.vir"
sh=E3A6C75E5FF0B6A13A889E2C03D55F243416C469 ft=1 fh=9fe88d3368291350 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srus.dll.vir"
sh=BD3C19B1522A7E341D4C6EB015D8A68F94F68B5C ft=1 fh=595fec7cd405d0d6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srut.dll.vir"
sh=7EF38DBE4E68777EF54E1DD7DA04C47534701F07 ft=1 fh=d3493b0d6ef7d73d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=8794550C530FB81033BC5BE76EFA204E2A729D5B ft=1 fh=c911f2f366e79985 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0FDD7FF166139B9D80B617F28B8AA5749F3A3FF2 ft=1 fh=261312001847d270 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=495DFF80D52F328383115D1EB9963CDDE91A67CA ft=1 fh=c9e5b36474ec6374 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=08F862797A867C051120BF418022A2E53EFDD801 ft=1 fh=e8518d6d05a74cf5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=2CE4AC0873CC8F74062F55763140C0675FAC5EE0 ft=1 fh=0356a22255daa2de vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=7290509DD9B7F8DCFA781334EBEFF3E5D4C58C5C ft=1 fh=0aae782d31fb93bd vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=32602D4077332EE0F75304C87434755510F768FD ft=1 fh=4d22cbd3b33f2e9e vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=A5517659524BFD05ABEF457FE26F1D0E80D3EF85 ft=1 fh=af4585d56f4a69b5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=36E31354BDEA960B9E966413460C3CB81036C629 ft=1 fh=107c58d6ba93a4af vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=7E0DF8CB3179C8E1C8938D7FDC6C041935BA2AAF ft=1 fh=9f2d1e13902d149b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=01ED9613E8CF31B16D6447012E7C257510AE16D5 ft=1 fh=c540277def73d46f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=2C0E7ACA0DFB0E07BDD7095CDB5CC3C5A15CD2CE ft=1 fh=a620b848fbe1fd90 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=77863B577D8501F979A2624BEC76BAB781909E2F ft=1 fh=ea81eeb9431c5542 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0A09BD9D446210A9498B1C537ADF3A06D0760148 ft=1 fh=3917c688ec581966 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=F206D8959FA7A43CC2D5E85F5A87E3E63D8EC274 ft=1 fh=5f24e9703b251499 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.AdvancedExeLauncherPlugin.dll.vir"
sh=C211C988D8D404D8E6CBBCDFE148D4AA665A472D ft=1 fh=6883e4752b24df90 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.CustomControl.dll.vir"
sh=34935F4777836482ADA3622C77F3C3B9223C0D24 ft=1 fh=c08830e30506da54 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.DMP.dll.vir"
sh=12A6459952761EC4CC0E2347B59BF56D8D27462D ft=1 fh=e898fb13ccce5068 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.MessengerPlugin.dll.vir"
sh=2345D7AA31132194AEB5D775DD58E0D8844900BA ft=1 fh=2964156c700371c9 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.SafeMode.dll.vir"
sh=C606341C9BDB6958509DD3D70AF84A0A2F1EAB74 ft=1 fh=1e52b348b29a981e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WeatherPlugin.dll.vir"
sh=787D21774D18B3BD5909C42E653EC78F0AA2DA1E ft=1 fh=ac45c2af56ed6bd9 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WordPlugin.dll.vir"
sh=706F2A59D8244F56718AFB7B0B277B889A797DFC ft=1 fh=cd709ccceaef19a2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.YoutubeDownloadPlugin.dll.vir"
sh=A1B914E6889C79FD2FF7710652AFF75B9577B144 ft=1 fh=a8bf8c33e84bc937 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\spup.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=B440276E183DBAC6788EF3A0E6082C55E571170D ft=1 fh=62c0c4858bcf9d29 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Roaming\MetaCrawler\UpdateProc\UpdateTask.exe.vir"
sh=1A278C9611A807BB4319B4DBC0CC28D5B61139E2 ft=1 fh=dc9029d19ecf454f vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer-User\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer-User\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer-User\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=4C22703DB4A042AD25EE88C56D48A641F0A3340D ft=1 fh=b9ea346e4f1dd435 vn="Win32/RiskWare.NetFilter.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys.vir"
sh=2A8D8BD13AE55D8076C834B8C4C3C2A12713C82A ft=1 fh=c71c00116ea9c234 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\ZipExtractorSetup.exe"
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnStub.exe"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=C78FB212C8E69E28ADED45E3449B484AD989C3C9 ft=1 fh=d8d5f1f763ce53db vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\DVDVideoSoftToolbar.exe"
sh=349DCE51219EFA0C870578961896320294FC0B26 ft=1 fh=ccf2c853f99716a7 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe"
sh=F62AAB033BDFA26DAA7D24C9F2F2E6805F6D9EC9 ft=1 fh=ba0a88b2634d5585 vn="Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Deal Keeper\bin\DealKeeperBAApp.dll"
sh=F37EC95938B0636F85ED97DDF6BF84513988EBEB ft=1 fh=d41af64508c77e9b vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Deal Keeper\bin\{55dce8ba-9dec-4013-937e-adbf9317d990}.dll"
sh=58C3F42D04D646EB15C73F8558B7A6FC8CE26A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js.vir"
sh=6EF5B1448DE7B0A1263E32EBA7DC2AFE502C8FB4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js.vir"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=05480BD17A63333789D1E425879FBF083C177A99 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=BB51F0B482DCE267913B695EBCDD1E9AF79583A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=83D599FA708D26F2F1D43E847C2CD2AA9AB540E6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=29CB94A9EF520B57B797DE819EEA88BA3ED5239F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js.vir"
sh=91A6607DBD508E202138D84D346DE82921F06C9B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js.vir"
sh=5C5A008E55F177D6F69D40492574390E4EADCF7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=2CAA8A9B9F1D7D41CAD7CD1DE9C253EF4411A15E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js.vir"
sh=4E356A3537E9A4B3814169EBE549D1C2AB3EC78F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=E254E0BD5C202A441B4F7415C762F7D537A79E24 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=5B79E1012732BA64F2D1FDF7DBF44CAD28FE7CDD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js.vir"
sh=9200578E0A1027E0EE00111B9545601BC953C1A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=153D61D882922BA440ED0EDB0BE44F58CB47DC5B ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UP3UM0CL\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].elfo"
sh=58C3F42D04D646EB15C73F8558B7A6FC8CE26A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js"
sh=6EF5B1448DE7B0A1263E32EBA7DC2AFE502C8FB4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js"
sh=05480BD17A63333789D1E425879FBF083C177A99 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\159_cortica_rollover_m.js"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\171_arcadi2_sourceID_m.js"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js"
sh=BB51F0B482DCE267913B695EBCDD1E9AF79583A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\175_coolmirage_m.js"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\179_revizer_p_dynamic_m.js"
sh=83D599FA708D26F2F1D43E847C2CD2AA9AB540E6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\180_bpo_serp_m.js"
sh=29CB94A9EF520B57B797DE819EEA88BA3ED5239F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=5202E51201D6D1FDA57BAD612477A46DF4118D79 ft=1 fh=febf1be35c9e6018 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Downloads\FreeYouTubeToMp3Converter.exe"
sh=C5388074F31DF07BE6C1DDEF0D762EC5A8819E77 ft=1 fh=fcf810b56806cfeb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Downloads\FreeYouTubeToMp3Converter39.exe"
sh=FA8005C94338A7972F778952BB5BE1D7A69CD843 ft=1 fh=da3685046f93e04f vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Downloads\registrybooster.exe"
sh=2DD2680A658565148FC92DB40207AA52EE49EAE8 ft=1 fh=9af9006bf92fa775 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Conny\Downloads\Reguse_Installer.exe"
sh=153D61D882922BA440ED0EDB0BE44F58CB47DC5B ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\45MDD3X0\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].elfo"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js"
sh=91A6607DBD508E202138D84D346DE82921F06C9B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\107_coupish_m.js"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js"
sh=5C5A008E55F177D6F69D40492574390E4EADCF7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js"
sh=2CAA8A9B9F1D7D41CAD7CD1DE9C253EF4411A15E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js"
sh=4E356A3537E9A4B3814169EBE549D1C2AB3EC78F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js"
sh=E254E0BD5C202A441B4F7415C762F7D537A79E24 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js"
sh=5B79E1012732BA64F2D1FDF7DBF44CAD28FE7CDD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js"
sh=9200578E0A1027E0EE00111B9545601BC953C1A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=AD465C71F1C21D58AA4B3301F5506B6AE0F004D3 ft=1 fh=1df906e291630566 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Marie-Sophie\Downloads\FreeAudioConverter.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Sophie\Downloads\FreeYouTubeToMP3Converter(1).exe"
sh=786F7AEE16CEC1A5BFE05809DFF81E4245E163CF ft=1 fh=e44ca0af77a0f02f vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Marie-Sophie\Downloads\FreeYouTubeToMP3Converter.exe"
sh=63C07F52802B59710924F75C01DCFEFFA338E063 ft=1 fh=43a6f6e7aec8b73c vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Sophie\Downloads\FreeYouTubeToMP3Converter105.exe"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_25.dll"
sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_26.dll"
sh=7290509DD9B7F8DCFA781334EBEFF3E5D4C58C5C ft=1 fh=0aae782d31fb93bd vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_27.dll"
sh=32602D4077332EE0F75304C87434755510F768FD ft=1 fh=4d22cbd3b33f2e9e vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_28.dll"
sh=A5517659524BFD05ABEF457FE26F1D0E80D3EF85 ft=1 fh=af4585d56f4a69b5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_29.dll"
sh=36E31354BDEA960B9E966413460C3CB81036C629 ft=1 fh=107c58d6ba93a4af vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_30.dll"
sh=1ECEAF181DC0006EE76B299E90CC808A55797637 ft=1 fh=32d2465f103c3ca2 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\avira_free_antivirus_de(1).exe.part"
sh=1ECEAF181DC0006EE76B299E90CC808A55797637 ft=1 fh=32d2465f103c3ca2 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\avira_free_antivirus_de.exe"
sh=C700FF3CC6C53AF7F4E4B4835B44F10B631AAB91 ft=1 fh=d047f09cfa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\Core-Temp-lnstall.exe"
sh=0E63EDE6A102841AC5A6C5A9E40F2170185D4E69 ft=1 fh=964d25fcb82ba285 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe"
sh=B25DFC38B84D9E21F4ECE88E942AAF3CC22EAB8E ft=1 fh=cda1cbd4b2e6ebee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\FreeYouTubeToMP333Converter.exe"
sh=C293F0089EED7C6C97CC48D7DA118E2259FADB09 ft=1 fh=79c6cb0891df0e5a vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\FreeYouTubeToMP3Converter(1).exe"
sh=660DBBCCB3CECB907102247E33A2763B885BC22F ft=1 fh=08d795d06aaee6ee vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\FreeYouTubeToMP3Converter(2).exe"
sh=C293F0089EED7C6C97CC48D7DA118E2259FADB09 ft=1 fh=79c6cb0891df0e5a vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\FreeYouTubeToMP3Converter.exe"
sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\FreeYouTubeToMP3Converter31011.exe"
sh=AEA202E75EB4A7B17250E6DCA3B2470D83247036 ft=1 fh=67bcb2b84dcf5931 vn="Variante von Win32/SweetIM.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\SweetImSetup.exe"
sh=4E5D92595443236644E528632B6699C8A7EBE8D5 ft=1 fh=1eb7510ee00f9c58 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=797D6EBAB67127D1CE6E31B36FB2046BA0AF1818 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\16f349.msi"
sh=408CC64656FB85DFC42121CB9B8E67618023D6AF ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\16f34f.msi"
sh=DC3C29A963871A9FF0613FFEC4FC39AB04760924 ft=1 fh=aa8756f8c51680cf vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\MSI4176.tmp"
Viele Grüße und vielen Dank für Deine Hilfe, ... ißt Du gerne Honig, oder Marmelade? Romanos Geändert von Romanos (19.08.2014 um 07:40 Uhr) |
|
Linear-Darstellung
