Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mein Laptop legt Verknüpfungen am USB Stick an (https://www.trojaner-board.de/152701-laptop-legt-verknuepfungen-usb-stick.html)

Marcus.V 18.04.2014 13:41
Mein Laptop legt Verknüpfungen am USB Stick an
 
Hallo zusammen,

mein Laptop legt Selbsständig verknüpfungen auf dem USB Stick an.
Auf dem einem Stick sind Sensible daten drauf. Kann mir da jemand helfen.

Der Rechner hat Windows 7 drauf.

schrauber 18.04.2014 14:20
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Marcus.V 18.04.2014 16:13
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Marcus Vogelgsang (administrator) on MARCUSVOGELGSAN on 18-04-2014 17:09:01
Running from C:\Users\Marcus Vogelgsang\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(PCTV Systems S.à r.l.) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Softonic) C:\Users\Marcus Vogelgsang\AppData\Local\Softonic\Softonic.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Marcus Vogelgsang\Downloads\setup (4).exe
(@) C:\Users\Marcus Vogelgsang\AppData\Local\Temp\instract.exe
() C:\Users\Marcus Vogelgsang\Downloads\setup (5).exe
(@) C:\Users\Marcus Vogelgsang\AppData\Local\Temp\instract.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Marcus Vogelgsang\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Users\Marcus Vogelgsang\AppData\Roaming\VOPackage\VOPackage.exe
(PriceMeter) C:\Users\Marcus Vogelgsang\AppData\Local\Temp\{01BB49A6-7641-48E1-ADD4-C3C22AFF32DE}\o-update\PriceMeterLiveUpdate.exe
(PriceMeter) C:\Users\Marcus Vogelgsang\AppData\Local\Temp\GUM34BA.tmp\PriceMeterLiveUpdate.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(PriceMeter) C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeter\pricemeterd.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Igor Pavlov) C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeter\TEMP\tmp.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-18] (AVAST Software)
HKLM-x32\...\Runonce: [Del15806816] - cmd.exe /Q /D /c del "C:\Users\MARCUS~1\AppData\Local\Temp\0.del" [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [StrmServer.exe] => C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe [746768 2010-12-21] (PCTV Systems S.à r.l.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Marcus Vogelgsang\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=106ca5e02f2f47d09b020d47e76b8188-7a9a786275aee0e1aa028c7bd2be087f538a5943 /CMPID=0214c
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [Microsoft] => wscript.exe //B "C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe"
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [Softonic for Windows] => C:\Users\Marcus Vogelgsang\AppData\Local\Softonic\Softonic.exe [4162032 2014-04-07] (Softonic)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\RunOnce: [Del15806816] - cmd.exe /Q /D /c del "C:\Users\MARCUS~1\AppData\Local\Temp\0.del"
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\MountPoints2: {1df9b9c2-f5bf-11e2-b442-dc0ea18f687b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\MountPoints2: {53340e86-86d2-11e1-ae78-001e101f21c1} - E:\AutoRun.exe
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\MountPoints2: {5847795d-23e8-11e2-af86-dc0ea18f687b} - E:\AutoRun.exe
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\MountPoints2: {58477964-23e8-11e2-af86-dc0ea18f687b} - E:\AutoRun.exe
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\MountPoints2: {d867f50d-86cb-11e1-a1f3-001e101f82a0} - G:\AutoRun.exe
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\MountPoints2: {f7217d7c-8476-11e1-accf-e4d53dbe1109} - E:\AutoRun.exe
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\MountPoints2: {f72180bf-8476-11e1-accf-001e101fa1f5} - E:\AutoRun.exe
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\MountPoints2: {f72180d7-8476-11e1-accf-001e101fa1f5} - G:\AutoRun.exe
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\MountPoints2: {f9a08110-81b3-11e1-afaa-dc0ea18f687b} - E:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355552 2014-04-08] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-04-08] (Conduit)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3311336&octid=CT3311336&SearchSource=61&CUI=UN80935140718921283&UM=2&UP=SP420464BF-EFF7-4313-B4D6-C5496A028DEC&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&st=chrome&q=
URLSearchHook: HKLM-x32 - Fun Media Bar V10 Toolbar - {130a876e-28f8-41f2-911d-084e557b057a} - C:\Users\Marcus Vogelgsang\AppData\LocalLow\Fun_Media_Bar_V10\prxtbFun2.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - Fun Media Bar V10 Toolbar - {130a876e-28f8-41f2-911d-084e557b057a} - C:\Users\Marcus Vogelgsang\AppData\LocalLow\Fun_Media_Bar_V10\prxtbFun2.dll (ClientConnect Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = hxxp://dts.search-results.com/web?src=ieb&gct=ds&appid=192&systemid=431&apn_dtid=BND431&apn_ptnrs=AGH&o=APN10656&apn_uid=5210514184704010&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=5420286491084046&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=484&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = hxxp://dts.search-results.com/web?src=ieb&gct=ds&appid=192&systemid=431&apn_dtid=BND431&apn_ptnrs=AGH&o=APN10656&apn_uid=5210514184704010&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {C0F25880-3649-4E9D-8377-CACBAA942BD0} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.7&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&q={searchTerms}
SearchScopes: HKCU - DefaultScope {C0F25880-3649-4E9D-8377-CACBAA942BD0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312806&CUI=UN53763205189739530&UM=1
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=fd8dd8a6-bd80-4116-acaa-32bcd857b46a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN80935140718921283&UM=2&UP=SP61E93ABF-C46E-4296-99F9-7B710588E4FF&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {C0F25880-3649-4E9D-8377-CACBAA942BD0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312806&CUI=UN53763205189739530&UM=1
SearchScopes: HKCU - {F9BA8761-2258-46B5-9F12-FCC57CED83C0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN80935140718921283&UM=2
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\x64\BrowserConnection.dll (iMesh, Inc)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
BHO-x32: Fun Media Bar V10 Toolbar - {130a876e-28f8-41f2-911d-084e557b057a} - C:\Users\Marcus Vogelgsang\AppData\LocalLow\Fun_Media_Bar_V10\prxtbFun2.dll (ClientConnect Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\BrowserConnection.dll (iMesh, Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - !{E3286BF1-E654-42FF-B4A6-5E111731DF6B} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{E3286BF1-E654-42FF-B4A6-5E111731DF6B} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Fun Media Bar V10 Toolbar - {130a876e-28f8-41f2-911d-084e557b057a} - C:\Users\Marcus Vogelgsang\AppData\LocalLow\Fun_Media_Bar_V10\prxtbFun2.dll (ClientConnect Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU - No Name - {130A876E-28F8-41F2-911D-084E557B057A} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcus Vogelgsang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-19]
FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox\
FF Extension: SiteRanker - C:\Program Files (x86)\SiteRanker\firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
FF Extension: Speed Analysis 2 - C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013-04-27]
FF HKLM-x32\...\Firefox\Extensions: [pluswinks@PlusWinks] - C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks [2013-04-27]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-19]
FF HKCU\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
FF Extension: Speed Analysis 2 - C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013-04-27]
FF HKCU\...\Firefox\Extensions: [pluswinks@PlusWinks] - C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks [2013-04-27]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=M31DCF370-3376-40DD-8837-CFCDFD0BBC3C&SearchSource=55&CUI=&UM=5&UP=SP420464BF-EFF7-4313-B4D6-C5496A028DEC&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=M31DCF370-3376-40DD-8837-CFCDFD0BBC3C&SearchSource=55&CUI=&UM=5&UP=SP420464BF-EFF7-4313-B4D6-C5496A028DEC&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=M31DCF370-3376-40DD-8837-CFCDFD0BBC3C&SearchSource=58&CUI=&UM=5&UP=SP420464BF-EFF7-4313-B4D6-C5496A028DEC&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-10]
CHR Extension: (Google Drive) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
CHR Extension: (YouTube) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
CHR Extension: (Google-Suche) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
CHR Extension: (Speed Analysis 2) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf [2014-04-10]
CHR Extension: (SiteRanker) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldkplledicnbnnliodeffobaiaodaf [2014-04-10]
CHR Extension: (Freemium DE) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jopemfhojpebdeollanchfjhpbkcijoi [2014-04-10]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR Extension: (Plus-HD-3.8) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh [2014-04-11]
CHR Extension: (Google Mail) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
CHR HKCU\...\Chrome\Extension: [jopemfhojpebdeollanchfjhpbkcijoi] - C:\Users\Marcus Vogelgsang\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx [2013-11-21]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Marcus Vogelgsang\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx [2013-04-17]
CHR HKLM-x32\...\Chrome\Extension: [dgldkplledicnbnnliodeffobaiaodaf] - C:\Program Files (x86)\SiteRanker\Chrome\siterank_c.crx [2012-07-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [jopemfhojpebdeollanchfjhpbkcijoi] - C:\Users\Marcus Vogelgsang\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Marcus Vogelgsang\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\Marcus Vogelgsang\AppData\Roaming\PlusWinks\pluswinks.crx [2013-03-20]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\MARCUS~1\AppData\Local\Temp\YontooLayers.crx [2013-03-20]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-18] (AVAST Software)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2470688 2014-04-08] (Conduit)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 pricemeterliveUpdate; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-04-18] (PriceMeter)
S3 pricemeterliveUpdatem; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-04-18] (PriceMeter)
R2 VOsrv; C:\Users\Marcus Vogelgsang\AppData\Roaming\VOPackage\VOsrv.exe [353792 2014-02-25] ()
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 HPSLPSVC; C:\Users\MARCUS~1\AppData\Local\Temp\7zS79A1\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-18] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-18] ()
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-18] (Malwarebytes Corporation)
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 17:09 - 2014-04-18 17:09 - 00033583 _____ () C:\Users\Marcus Vogelgsang\Downloads\FRST.txt
2014-04-18 17:09 - 2014-04-18 17:09 - 00003754 _____ () C:\Windows\System32\Tasks\pricemetertask
2014-04-18 17:09 - 2014-04-18 17:09 - 00003742 _____ () C:\Windows\System32\Tasks\pricemeterwatcher
2014-04-18 17:09 - 2014-04-18 17:09 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-04-18 17:08 - 2014-04-18 17:09 - 00993712 _____ () C:\Users\Marcus Vogelgsang\Downloads\setup (6).exe
2014-04-18 17:08 - 2014-04-18 17:09 - 00000000 ____D () C:\FRST
2014-04-18 17:07 - 2014-04-18 17:08 - 02158592 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64.exe
2014-04-18 17:06 - 2014-04-18 17:07 - 01146880 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST.exe
2014-04-18 17:06 - 2014-04-18 17:06 - 00003118 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-04-18 17:06 - 2014-04-18 17:06 - 00001165 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-04-18 17:06 - 2014-04-18 17:06 - 00000000 ____D () C:\ProgramData\Systweak
2014-04-18 17:06 - 2014-04-18 17:06 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-04-18 17:06 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-04-18 17:05 - 2014-04-18 17:09 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeter
2014-04-18 17:05 - 2014-04-18 17:05 - 00301496 _____ (VuuPC Limited) C:\Users\Marcus Vogelgsang\AppData\Local\nss717E.tmp
2014-04-18 17:05 - 2014-04-18 17:05 - 00003984 _____ () C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA
2014-04-18 17:05 - 2014-04-18 17:05 - 00003732 _____ () C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore
2014-04-18 17:05 - 2014-04-18 17:05 - 00003378 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-04-18 17:05 - 2014-04-18 17:05 - 00003300 _____ () C:\Windows\System32\Tasks\PriceMeterUpdater
2014-04-18 17:05 - 2014-04-18 17:05 - 00001933 _____ () C:\Users\Marcus Vogelgsang\Desktop\Sync Folder.lnk
2014-04-18 17:05 - 2014-04-18 17:05 - 00001051 _____ () C:\Users\Marcus Vogelgsang\Desktop\MyPC Backup.lnk
2014-04-18 17:05 - 2014-04-18 17:05 - 00000988 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-04-18 17:05 - 2014-04-18 17:05 - 00000984 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-04-18 17:05 - 2014-04-18 17:05 - 00000879 _____ () C:\Users\Marcus Vogelgsang\Desktop\Continue VuuPC Installation.lnk
2014-04-18 17:05 - 2014-04-18 17:05 - 00000322 _____ () C:\Windows\Tasks\PriceMeterUpdater.job
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\VOPackage
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\PriceMeterUpdater
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeterLiveUpdate
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Program Files (x86)\PriceMeterLiveUpdate
2014-04-18 17:04 - 2014-04-18 17:04 - 00003382 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-04-18 17:04 - 2014-04-18 17:04 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-04-18 17:04 - 2014-04-18 17:04 - 00003088 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-04-18 17:04 - 2014-04-18 17:04 - 00002932 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-04-18 17:04 - 2014-04-18 17:04 - 00001426 _____ () C:\Users\Marcus Vogelgsang\Desktop\Registry kostenlos entrümpeln!.lnk
2014-04-18 17:04 - 2014-04-18 17:04 - 00000308 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-18 17:04 - 2014-04-18 17:04 - 00000300 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-18 17:04 - 2014-04-18 17:04 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\SearchProtect
2014-04-18 17:04 - 2014-04-18 17:04 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-18 17:04 - 2014-04-18 17:04 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-04-18 17:03 - 2014-04-18 17:04 - 00993712 _____ () C:\Users\Marcus Vogelgsang\Downloads\setup (5).exe
2014-04-18 17:02 - 2014-04-18 17:03 - 00993712 _____ () C:\Users\Marcus Vogelgsang\Downloads\setup (4).exe
2014-04-18 17:02 - 2014-04-18 17:03 - 00993712 _____ () C:\Users\Marcus Vogelgsang\Downloads\setup (3).exe
2014-04-18 15:40 - 2014-04-18 15:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softonic
2014-04-18 15:40 - 2014-04-18 15:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Softonic
2014-04-18 15:40 - 2014-04-18 15:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\CrashRpt
2014-04-18 15:39 - 2014-04-18 15:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 15:39 - 2014-04-18 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 15:37 - 2014-04-18 15:37 - 00386928 _____ (Softonic ) C:\Users\Marcus Vogelgsang\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe
2014-04-18 12:47 - 2014-04-18 13:27 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\Peter Orth
2014-04-18 12:40 - 2014-04-18 12:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-18 12:40 - 2014-04-18 12:40 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-18 12:40 - 2014-04-18 12:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\AVAST Software
2014-04-18 12:38 - 2014-04-18 12:38 - 00000000 ____D () C:\Program Files (x86)\Siber Systems
2014-04-18 12:37 - 2014-04-18 12:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-18 12:37 - 2014-04-18 12:37 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-18 12:33 - 2014-03-17 22:35 - 00000426 _____ () C:\AVScanner.ini
2014-04-18 12:31 - 2014-04-18 12:35 - 88551496 _____ (AVAST Software) C:\Users\Marcus Vogelgsang\Downloads\avast_free_antivirus_setup_9.0.2016.exe
2014-04-18 12:31 - 2014-04-18 12:31 - 00002050 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-04-18 12:31 - 2014-04-18 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-18 12:29 - 2014-04-18 12:30 - 21987424 _____ (Mozilla) C:\Users\Marcus Vogelgsang\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-12 09:42 - 2013-12-17 09:50 - 00554306 ___SH () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe
2014-04-12 09:02 - 2014-04-12 09:02 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\{1F9152C4-1886-4110-A06C-4AA831CF6780}
2014-04-11 16:31 - 2014-04-12 09:01 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\BHH2014Unfall
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieUserList
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieSiteList
2014-04-10 17:58 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 17:58 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 17:58 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 17:58 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 17:58 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 17:58 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 17:58 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 17:58 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 17:58 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 17:58 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 17:58 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 17:58 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 17:58 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 17:58 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 17:58 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 17:58 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 17:58 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 17:58 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 17:58 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 17:58 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-10 17:58 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-10 17:58 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-10 17:58 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 17:58 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 17:58 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-10 17:58 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-10 17:58 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-10 17:58 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-10 17:58 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 17:58 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-10 17:58 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-10 17:58 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-10 17:58 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-10 17:58 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 17:58 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-10 17:58 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 17:58 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-10 17:58 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-10 17:58 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 17:58 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-10 17:58 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-10 17:58 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-10 17:58 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 17:58 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 17:58 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 17:58 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-10 17:58 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-10 17:58 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-10 15:05 - 2014-04-18 16:51 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 15:05 - 2014-04-18 15:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 15:05 - 2014-04-10 15:11 - 00004128 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-10 15:05 - 2014-04-10 15:11 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-10 15:05 - 2014-04-10 15:05 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 13:08 - 2014-04-10 13:08 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\TB
2014-04-10 12:58 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 12:58 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 12:58 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 12:58 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 12:58 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 12:58 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 12:58 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 12:58 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 12:58 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 12:58 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 12:58 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 12:58 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 12:58 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 12:45 - 2014-04-10 12:45 - 00000000 _____ () C:\end

==================== One Month Modified Files and Folders =======

2014-04-18 17:09 - 2014-04-18 17:09 - 00033583 _____ () C:\Users\Marcus Vogelgsang\Downloads\FRST.txt
2014-04-18 17:09 - 2014-04-18 17:09 - 00003754 _____ () C:\Windows\System32\Tasks\pricemetertask
2014-04-18 17:09 - 2014-04-18 17:09 - 00003742 _____ () C:\Windows\System32\Tasks\pricemeterwatcher
2014-04-18 17:09 - 2014-04-18 17:09 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-04-18 17:09 - 2014-04-18 17:08 - 00993712 _____ () C:\Users\Marcus Vogelgsang\Downloads\setup (6).exe
2014-04-18 17:09 - 2014-04-18 17:08 - 00000000 ____D () C:\FRST
2014-04-18 17:09 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeter
2014-04-18 17:08 - 2014-04-18 17:07 - 02158592 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64.exe
2014-04-18 17:07 - 2014-04-18 17:06 - 01146880 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST.exe
2014-04-18 17:06 - 2014-04-18 17:06 - 00003118 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-04-18 17:06 - 2014-04-18 17:06 - 00001165 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-04-18 17:06 - 2014-04-18 17:06 - 00000000 ____D () C:\ProgramData\Systweak
2014-04-18 17:06 - 2014-04-18 17:06 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-04-18 17:06 - 2013-08-26 09:57 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Systweak
2014-04-18 17:05 - 2014-04-18 17:05 - 00301496 _____ (VuuPC Limited) C:\Users\Marcus Vogelgsang\AppData\Local\nss717E.tmp
2014-04-18 17:05 - 2014-04-18 17:05 - 00003984 _____ () C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA
2014-04-18 17:05 - 2014-04-18 17:05 - 00003732 _____ () C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore
2014-04-18 17:05 - 2014-04-18 17:05 - 00003378 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-04-18 17:05 - 2014-04-18 17:05 - 00003300 _____ () C:\Windows\System32\Tasks\PriceMeterUpdater
2014-04-18 17:05 - 2014-04-18 17:05 - 00001933 _____ () C:\Users\Marcus Vogelgsang\Desktop\Sync Folder.lnk
2014-04-18 17:05 - 2014-04-18 17:05 - 00001051 _____ () C:\Users\Marcus Vogelgsang\Desktop\MyPC Backup.lnk
2014-04-18 17:05 - 2014-04-18 17:05 - 00000988 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-04-18 17:05 - 2014-04-18 17:05 - 00000984 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-04-18 17:05 - 2014-04-18 17:05 - 00000879 _____ () C:\Users\Marcus Vogelgsang\Desktop\Continue VuuPC Installation.lnk
2014-04-18 17:05 - 2014-04-18 17:05 - 00000322 _____ () C:\Windows\Tasks\PriceMeterUpdater.job
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\VOPackage
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\PriceMeterUpdater
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeterLiveUpdate
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-04-18 17:05 - 2014-04-18 17:05 - 00000000 ____D () C:\Program Files (x86)\PriceMeterLiveUpdate
2014-04-18 17:05 - 2013-04-27 09:14 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-04-18 17:05 - 2012-03-23 22:48 - 00000000 ___RD () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-18 17:04 - 2014-04-18 17:04 - 00003382 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-04-18 17:04 - 2014-04-18 17:04 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-04-18 17:04 - 2014-04-18 17:04 - 00003088 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-04-18 17:04 - 2014-04-18 17:04 - 00002932 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-04-18 17:04 - 2014-04-18 17:04 - 00001426 _____ () C:\Users\Marcus Vogelgsang\Desktop\Registry kostenlos entrümpeln!.lnk
2014-04-18 17:04 - 2014-04-18 17:04 - 00000308 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-18 17:04 - 2014-04-18 17:04 - 00000300 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-18 17:04 - 2014-04-18 17:04 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\SearchProtect
2014-04-18 17:04 - 2014-04-18 17:04 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-18 17:04 - 2014-04-18 17:04 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-04-18 17:04 - 2014-04-18 17:03 - 00993712 _____ () C:\Users\Marcus Vogelgsang\Downloads\setup (5).exe
2014-04-18 17:03 - 2014-04-18 17:02 - 00993712 _____ () C:\Users\Marcus Vogelgsang\Downloads\setup (4).exe
2014-04-18 17:03 - 2014-04-18 17:02 - 00993712 _____ () C:\Users\Marcus Vogelgsang\Downloads\setup (3).exe
2014-04-18 17:01 - 2013-10-01 10:47 - 00004196 _____ () C:\Windows\System32\Tasks\Software Updater
2014-04-18 16:52 - 2012-02-18 13:13 - 04119160 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 16:52 - 2012-02-18 13:13 - 01244928 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 16:52 - 2012-02-18 04:20 - 01286808 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 16:52 - 2009-07-14 07:13 - 01292360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 16:51 - 2014-04-10 15:05 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 16:51 - 2013-10-01 10:48 - 00001928 _____ () C:\Windows\Tasks\Plus-HD-3.8-chromeinstaller.job
2014-04-18 16:51 - 2013-10-01 10:48 - 00001314 _____ () C:\Windows\Tasks\Plus-HD-3.8-updater.job
2014-04-18 16:51 - 2013-10-01 10:48 - 00001220 _____ () C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job
2014-04-18 16:51 - 2013-10-01 10:48 - 00001118 _____ () C:\Windows\Tasks\Plus-HD-3.8-enabler.job
2014-04-18 16:51 - 2012-04-06 20:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-18 16:02 - 2013-10-01 10:48 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-3.8
2014-04-18 15:40 - 2014-04-18 15:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softonic
2014-04-18 15:40 - 2014-04-18 15:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Softonic
2014-04-18 15:40 - 2014-04-18 15:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\CrashRpt
2014-04-18 15:40 - 2014-04-18 15:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 15:39 - 2014-04-18 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 15:37 - 2014-04-18 15:37 - 00386928 _____ (Softonic ) C:\Users\Marcus Vogelgsang\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe
2014-04-18 15:16 - 2014-04-10 15:05 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 14:35 - 2013-03-22 23:06 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Desktop\Motorsport
2014-04-18 14:22 - 2013-08-26 10:01 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\avgchrome
2014-04-18 13:27 - 2014-04-18 12:47 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\Peter Orth
2014-04-18 13:26 - 2009-07-14 06:51 - 00157049 _____ () C:\Windows\setupact.log
2014-04-18 12:50 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 12:50 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 12:43 - 2014-04-18 12:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-18 12:43 - 2012-10-17 06:43 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-04-18 12:42 - 2013-10-13 18:01 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-18 12:42 - 2013-10-13 17:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-18 12:42 - 2012-11-15 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-18 12:42 - 2010-11-21 05:47 - 00385552 _____ () C:\Windows\PFRO.log
2014-04-18 12:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 12:40 - 2014-04-18 12:40 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-18 12:40 - 2014-04-18 12:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\AVAST Software
2014-04-18 12:38 - 2014-04-18 12:38 - 00000000 ____D () C:\Program Files (x86)\Siber Systems
2014-04-18 12:37 - 2014-04-18 12:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-18 12:37 - 2014-04-18 12:37 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-18 12:35 - 2014-04-18 12:31 - 88551496 _____ (AVAST Software) C:\Users\Marcus Vogelgsang\Downloads\avast_free_antivirus_setup_9.0.2016.exe
2014-04-18 12:31 - 2014-04-18 12:31 - 00002050 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-04-18 12:31 - 2014-04-18 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-18 12:30 - 2014-04-18 12:29 - 21987424 _____ (Mozilla) C:\Users\Marcus Vogelgsang\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-18 12:20 - 2012-10-13 12:02 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Dropbox
2014-04-18 12:19 - 2013-10-02 09:28 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Desktop\DTM
2014-04-18 12:18 - 2012-10-13 12:03 - 00000000 ___RD () C:\Users\Marcus Vogelgsang\Dropbox
2014-04-18 12:17 - 2013-06-29 20:41 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Desktop\Musik
2014-04-12 14:19 - 2013-01-15 11:30 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\PdfGrabber
2014-04-12 10:19 - 2012-05-19 11:16 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\AD_LUMIX
2014-04-12 10:19 - 2011-01-01 00:00 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\DCIM
2014-04-12 09:02 - 2014-04-12 09:02 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\{1F9152C4-1886-4110-A06C-4AA831CF6780}
2014-04-12 09:01 - 2014-04-11 16:31 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\BHH2014Unfall
2014-04-12 09:01 - 2014-02-26 18:39 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Windows Live
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieUserList
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieSiteList
2014-04-11 10:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-11 07:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-10 17:59 - 2009-07-14 04:34 - 00000566 _____ () C:\Windows\win.ini
2014-04-10 17:58 - 2013-08-14 22:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 17:58 - 2012-04-08 21:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 17:56 - 2012-04-09 21:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 15:11 - 2014-04-10 15:05 - 00004128 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-10 15:11 - 2014-04-10 15:05 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-10 15:05 - 2014-04-10 15:05 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 15:05 - 2012-04-06 22:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-10 15:04 - 2012-04-06 22:17 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Deployment
2014-04-10 15:00 - 2012-04-06 22:18 - 00000000 ____D () C:\Program Files\Google
2014-04-10 14:56 - 2012-04-06 22:18 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Google
2014-04-10 14:51 - 2013-11-05 11:19 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Conduit
2014-04-10 13:08 - 2014-04-10 13:08 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\TB
2014-04-10 12:45 - 2014-04-10 12:45 - 00000000 _____ () C:\end
2014-03-31 21:43 - 2013-10-01 10:47 - 00000000 ____D () C:\Program Files\SoftwareUpdater
2014-03-31 21:42 - 2013-10-01 10:47 - 00004262 _____ () C:\Windows\System32\Tasks\Software Updater Ui
2014-03-19 11:25 - 2012-04-06 20:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-19 11:25 - 2012-04-06 20:12 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-19 11:25 - 2011-10-20 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-19 09:55 - 2009-07-14 06:45 - 00431824 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3360.dll


Some content of TEMP:
====================
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\avgnt.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\BackupSetup.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\bitool.dll
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\instract.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsb2468.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsbEE7D.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsf4E63.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsg2AF0.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsgDDD7.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nshB7B7.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nshB7B8.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsm8A1F.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsm8B09.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsmBFC3.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsr855D.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsr8731.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsx8139.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsx857E.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsxB7C7.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsxBFB4.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nsxC002.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\Softonic_DE_1-5-10_DE-Production_10_CleanRelease.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\SPSetup.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\SPStub.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\TUUUninstallHelper.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 14:37

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Marcus Vogelgsang at 2014-04-18 17:09:37
Running from C:\Users\Marcus Vogelgsang\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{EA4954FD-C685-1C7D-16F3-9BC2FD5E6BD3}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
AVG PC TuneUp 2014 (de-DE) (x32 Version: 14.0.1001.174 - AVG) Hidden
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.1013.754.12275 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fun Media Bar V10 Toolbar for IE (HKLM-x32\...\IECT3312806) (Version: 6.17.1.25 - Fun Media Bar V10)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Edition 2003 (HKLM-x32\...\{91CA0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PHOTOfunSTUDIO 6.1 HD Lite Edition (HKLM-x32\...\{7E653036-DE31-4BFD-96BB-421CC72E06FC}) (Version: 6.01.015 - Panasonic Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Plus-HD-3.8 (HKLM-x32\...\Plus-HD-3.8) (Version: 1.27.153.11 - Plus HD) <==== ATTENTION
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Price Meter (remove only) (HKCU\...\Price Meter) (Version: 1.0.5.8 - Price Meter)
Protected Search 1.1 (HKLM-x32\...\Protected Search_is1) (Version:  - Protected Search) <==== ATTENTION
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.20.154 - Conduit) <==== ATTENTION
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SiteRanker (HKLM-x32\...\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1) (Version: 1.0.0.29 - Crawler, LLC)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Softonic for Windows (HKCU\...\Softonic for Windows) (Version: 1.5.10 - Softonic International S.L.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TVCenter (HKLM\...\{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}) (Version: 6.4.1.858 - PCTV Systems)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for PriceMeter (HKCU\...\PriceMeterUpdater) (Version:  - Update for PriceMeter) <==== ATTENTION
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2200 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
WISO Steuer 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

01-03-2014 22:35:44 Windows Update
17-03-2014 21:14:50 Windows Update
19-03-2014 09:43:00 Windows Update
10-04-2014 12:44:41 Geplanter Prüfpunkt
10-04-2014 12:47:56 Free Driver Scout
10-04-2014 15:55:10 Windows Update
18-04-2014 10:26:18 Removed AVG 2014
18-04-2014 10:27:45 Removed AVG 2014
18-04-2014 10:36:48 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {15D8D657-19DB-4C99-A2F1-CA9FE941D2C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {16FDA936-92DA-4A6F-A880-24391C7D0ED0} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-08-22] (Systweak Inc) <==== ATTENTION
Task: {1903A997-F048-4CD8-9B0C-32EE28432357} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19] (Adobe Systems Incorporated)
Task: {199BB5FE-E661-4D9C-A03B-3555A30C70C9} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-08-22] (Systweak Inc) <==== ATTENTION
Task: {21C10CDB-2C27-43E5-B50E-90A5ADE3A639} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {323E9C0B-0DB6-4413-9C2E-FF3098185CD6} - System32\Tasks\pricemetertask => C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeter\TEMP\pricemeter.exe
Task: {4969617C-AE44-4035-B712-F0BE133AD348} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Marcus Vogelgsang\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {4C032A41-3C2D-4868-B767-CDDD7ED8775C} - System32\Tasks\Plus-HD-3.8-chromeinstaller => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe <==== ATTENTION
Task: {4FC42311-CC9C-43CA-A823-DF28BBECFBD8} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {5E710D94-42AD-40FA-B4D0-95556C64C58D} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-04-18] (PriceMeter)
Task: {5E8DE431-3320-4900-86D8-74A3FDD83EE4} - System32\Tasks\pricemeterwatcher => C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeter\pricemeterw.exe [2014-03-13] (PriceMeter)
Task: {676A9B20-1D82-47DB-B69A-037F178FA3EC} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-04-18] (PriceMeter)
Task: {6C325AEB-5C98-4872-ADE7-1D63E8E75975} - System32\Tasks\pricemeterdownloader => C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeter\pricemeterd.exe [2014-03-13] (PriceMeter)
Task: {6E5C461B-AF5F-4DFC-9CA6-788797002217} - System32\Tasks\Plus-HD-3.8-enabler => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-enabler.exe <==== ATTENTION
Task: {71109FB1-4FC0-47FF-BA84-6D4CE2FA543A} - System32\Tasks\PriceMeterUpdater => C:\Users\Marcus Vogelgsang\AppData\Roaming\PriceMeterUpdater\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {7C76C36C-B269-4458-9BEB-45205ACC28AC} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-08-22] (Systweak Inc) <==== ATTENTION
Task: {836C3AFE-88AC-461E-81B2-596BBD0DAE6F} - System32\Tasks\Plus-HD-3.8-updater => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-updater.exe <==== ATTENTION
Task: {8E8CE79B-8734-4162-B4C1-C3961829669E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {92FFEE48-425A-4D18-B41F-ACF88158BE4F} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
Task: {A1BDC142-9B4E-4559-8485-1F9CC0BAEA1F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: {ABBB2F4D-E0CD-4E1F-B3A5-E59C12F7DFCF} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {C2397166-B57F-49FD-B007-D8A3587D3C58} - System32\Tasks\Plus-HD-3.8-codedownloader => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-codedownloader.exe <==== ATTENTION
Task: {C713AFC8-6DF5-49F8-AA5B-AA01603ECCE2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-18] (AVAST Software)
Task: {D1C3E45D-FDF1-45F2-9046-CBF94A103C65} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [2013-08-23] (Systweak Inc                                                ) <==== ATTENTION
Task: {D4E34485-8273-47BD-8581-DCCCA0F7E78B} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-19] ()
Task: {D8B7C25F-40A6-4D44-BC05-14B071D822F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9527448-76E1-4F83-A7B7-4B97B8D8ED5D} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
Task: {D9F83366-FDD3-4A07-9FE6-274A3D278977} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-12-19] ()
Task: {E282E6B9-53F0-4741-AA29-B6F582D2B0A0} - System32\Tasks\Google Updater and Installer => C:\Users\Marcus Vogelgsang\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-3.8-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-3.8-enabler.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-3.8-updater.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: C:\Windows\Tasks\PriceMeterUpdater.job => C:\Users\MARCUS~1\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-10-20 11:00 - 2011-08-09 01:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-18 17:02 - 2014-04-18 17:03 - 00993712 _____ () C:\Users\Marcus Vogelgsang\Downloads\setup (4).exe
2014-04-18 17:03 - 2014-04-18 17:04 - 00993712 _____ () C:\Users\Marcus Vogelgsang\Downloads\setup (5).exe
2014-02-25 08:29 - 2014-02-25 08:29 - 00353792 _____ () C:\Users\Marcus Vogelgsang\AppData\Roaming\VOPackage\VOsrv.exe
2014-04-18 17:05 - 2014-04-18 17:04 - 00392973 _____ () C:\Users\Marcus Vogelgsang\AppData\Roaming\VOPackage\VOPackage.exe
2014-03-14 16:06 - 2014-03-14 16:06 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-03-14 16:00 - 2014-03-14 16:00 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-04-18 12:37 - 2014-04-18 12:37 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14031900\algo.dll
2014-04-18 12:46 - 2014-04-18 12:46 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041800\algo.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-04-18 12:37 - 2014-04-18 12:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-26 21:37 - 2014-02-26 21:37 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2011-10-20 10:18 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-03-09 18:59 - 2011-03-09 18:59 - 02238464 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\Softonic\QtCore4.dll
2011-03-09 18:59 - 2011-03-09 18:59 - 08011264 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\Softonic\QtGui4.dll
2012-06-28 12:09 - 2012-06-28 12:09 - 00076800 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\Softonic\CrashRpt1300.dll
2013-10-22 11:28 - 2013-10-22 11:28 - 26052096 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\Softonic\libcef.dll
2011-03-18 13:01 - 2011-03-18 13:01 - 00026624 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\Softonic\imageformats\qgif4.dll
2013-10-22 11:28 - 2013-10-22 11:28 - 00739840 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\Softonic\libglesv2.dll
2013-10-22 11:28 - 2013-10-22 11:28 - 00130048 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\Softonic\libegl.dll
2014-04-10 15:05 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 15:05 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 15:05 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 15:05 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 15:05 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 15:05 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-10 15:05 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
2014-04-18 17:05 - 2014-04-18 17:05 - 00117248 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\Temp\nscBF7.tmp\IpConfig.dll
2014-04-18 17:06 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2014-04-18 17:06 - 2014-02-28 18:29 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2014-04-18 17:09 - 2014-02-24 09:58 - 36571648 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeter\libcef.dll
2014-03-19 11:25 - 2014-03-19 11:25 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:403E9384
AlternateDataStreams: C:\ProgramData\Temp:6D3F84D7
AlternateDataStreams: C:\ProgramData\Temp:A8AF8B49

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: ArcCtrl
Description: ArcCtrl
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ArcCtrl
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2014 05:05:33 PM) (Source: MsiInstaller) (User: MarcusVogelgsan)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\GoogleUpdateHelper.msi

Error: (04/18/2014 04:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/18/2014 04:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/18/2014 04:52:45 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/18/2014 03:38:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/18/2014 03:38:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/18/2014 03:38:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/18/2014 02:25:52 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/18/2014 02:25:52 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/18/2014 02:25:52 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (04/18/2014 04:51:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (04/18/2014 04:51:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (04/18/2014 03:40:59 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/18/2014 02:27:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (04/18/2014 02:26:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (04/18/2014 02:25:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (04/18/2014 02:25:49 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (04/18/2014 02:24:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (04/18/2014 02:24:37 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (04/18/2014 02:24:36 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-06-16 16:14:33.045
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-16 16:14:33.042
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-16 16:14:33.040
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-16 16:14:33.014
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-16 16:14:33.012
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-16 16:14:33.010
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-15 07:43:20.948
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-15 07:43:20.948
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-15 07:43:20.932
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-15 07:43:20.917
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 16235.86 MB
Available physical RAM: 12777.77 MB
Total Pagefile: 32469.9 MB
Available Pagefile: 28761.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:682.54 GB) (Free:527.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 4E9BCD4F)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 19.04.2014 10:17
Stick anklemmen, nicht mehr abklemmen.

Panda USB Vaccine - Download - Filepony
Das laufen lassen zum Absichern des Sticks.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Marcus.V 19.04.2014 13:59
Combofix Logfile:
Code:
ComboFix 14-04-17.01 - Marcus Vogelgsang 19.04.2014  14:49:44.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.16236.13434 [GMT 2:00]
ausgeführt von:: c:\users\Marcus Vogelgsang\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Protected Search
c:\programdata\Microsoft\Windows\Start Menu\Programs\Protected Search\Protected Search Settings.lnk
c:\users\Marcus Vogelgsang\AppData\Local\nss717E.tmp
c:\users\Marcus Vogelgsang\AppData\Roaming\ba53b5653412854b92debc6a74aa72b32
c:\users\Public\AlexaNSISPlugin.3360.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-19 bis 2014-04-19  ))))))))))))))))))))))))))))))
.
.
2014-04-19 12:55 . 2014-04-19 12:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-19 12:51 . 2014-04-19 12:51        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7EAAE8D-9A2C-4C9E-A7FB-E3C6225FF8B3}\offreg.dll
2014-04-19 12:43 . 2014-04-19 12:43        --------        d-----w-        c:\programdata\Panda Security
2014-04-19 12:43 . 2014-04-19 12:43        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2014-04-18 20:52 . 2014-04-18 20:52        --------        d-----w-        c:\users\Marcus Vogelgsang\AppData\Roaming\DropboxMaster
2014-04-18 17:24 . 2014-04-17 03:31        10651704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7EAAE8D-9A2C-4C9E-A7FB-E3C6225FF8B3}\mpengine.dll
2014-04-18 15:08 . 2014-04-18 15:10        --------        d-----w-        C:\FRST
2014-04-18 15:05 . 2014-04-18 15:05        --------        d-----w-        c:\users\Marcus Vogelgsang\AppData\Local\PriceMeterLiveUpdate
2014-04-18 15:05 . 2014-04-18 15:05        --------        d-----w-        c:\programdata\PriceMeterLiveUpdate
2014-04-18 15:05 . 2014-04-18 15:05        --------        d-----w-        c:\program files (x86)\PriceMeterLiveUpdate
2014-04-18 15:05 . 2014-04-18 15:05        --------        d-----w-        c:\users\Marcus Vogelgsang\AppData\Roaming\PriceMeterUpdater
2014-04-18 13:40 . 2014-04-18 13:40        --------        d-----w-        c:\users\Marcus Vogelgsang\AppData\Local\CrashRpt
2014-04-18 13:39 . 2014-04-18 13:40        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-18 13:39 . 2014-04-18 13:39        --------        d-----w-        c:\programdata\Malwarebytes
2014-04-18 10:40 . 2014-04-18 10:40        --------        d-----w-        c:\users\Marcus Vogelgsang\AppData\Roaming\AVAST Software
2014-04-18 10:38 . 2014-04-18 10:38        --------        d-----w-        c:\program files (x86)\Siber Systems
2014-04-18 10:37 . 2014-04-18 10:37        84816        ----a-w-        c:\windows\system32\drivers\aswStm.sys
2014-04-18 10:37 . 2014-04-18 10:37        208928        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-04-18 10:37 . 2014-04-18 10:37        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-04-18 10:37 . 2014-04-18 10:37        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-04-18 10:37 . 2014-04-18 10:37        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-04-18 10:37 . 2014-04-18 10:37        423240        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2014-04-18 10:37 . 2014-04-18 10:37        1039096        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2014-04-18 10:37 . 2014-04-18 10:37        334648        ----a-w-        c:\windows\system32\aswBoot.exe
2014-04-18 10:37 . 2014-04-18 10:37        43152        ----a-w-        c:\windows\avastSS.scr
2014-04-18 10:36 . 2014-04-18 10:36        --------        d-----w-        c:\program files\AVAST Software
2014-04-18 10:36 . 2014-04-18 10:36        --------        d-----w-        c:\programdata\AVAST Software
2014-04-18 10:31 . 2014-04-18 10:31        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2014-04-12 07:42 . 2013-12-17 07:50        554306        --sha-w-        c:\users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe
2014-04-11 12:06 . 2014-04-11 12:06        --------        d-sh--w-        c:\users\Marcus Vogelgsang\AppData\Local\EmieUserList
2014-04-11 12:06 . 2014-04-11 12:06        --------        d-sh--w-        c:\users\Marcus Vogelgsang\AppData\Local\EmieSiteList
2014-04-10 11:08 . 2014-04-10 11:08        --------        d-----w-        c:\users\Marcus Vogelgsang\AppData\Local\TB
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-10 15:56 . 2012-04-09 19:47        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-03-19 09:25 . 2012-04-06 18:12        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-19 09:25 . 2011-10-20 09:22        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-10 10:58        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-17 20:49        3156480        ----a-w-        c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-17 20:47        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-17 20:47        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-17 20:47        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-17 20:47        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-17 20:49        484864        ----a-w-        c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-17 20:49        381440        ----a-w-        c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-17 20:49        228864        ----a-w-        c:\windows\system32\wwansvc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2013-10-04 04:05        1573560        ----a-w-        c:\progra~2\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrmServer.exe"="c:\program files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe" [2010-12-21 746768]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-09-04 1315144]
"Microsoft"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-18 3854640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Nach Updates suchen.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe -s -c -f="UpdateTVC6.xml" -p="TVCenter" -language=DE -url=hxxp://www.pctvsystems.com/Portals/pctv/WebUpdaterFiles [2009-4-17 238864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" -autostart
.
R1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 pricemeterliveUpdate;PriceMeterLiveUpdate Service (pricemeterliveUpdate);c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe;c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 pricemeterliveUpdatem;PriceMeterLiveUpdate Service (pricemeterliveUpdatem);c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe;c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys;c:\windows\SYSNATIVE\DRIVERS\azvusb.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 13:05        1077576        ----a-w-        c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 09:25]
.
2014-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10 13:05]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10 13:05]
.
2014-04-19 c:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-04-18 15:05]
.
2014-04-18 c:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-04-18 15:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-18 10:37        290888        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&st=chrome&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&st=chrome&q=
mStart Page = hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&st=chrome&q=
mSearch Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&st=chrome&q=
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=fd8dd8a6-bd80-4116-acaa-32bcd857b46a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - (no file)
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0214c - c:\users\Marcus Vogelgsang\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Wow6432Node-HKCU-Run-PriceMeterW - c:\users\Marcus Vogelgsang\AppData\Local\PriceMeter\pricemeterw.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-19  14:56:39
ComboFix-quarantined-files.txt  2014-04-19 12:56
.
Vor Suchlauf: 14 Verzeichnis(se), 569.305.092.096 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 570.926.264.320 Bytes frei
.
- - End Of File - - 5C36FBC52E91BCE7AFC16E289C02CE51
--- --- ---

schrauber 19.04.2014 22:42
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Marcus.V 20.04.2014 08:38
mbam.txt lässt sich nicht speichern. Programm bendet sich immer

2014/04/20 09:03:40 +0200 m.Xml yes 2.00.1.1004 v2014.04.20.03 v2014.03.27.01 trial enabled enabled disabled Windows 7 Service Pack 1 x64 Marcus Vogelgsang NTFS threat completed 273138 615 1 1 99 4 9 19 113 0 enabled enabled enabled enabled disabled disabled enabled enabled enabled C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exePUP.Optional.PriceMeter.Adelete-on-reboot22085f340e1e9fdce452b22410612ad803fd C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dllPUP.Optional.PriceMeter.Adelete-on-reboot1d762705ef8c211555e33c2a689a30d0 HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}PUP.Optional.Delta.Asuccess662d60cc611ae74f79b4ce7ed32f9769 HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}PUP.Optional.Delta.Asuccess662d60cc611ae74f79b4ce7ed32f9769 HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}PUP.Optional.Wajam.Asuccessdab963c9c0bb0333f215da73dd25d42c HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}PUP.Optional.Wajam.Asuccessdab963c9c0bb0333f215da73dd25d42c HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}PUP.Optional.Iminent.Asuccessc6cdd05c2e4d2c0acba8a6a66f93e51b HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}PUP.Optional.Iminent.Asuccessc0d32dff1a6168cec6ae123a9969669a HKLM\SOFTWARE\CLASSES\CrossriderApp0039030.BHOPUP.Optional.CrossRider.Asuccess543f48e4374479bde49250469e65ec14 HKLM\SOFTWARE\CLASSES\CrossriderApp0039030.BHO.1PUP.Optional.CrossRider.Asuccess880b34f845364ee8314597ff867d9868 HKLM\SOFTWARE\CLASSES\CrossriderApp0039030.SandboxPUP.Optional.CrossRider.Asuccessd6bd9a92314ac175c1b5623407fcaf51 HKLM\SOFTWARE\CLASSES\CrossriderApp0039030.Sandbox.1PUP.Optional.CrossRider.Asuccessfd96ce5edf9c1a1c3244544233d06f91 HKLM\SOFTWARE\CLASSES\iMeshIEHelper.DNSGuardPUP.Optional.iMeshMusicBoxTB.Asuccess484b3cf01269ce68ca5aef93cb37c63a HKLM\SOFTWARE\CLASSES\iMeshIEHelper.DNSGuard.1PUP.Optional.iMeshMusicBoxTB.Asuccessf1a2ce5ec1ba47ef9d87c4be13ef6e92 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9PUP.Optional.PriceMeter.Asuccessc9ca76b699e275c17168a0d1857d629e HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachinePUP.Optional.PriceMeter.Asuccess395a88a4a6d51323d009b8b924def40c HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0PUP.Optional.PriceMeter.Asuccess385b6fbddaa1043210c98be6877b619f HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3PUP.Optional.PriceMeter.Asuccess920170bc136873c3eeea4928a161a55b HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsyncPUP.Optional.PriceMeter.Asuccess98fb62ca19626dc9e4f588e9649e9967 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0PUP.Optional.PriceMeter.Asuccess0f848ca00972ab8b8c4d353c91711ae6 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClassPUP.Optional.PriceMeter.Asuccessa1f2e349bbc08caad207db961ee4ad53 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1PUP.Optional.PriceMeter.Asuccesseda6d5579edd3afc2bae056c1be7f20e HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClassPUP.Optional.PriceMeter.Asuccess147fbd6fec8fab8bdefba8c9c24038c8 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1PUP.Optional.PriceMeter.Asuccesse6ad65c7b4c70b2b54851f5227dbb050 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachinePUP.Optional.PriceMeter.Asuccessa6edf4383d3eb87eb92094ddba48768a HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0PUP.Optional.PriceMeter.Asuccess365d220a196223138b4e036e659d06fa HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachinePUP.Optional.PriceMeter.Asuccessc0d353d97cff2e087366c4ad04fe7f81 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0PUP.Optional.PriceMeter.Asuccess2073a28ab7c44ceaf6e3c6ab0ef47c84 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallbackPUP.Optional.PriceMeter.Asuccesse3b00923fd7e142203d6a1d0887a8e72 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0PUP.Optional.PriceMeter.Asuccessdeb5042832497eb89d3cff72f50d9070 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvcPUP.Optional.PriceMeter.Asuccess276c0c201a6145f1895028498a7818e8 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0PUP.Optional.PriceMeter.Asuccessb5dec16b4a3156e0f4e5e889ce347d83 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncherPUP.Optional.PriceMeter.Asuccesseba86ebe96e5d75fdefb83eeef1324dc HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0PUP.Optional.PriceMeter.Asuccess2c672408d9a265d1f6e31e5350b2d030 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassServicePUP.Optional.PriceMeter.Asuccesse8ab58d4accf6accd801521f2ad81be5 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0PUP.Optional.PriceMeter.Asuccess2370b874d0ab122411c88fe2f60c659b HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachinePUP.Optional.PriceMeter.Asuccessd0c38f9d0477a98d8257b8b98082ce32 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0PUP.Optional.PriceMeter.Asuccess0c876cc086f5d6607c5ddb9641c1e719 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallbackPUP.Optional.PriceMeter.Asuccessc8cb4fdd0576a98ddefb165b986ad729 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0PUP.Optional.PriceMeter.Asuccess474c6dbfb7c40a2c01d89ed326dc7f81 HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvcPUP.Optional.PriceMeter.Asuccess355e1913ea9160d6f0e93839659df30d HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0PUP.Optional.PriceMeter.Asuccessc8cb17150873999d2eabd79add251be5 HKLM\SOFTWARE\WOW6432NODE\DealPlyLivePUP.Optional.DealPly.Asuccess850e7cb093e88aac4fa1a8eea1623ac6 HKLM\SOFTWARE\WOW6432NODE\IminentPUP.Optional.Iminent.Asuccess8f04d65697e4a591f26020607191c739 HKLM\SOFTWARE\WOW6432NODE\Plus-HD-3.8PUP.Optional.PlusHD.Asuccess1281c369daa142f465c25230a85a847c HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0039030.BHOPUP.Optional.CrossRider.Asuccessace7a7858bf0b77f2551672f8a790ef2 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0039030.BHO.1PUP.Optional.CrossRider.Asuccessf79cb87489f268ce05716432768d6799 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0039030.SandboxPUP.Optional.CrossRider.Asuccessace7012bc9b243f3b3c31c7a42c1748c HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0039030.Sandbox.1PUP.Optional.CrossRider.Asuccess167d1715cfac41f580f697ffe41f19e7 HKLM\SOFTWARE\WOW6432NODE\CLASSES\iMeshIEHelper.DNSGuardPUP.Optional.iMeshMusicBoxTB.Asuccess3063c66693e879bd47dd87fb44be0ff1 HKLM\SOFTWARE\WOW6432NODE\CLASSES\iMeshIEHelper.DNSGuard.1PUP.Optional.iMeshMusicBoxTB.Asuccessf0a3f83407749b9b3de7641efd058080 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9PUP.Optional.PriceMeter.Asuccess4251cc60116a04325683c7aa946e827e HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachinePUP.Optional.PriceMeter.Asuccessf79cca62601b48ee1cbdd89908fab848 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0PUP.Optional.PriceMeter.Asuccess147f1616502b46f08d4c3d340af83 7c9 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3PUP.Optional.PriceMeter.Asuccess603332fab2c9fc3a03d5125f43bf14ec HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsyncPUP.Optional.PriceMeter.Asuccesse2b1b6760e6d0f27cc0d9ad78181bc44 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0PUP.Optional.PriceMeter.Asuccess7e1514185b20f34307d23b36768c5aa6 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClassPUP.Optional.PriceMeter.Asuccess058e9f8db7c457dfd405de93b74b768a HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1PUP.Optional.PriceMeter.Asuccessdeb5919bb1ca0e28e1f896dbef137a86 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClassPUP.Optional.PriceMeter.Asuccess880b85a77cffd95d56832a474bb7da26 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1PUP.Optional.PriceMeter.Asuccessa8eb0725413af73fb128d899ee14cf31 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachinePUP.Optional.PriceMeter.Asuccess43509b91235841f5cb0ec0b15aa8e020 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0PUP.Optional.PriceMeter.Asuccess31623af2423963d39544fc75936f34 cc HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachinePUP.Optional.PriceMeter.Asuccess41524ce05922df574f8a4031f70b50b0 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0PUP.Optional.PriceMeter.Asuccessd8bb37f57b00ca6c4693ff72738f53 ad HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallbackPUP.Optional.PriceMeter.Asuccess890a61cb0972bd798752caa731 d16f91 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0PUP.Optional.PriceMeter.Asuccess0093c369b6c5a98db128f9 788d75a25e HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvcPUP.Optional.PriceMeter.Asuccess751e71bb02798fa7f3e6502130d2c53b HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0PUP.Optional.PriceMeter.Asuccess3b58b379d2a91c1a8e4b0c65c9396e92 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncherPUP.Optional.PriceMeter.Asuccess266d939998e3f83e5d7cbab71ee433cd HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0PUP.Optional.PriceMeter.Asuccess3b581418aad1b77fa6330c65c83a02fe HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassServicePUP.Optional.PriceMeter.Asuccess00931d0f87f44cea439611600cf646ba HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0PUP.Optional.PriceMeter.Asuccess296ad557235835019346f1803fc3cb3 5 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachinePUP.Optional.PriceMeter.Asuccessb8db0b21433804328455403104fe1ce4 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0PUP.Optional.PriceMeter.Asuccessc6cd44e8a6d53006c811541d34cef60a HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallbackPUP.Optional.PriceMeter.Asuccess454ed25ae695082ed2076b06e61c768a HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0PUP.Optional.PriceMeter.Asuccess930086a604777abc9049f27fa55d 3bc5 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvcPUP.Optional.PriceMeter.Asuccess524178b490eb67cf6970e28fdb27f010 HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0PUP.Optional.PriceMeter.Asuccess6231bd6fd0ab65d1ae2b74fd1de523dd HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pricemeterliveUpdatePUP.Optional.PriceMeter.Asuccess5f340e1e9fdce452b22410612ad803fd HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pricemeterliveUpdatemPUP.Optional.PriceMeter.Asuccess5f340e1e9fdce452b22410612ad803fd HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_ToolbarPUP.Optional.DataMngr.Asuccessafe4a686e39883b3cd97b1e48e756997 HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\IminentPUP.Optional.Iminent.Asuccessc7ccb27af289af87a3b01e6245bd35cb HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-3.8PUP.Optional.PlusHD.Asuccessf59eb27afc7f68ce1ff98ae8d32faf51 HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGongPUP.Optional.PriceGong.Asuccess444f77b5bfbc72c44d51ee8b21e1a55b HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueAppsPUP.Optional.ValueApps.Asuccess761d0a220576db5bc0100c7311f157a9 HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\ToolbarsPUP.Optional.AlexaTB.Asuccess593a83a9b6c531050b1794088b78be42 HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1SPUP.Optional.InstallCore.Asuccess227153d9ef8c49edc6934f30917102fe HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCOREPUP.Optional.InstallCore.Asuccess4c475ece8eed37ffe3a9dfb6788b16ea HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Plus HDPUP.Optional.PlusHD.Asuccess3a59d35973082115a574b4be52b06997 HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINTPUP.Optional.SearchProtect.Asuccessc6cd5ad2cead61d5554bfd8110f2c43c HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal DownloaderPUP.Optional.Softonic.Asuccess355e17158bf06ccab8cb76f70cf6a45c HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plus-HD-3.8PUP.Optional.PlusHD.Asuccess2e651d0f007b270f8f9d6105d1310af6 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}PUP.Optional.PriceMeter.Asuccess1d762705ef8c211555e33c2a689a30d0 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89449F37-4AB2-46ED-A566-BB3A7797701B}PUP.Optional.PriceMeter.Asuccess1d762705ef8c211555e33c2a689a30d0 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{89449F37-4AB2-46ED-A566-BB3A7797701B}PUP.Optional.PriceMeter.Asuccess1d762705ef8c211555e33c2a689a30d0 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}PUP.Optional.PriceMeter.Asuccess1d762705ef8c211555e33c2a689a30d0 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F509ADC2-B40E-470F-A7B7-45191486B5CB}PUP.Optional.PriceMeter.Asuccess1d762705ef8c211555e33c2a689a30d0 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F509ADC2-B40E-470F-A7B7-45191486B5CB}PUP.Optional.PriceMeter.Asuccess1d762705ef8c211555e33c2a689a30d0 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}PUP.Optional.PriceMeter.Asuccess1d762705ef8c211555e33c2a689a30d0 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}PUP.Optional.PriceMeter.Asuccess1d762705ef8c211555e33c2a689a30d0 HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}PUP.Optional.InboxToolBar.Asuccess662d48e4cfaca5915619eb62c93921df HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{D7E97865-918F-41E4-9CD0-25AB1C574CE8}PUP.Optional.InboxToolBar.Asuccess

AdwCleaner Logfile:
Code:
# AdwCleaner v3.100 - Bericht erstellt am 20/04/2014 um 09:16:26
# Aktualisiert 20/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Marcus Vogelgsang - MARCUSVOGELGSAN
# Gestartet von : C:\Users\Marcus Vogelgsang\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\PriceMeterLiveUpdate
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\iLivid
Ordner Gelöscht : C:\Program Files (x86)\iMesh Applications
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\Protected Search
Ordner Gelöscht : C:\Program Files (x86)\Red Sky
Ordner Gelöscht : C:\Program Files (x86)\SiteRanker
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\.android
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\DownTango
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\NativeMessaging
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\PriceMeterLiveUpdate
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\Software_Updater
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\SoftwareUpdater
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\LocalLow\SiteRanker
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\DVDVideoSoft
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\pluswinks
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\Software
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jopemfhojpebdeollanchfjhpbkcijoi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Datei Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\FreeDriverScout
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [siteranker@siteranker.com]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\jopemfhojpebdeollanchfjhpbkcijoi
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jopemfhojpebdeollanchfjhpbkcijoi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKCU\Software\5f08fdfb039bf13
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3311336
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3312806
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322902230}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355905530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344904430}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{042DA63B-0933-403D-9395-B49307691690}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355905530}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\fTalk
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\performersoft llc
Schlüssel Gelöscht : HKCU\Software\ProtectedSearch
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\SiteRanker
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\torch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\iMeshSRTB
Schlüssel Gelöscht : HKLM\Software\SearchquSRTB
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\torch
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [29929 octets] - [20/04/2014 09:15:29]
AdwCleaner[S0].txt - [26279 octets] - [20/04/2014 09:16:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26340 octets] ##########
--- --- ---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Marcus Vogelgsang on 20.04.2014 at 9:21:47,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3727746948-312616605-306874443-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3727746948-312616605-306874443-1001\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311901130}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0F25880-3649-4E9D-8377-CACBAA942BD0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F9BA8761-2258-46B5-9F12-FCC57CED83C0}



~~~ Files

Successfully deleted: [File] "C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\startmenu\startfenster.lnk"
Successfully deleted: [File] "C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Marcus Vogelgsang\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{146E3582-09F1-4D43-96B5-C0BA1022FD01}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{19EF52DF-74BA-4B10-B2B7-F84BE4E62B2D}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{1F9152C4-1886-4110-A06C-4AA831CF6780}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{2712F35C-0880-4927-9080-3A3AA4A768A0}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{2CC8AA98-E1AA-4D74-93B2-20470A32BACE}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{2CD98239-6E5B-4920-8A29-F71DFCBF2F76}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{2EB3BF1D-5280-4F55-8874-18447B088EED}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{446C6F1B-8116-4253-A248-3A3DBA3EE8FD}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{4A340B4C-9243-4557-8B87-7A26A23BF577}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{60946E68-948E-4186-A25B-6256B6F187C5}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{6F7ABDE5-0BBA-49E0-A415-15BE6B41FAA9}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{725268D9-FDD7-44B9-98F4-69CE66DA0B20}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{7EFC7BFE-59FE-4090-9DA4-73CFEF2C9623}
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{BD8A9438-8164-4137-9AAF-07FE485F2646}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.04.2014 at 9:30:31,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Marcus Vogelgsang (administrator) on MARCUSVOGELGSAN on 20-04-2014 09:32:30
Running from C:\Users\Marcus Vogelgsang\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(PCTV Systems S.à r.l.) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-18] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [StrmServer.exe] => C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe [746768 2010-12-21] (PCTV Systems S.à r.l.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [Microsoft] => wscript.exe //B "C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe"
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL =
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{E3286BF1-E654-42FF-B4A6-5E111731DF6B} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{E3286BF1-E654-42FF-B4A6-5E111731DF6B} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcus Vogelgsang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-19]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-19]

Chrome:
=======
CHR HomePage: hxxp://de.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}
CHR RestoreOnStartup: "sync_promo": {
      "startup_count"
CHR StartupUrls: "hxxp://de.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}"
CHR DefaultSearchKeyword: www.yahoo.com
CHR DefaultSearchProvider: Yahoo! (Avast)
CHR DefaultSearchURL: hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-10]
CHR Extension: (Google Drive) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
CHR Extension: (YouTube) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
CHR Extension: (Google-Suche) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR Extension: (Google Mail) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-10]
CHR HKLM-x32\...\Chrome\Extension: [dgldkplledicnbnnliodeffobaiaodaf] - C:\Program Files (x86)\SiteRanker\Chrome\siterank_c.crx [2014-04-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-18]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-18] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 HPSLPSVC; C:\Users\MARCUS~1\AppData\Local\Temp\7zS79A1\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-18] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-18] ()
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 09:32 - 2014-04-20 09:32 - 02055680 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64 (1).exe
2014-04-20 09:30 - 2014-04-20 09:30 - 00003842 _____ () C:\Users\Marcus Vogelgsang\Desktop\JRT.txt
2014-04-20 09:21 - 2014-04-20 09:21 - 01016261 _____ (Thisisu) C:\Users\Marcus Vogelgsang\Downloads\JRT.exe
2014-04-20 09:21 - 2014-04-20 09:21 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 09:18 - 2014-04-20 09:18 - 00026653 _____ () C:\Users\Marcus Vogelgsang\Desktop\AdwCleaner[S0].txt
2014-04-20 09:15 - 2014-04-20 09:16 - 00000000 ____D () C:\AdwCleaner
2014-04-20 09:15 - 2014-04-20 09:15 - 01308369 _____ () C:\Users\Marcus Vogelgsang\Downloads\adwcleaner.exe
2014-04-20 09:14 - 2014-04-20 09:14 - 00058514 _____ () C:\Users\Marcus Vogelgsang\Desktop\m.Xml
2014-04-20 08:52 - 2014-04-20 08:52 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 08:52 - 2014-04-20 08:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 08:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 08:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-20 08:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-20 08:51 - 2014-04-20 08:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcus Vogelgsang\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 15:31 - 2014-04-19 15:31 - 00848856 _____ (Panda Security ) C:\Users\Marcus Vogelgsang\Downloads\USBVaccineSetup (1).exe
2014-04-19 15:31 - 2014-04-19 15:31 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-19 15:31 - 2014-04-19 15:31 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-19 14:56 - 2014-04-19 14:56 - 00029774 _____ () C:\ComboFix.txt
2014-04-19 14:48 - 2014-04-19 14:56 - 00000000 ____D () C:\Qoobox
2014-04-19 14:48 - 2014-04-19 14:55 - 00000000 ____D () C:\Windows\erdnt
2014-04-19 14:48 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-19 14:48 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-19 14:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-19 14:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-19 14:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-19 14:48 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-19 14:48 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-19 14:48 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-19 14:47 - 2014-04-19 14:47 - 05195154 ____R (Swearware) C:\Users\Marcus Vogelgsang\Downloads\ComboFix.exe
2014-04-19 14:43 - 2014-04-19 14:43 - 00848856 _____ (Panda Security ) C:\Users\Marcus Vogelgsang\Downloads\USBVaccineSetup.exe
2014-04-19 14:43 - 2014-04-19 14:43 - 00003042 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-18 22:52 - 2014-04-18 22:52 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\DropboxMaster
2014-04-18 22:51 - 2014-04-18 22:51 - 00315984 _____ (Dropbox, Inc.) C:\Users\Marcus Vogelgsang\Downloads\DropboxInstaller.exe
2014-04-18 22:00 - 2014-04-18 22:00 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\BW-Bank
2014-04-18 18:05 - 2014-04-18 18:05 - 00000043 _____ () C:\Users\Marcus Vogelgsang\AppData\Roaming\WB.CFG
2014-04-18 17:09 - 2014-04-20 09:32 - 00018944 _____ () C:\Users\Marcus Vogelgsang\Downloads\FRST.txt
2014-04-18 17:09 - 2014-04-18 17:10 - 00053124 _____ () C:\Users\Marcus Vogelgsang\Downloads\Addition.txt
2014-04-18 17:08 - 2014-04-20 09:32 - 00000000 ____D () C:\FRST
2014-04-18 17:07 - 2014-04-18 17:08 - 02158592 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64.exe
2014-04-18 17:06 - 2014-04-18 17:07 - 01146880 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST.exe
2014-04-18 17:05 - 2014-04-18 17:05 - 00003378 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-04-18 17:05 - 2014-04-18 17:05 - 00003300 _____ () C:\Windows\System32\Tasks\PriceMeterUpdater
2014-04-18 15:39 - 2014-04-20 09:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 15:39 - 2014-04-18 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 12:47 - 2014-04-18 13:27 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\Peter Orth
2014-04-18 12:40 - 2014-04-18 12:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-18 12:40 - 2014-04-18 12:40 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-18 12:40 - 2014-04-18 12:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\AVAST Software
2014-04-18 12:38 - 2014-04-18 12:38 - 00000000 ____D () C:\Program Files (x86)\Siber Systems
2014-04-18 12:37 - 2014-04-18 12:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-18 12:37 - 2014-04-18 12:37 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-18 12:33 - 2014-03-17 22:35 - 00000426 _____ () C:\AVScanner.ini
2014-04-18 12:31 - 2014-04-18 12:35 - 88551496 _____ (AVAST Software) C:\Users\Marcus Vogelgsang\Downloads\avast_free_antivirus_setup_9.0.2016.exe
2014-04-18 12:31 - 2014-04-18 12:31 - 00002050 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-04-18 12:31 - 2014-04-18 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-18 12:29 - 2014-04-18 12:30 - 21987424 _____ (Mozilla) C:\Users\Marcus Vogelgsang\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-12 09:42 - 2013-12-17 09:50 - 00554306 ___SH () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe
2014-04-11 16:31 - 2014-04-12 09:01 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\BHH2014Unfall
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieUserList
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieSiteList
2014-04-10 17:58 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 17:58 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 17:58 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 17:58 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 17:58 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 17:58 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 17:58 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 17:58 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 17:58 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 17:58 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 17:58 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 17:58 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 17:58 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 17:58 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 17:58 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 17:58 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 17:58 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 17:58 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 17:58 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 17:58 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-10 17:58 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-10 17:58 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-10 17:58 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 17:58 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 17:58 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-10 17:58 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-10 17:58 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-10 17:58 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-10 17:58 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 17:58 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-10 17:58 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-10 17:58 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-10 17:58 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-10 17:58 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 17:58 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-10 17:58 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 17:58 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-10 17:58 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-10 17:58 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 17:58 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-10 17:58 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-10 17:58 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-10 17:58 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 17:58 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 17:58 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 17:58 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-10 17:58 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-10 17:58 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-10 15:05 - 2014-04-20 09:17 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 15:05 - 2014-04-20 09:16 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 15:05 - 2014-04-18 19:21 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 15:05 - 2014-04-10 15:11 - 00004128 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-10 15:05 - 2014-04-10 15:11 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-10 13:08 - 2014-04-10 13:08 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\TB
2014-04-10 12:58 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 12:58 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 12:58 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 12:58 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 12:58 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 12:58 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 12:58 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 12:58 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 12:58 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 12:58 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 12:58 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 12:58 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 12:58 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-04-20 09:32 - 2014-04-20 09:32 - 02055680 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64 (1).exe
2014-04-20 09:32 - 2014-04-18 17:09 - 00018944 _____ () C:\Users\Marcus Vogelgsang\Downloads\FRST.txt
2014-04-20 09:32 - 2014-04-18 17:08 - 00000000 ____D () C:\FRST
2014-04-20 09:31 - 2012-04-06 23:00 - 01307298 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-20 09:31 - 2012-02-18 13:13 - 04152282 _____ () C:\Windows\system32\perfh007.dat
2014-04-20 09:31 - 2012-02-18 13:13 - 01255456 _____ () C:\Windows\system32\perfc007.dat
2014-04-20 09:30 - 2014-04-20 09:30 - 00003842 _____ () C:\Users\Marcus Vogelgsang\Desktop\JRT.txt
2014-04-20 09:25 - 2012-04-06 20:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 09:25 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 09:25 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 09:21 - 2014-04-20 09:21 - 01016261 _____ (Thisisu) C:\Users\Marcus Vogelgsang\Downloads\JRT.exe
2014-04-20 09:21 - 2014-04-20 09:21 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 09:18 - 2014-04-20 09:18 - 00026653 _____ () C:\Users\Marcus Vogelgsang\Desktop\AdwCleaner[S0].txt
2014-04-20 09:18 - 2014-04-18 15:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 09:18 - 2012-10-17 06:43 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-04-20 09:17 - 2014-04-10 15:05 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 09:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 09:17 - 2009-07-14 06:51 - 00157385 _____ () C:\Windows\setupact.log
2014-04-20 09:16 - 2014-04-20 09:15 - 00000000 ____D () C:\AdwCleaner
2014-04-20 09:16 - 2014-04-10 15:05 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 09:16 - 2012-03-23 22:44 - 00000000 ____D () C:\Users\Marcus Vogelgsang
2014-04-20 09:16 - 2012-02-18 04:20 - 01498767 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 09:15 - 2014-04-20 09:15 - 01308369 _____ () C:\Users\Marcus Vogelgsang\Downloads\adwcleaner.exe
2014-04-20 09:14 - 2014-04-20 09:14 - 00058514 _____ () C:\Users\Marcus Vogelgsang\Desktop\m.Xml
2014-04-20 09:04 - 2010-11-21 05:47 - 00426850 _____ () C:\Windows\PFRO.log
2014-04-20 08:52 - 2014-04-20 08:52 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 08:52 - 2014-04-20 08:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 08:52 - 2014-04-20 08:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcus Vogelgsang\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 22:44 - 2013-03-22 23:06 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Desktop\Motorsport
2014-04-19 15:31 - 2014-04-19 15:31 - 00848856 _____ (Panda Security ) C:\Users\Marcus Vogelgsang\Downloads\USBVaccineSetup (1).exe
2014-04-19 15:31 - 2014-04-19 15:31 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-19 15:31 - 2014-04-19 15:31 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-19 14:56 - 2014-04-19 14:56 - 00029774 _____ () C:\ComboFix.txt
2014-04-19 14:56 - 2014-04-19 14:48 - 00000000 ____D () C:\Qoobox
2014-04-19 14:55 - 2014-04-19 14:48 - 00000000 ____D () C:\Windows\erdnt
2014-04-19 14:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-19 14:47 - 2014-04-19 14:47 - 05195154 ____R (Swearware) C:\Users\Marcus Vogelgsang\Downloads\ComboFix.exe
2014-04-19 14:46 - 2009-07-14 07:13 - 01302192 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 14:43 - 2014-04-19 14:43 - 00848856 _____ (Panda Security ) C:\Users\Marcus Vogelgsang\Downloads\USBVaccineSetup.exe
2014-04-19 14:43 - 2014-04-19 14:43 - 00003042 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-18 22:55 - 2012-10-13 12:03 - 00000000 ___RD () C:\Users\Marcus Vogelgsang\Dropbox
2014-04-18 22:52 - 2014-04-18 22:52 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\DropboxMaster
2014-04-18 22:52 - 2012-10-13 12:03 - 00001064 _____ () C:\Users\Marcus Vogelgsang\Desktop\Dropbox.lnk
2014-04-18 22:52 - 2012-10-13 12:02 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-18 22:52 - 2012-10-13 12:02 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Dropbox
2014-04-18 22:51 - 2014-04-18 22:51 - 00315984 _____ (Dropbox, Inc.) C:\Users\Marcus Vogelgsang\Downloads\DropboxInstaller.exe
2014-04-18 22:00 - 2014-04-18 22:00 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\BW-Bank
2014-04-18 19:21 - 2014-04-10 15:05 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-18 19:09 - 2011-10-20 10:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-18 19:01 - 2012-03-23 22:48 - 00000000 ___RD () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-18 19:00 - 2013-02-07 22:11 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-18 18:05 - 2014-04-18 18:05 - 00000043 _____ () C:\Users\Marcus Vogelgsang\AppData\Roaming\WB.CFG
2014-04-18 17:10 - 2014-04-18 17:09 - 00053124 _____ () C:\Users\Marcus Vogelgsang\Downloads\Addition.txt
2014-04-18 17:08 - 2014-04-18 17:07 - 02158592 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64.exe
2014-04-18 17:07 - 2014-04-18 17:06 - 01146880 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST.exe
2014-04-18 17:05 - 2014-04-18 17:05 - 00003378 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-04-18 17:05 - 2014-04-18 17:05 - 00003300 _____ () C:\Windows\System32\Tasks\PriceMeterUpdater
2014-04-18 15:39 - 2014-04-18 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 14:22 - 2013-08-26 10:01 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\avgchrome
2014-04-18 13:27 - 2014-04-18 12:47 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\Peter Orth
2014-04-18 12:43 - 2014-04-18 12:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-18 12:42 - 2013-10-13 18:01 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-18 12:42 - 2013-10-13 17:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-18 12:42 - 2012-11-15 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-18 12:40 - 2014-04-18 12:40 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-18 12:40 - 2014-04-18 12:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\AVAST Software
2014-04-18 12:38 - 2014-04-18 12:38 - 00000000 ____D () C:\Program Files (x86)\Siber Systems
2014-04-18 12:37 - 2014-04-18 12:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-18 12:37 - 2014-04-18 12:37 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-18 12:35 - 2014-04-18 12:31 - 88551496 _____ (AVAST Software) C:\Users\Marcus Vogelgsang\Downloads\avast_free_antivirus_setup_9.0.2016.exe
2014-04-18 12:31 - 2014-04-18 12:31 - 00002050 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-04-18 12:31 - 2014-04-18 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-18 12:30 - 2014-04-18 12:29 - 21987424 _____ (Mozilla) C:\Users\Marcus Vogelgsang\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-18 12:19 - 2013-10-02 09:28 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Desktop\DTM
2014-04-18 12:17 - 2013-06-29 20:41 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Desktop\Musik
2014-04-12 14:19 - 2013-01-15 11:30 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\PdfGrabber
2014-04-12 10:19 - 2012-05-19 11:16 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\AD_LUMIX
2014-04-12 10:19 - 2011-01-01 00:00 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\DCIM
2014-04-12 09:01 - 2014-04-11 16:31 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\BHH2014Unfall
2014-04-12 09:01 - 2014-02-26 18:39 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Windows Live
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieUserList
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieSiteList
2014-04-11 10:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-11 07:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-10 17:59 - 2009-07-14 04:34 - 00000566 _____ () C:\Windows\win.ini
2014-04-10 17:58 - 2013-08-14 22:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 17:58 - 2012-04-08 21:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 17:56 - 2012-04-09 21:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 15:11 - 2014-04-10 15:05 - 00004128 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-10 15:11 - 2014-04-10 15:05 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-10 15:05 - 2012-04-06 22:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-10 15:04 - 2012-04-06 22:17 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Deployment
2014-04-10 15:00 - 2012-04-06 22:18 - 00000000 ____D () C:\Program Files\Google
2014-04-10 14:56 - 2012-04-06 22:18 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Google
2014-04-10 13:08 - 2014-04-10 13:08 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\TB
2014-04-03 09:51 - 2014-04-20 08:52 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 08:52 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 08:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 16:35

==================== End Of Log ============================
--- --- ---

--- --- ---

Marcus.V 20.04.2014 08:39
Hier nochmal die mbam.txt

<?xml version="1.0" encoding="UTF-8" ?>
<mbam-log>
<header>
<date>2014/04/20 09:03:40 +0200</date>
<log>m.Xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.04.20.03</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Marcus Vogelgsang</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>273138</objects>
<time>615</time>
<processes>1</processes>
<modules>1</modules>
<keys>99</keys>
<values>4</values>
<datas>9</datas>
<folders>19</folders>
<files>113</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>delete-on-reboot</action><pid>2208</pid><hash>5f340e1e9fdce452b22410612ad803fd</hash></process>
<module><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>delete-on-reboot</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></module>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</path><vendor>PUP.Optional.Delta.A</vendor><action>success</action><hash>662d60cc611ae74f79b4ce7ed32f9769</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</path><vendor>PUP.Optional.Delta.A</vendor><action>success</action><hash>662d60cc611ae74f79b4ce7ed32f9769</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}</path><vendor>PUP.Optional.Wajam.A</vendor><action>success</action><hash>dab963c9c0bb0333f215da73dd25d42c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}</path><vendor>PUP.Optional.Wajam.A</vendor><action>success</action><hash>dab963c9c0bb0333f215da73dd25d42c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>c6cdd05c2e4d2c0acba8a6a66f93e51b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>c0d32dff1a6168cec6ae123a9969669a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0039030.BHO</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>543f48e4374479bde49250469e65ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0039030.BHO.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>880b34f845364ee8314597ff867d9868</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0039030.Sandbox</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>d6bd9a92314ac175c1b5623407fcaf51</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0039030.Sandbox.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>fd96ce5edf9c1a1c3244544233d06f91</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\iMeshIEHelper.DNSGuard</path><vendor>PUP.Optional.iMeshMusicBoxTB.A</vendor><action>success</action><hash>484b3cf01269ce68ca5aef93cb37c63a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\iMeshIEHelper.DNSGuard.1</path><vendor>PUP.Optional.iMeshMusicBoxTB.A</vendor><action>success</action><hash>f1a2ce5ec1ba47ef9d87c4be13ef6e92</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>c9ca76b699e275c17168a0d1857d629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>395a88a4a6d51323d009b8b924def40c</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>385b6fbddaa1043210c98be6877b619f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>920170bc136873c3eeea4928a161a55b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>98fb62ca19626dc9e4f588e9649e9967</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>0f848ca00972ab8b8c4d353c91711ae6</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>a1f2e349bbc08caad207db961ee4ad53</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>eda6d5579edd3afc2bae056c1be7f20e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>147fbd6fec8fab8bdefba8c9c24038c8</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>e6ad65c7b4c70b2b54851f5227dbb050</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>a6edf4383d3eb87eb92094ddba48768a</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>365d220a196223138b4e036e659d06fa</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>c0d353d97cff2e087366c4ad04fe7f81</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>2073a28ab7c44ceaf6e3c6ab0ef47c84</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>e3b00923fd7e142203d6a1d0887a8e72</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>deb5042832497eb89d3cff72f50d9070</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>276c0c201a6145f1895028498a7818e8</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>b5dec16b4a3156e0f4e5e889ce347d83</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>eba86ebe96e5d75fdefb83eeef1324dc</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>2c672408d9a265d1f6e31e5350b2d030</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>e8ab58d4accf6accd801521f2ad81be5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>2370b874d0ab122411c88fe2f60c659b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>d0c38f9d0477a98d8257b8b98082ce32</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>0c876cc086f5d6607c5ddb9641c1e719</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>c8cb4fdd0576a98ddefb165b986ad729</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>474c6dbfb7c40a2c01d89ed326dc7f81</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>355e1913ea9160d6f0e93839659df30d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>c8cb17150873999d2eabd79add251be5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\DealPlyLive</path><vendor>PUP.Optional.DealPly.A</vendor><action>success</action><hash>850e7cb093e88aac4fa1a8eea1623ac6</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>8f04d65697e4a591f26020607191c739</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Plus-HD-3.8</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>1281c369daa142f465c25230a85a847c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0039030.BHO</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>ace7a7858bf0b77f2551672f8a790ef2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0039030.BHO.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>f79cb87489f268ce05716432768d6799</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0039030.Sandbox</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>ace7012bc9b243f3b3c31c7a42c1748c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0039030.Sandbox.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>167d1715cfac41f580f697ffe41f19e7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\iMeshIEHelper.DNSGuard</path><vendor>PUP.Optional.iMeshMusicBoxTB.A</vendor><action>success</action><hash>3063c66693e879bd47dd87fb44be0ff1</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\iMeshIEHelper.DNSGuard.1</path><vendor>PUP.Optional.iMeshMusicBoxTB.A</vendor><action>success</action><hash>f0a3f83407749b9b3de7641efd058080</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>4251cc60116a04325683c7aa946e827e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>f79cca62601b48ee1cbdd89908fab848</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>147f1616502b46f08d4c3d340af837c9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>603332fab2c9fc3a03d5125f43bf14ec</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>e2b1b6760e6d0f27cc0d9ad78181bc44</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>7e1514185b20f34307d23b36768c5aa6</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>058e9f8db7c457dfd405de93b74b768a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>deb5919bb1ca0e28e1f896dbef137a86</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>880b85a77cffd95d56832a474bb7da26</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>a8eb0725413af73fb128d899ee14cf31</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>43509b91235841f5cb0ec0b15aa8e020</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>31623af2423963d39544fc75936f34cc</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>41524ce05922df574f8a4031f70b50b0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>d8bb37f57b00ca6c4693ff72738f53ad</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>890a61cb0972bd798752caa731d16f91</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>0093c369b6c5a98db128f9788d75a25e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>751e71bb02798fa7f3e6502130d2c53b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>3b58b379d2a91c1a8e4b0c65c9396e92</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>266d939998e3f83e5d7cbab71ee433cd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>3b581418aad1b77fa6330c65c83a02fe</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>00931d0f87f44cea439611600cf646ba</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>296ad557235835019346f1803fc3cb35</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>b8db0b21433804328455403104fe1ce4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>c6cd44e8a6d53006c811541d34cef60a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>454ed25ae695082ed2076b06e61c768a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>930086a604777abc9049f27fa55d3bc5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>524178b490eb67cf6970e28fdb27f010</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>6231bd6fd0ab65d1ae2b74fd1de523dd</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pricemeterliveUpdate</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>5f340e1e9fdce452b22410612ad803fd</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pricemeterliveUpdatem</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>5f340e1e9fdce452b22410612ad803fd</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar</path><vendor>PUP.Optional.DataMngr.A</vendor><action>success</action><hash>afe4a686e39883b3cd97b1e48e756997</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>c7ccb27af289af87a3b01e6245bd35cb</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-3.8</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>f59eb27afc7f68ce1ff98ae8d32faf51</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>444f77b5bfbc72c44d51ee8b21e1a55b</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps</path><vendor>PUP.Optional.ValueApps.A</vendor><action>success</action><hash>761d0a220576db5bc0100c7311f157a9</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars</path><vendor>PUP.Optional.AlexaTB.A</vendor><action>success</action><hash>593a83a9b6c531050b1794088b78be42</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>227153d9ef8c49edc6934f30917102fe</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>4c475ece8eed37ffe3a9dfb6788b16ea</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Plus HD</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>3a59d35973082115a574b4be52b06997</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>c6cd5ad2cead61d5554bfd8110f2c43c</hash></key>
<key><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>355e17158bf06ccab8cb76f70cf6a45c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plus-HD-3.8</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89449F37-4AB2-46ED-A566-BB3A7797701B}</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{89449F37-4AB2-46ED-A566-BB3A7797701B}</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F509ADC2-B40E-470F-A7B7-45191486B5CB}</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F509ADC2-B40E-470F-A7B7-45191486B5CB}</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></key>
<value><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</path><valuename></valuename><vendor>PUP.Optional.InboxToolBar.A</vendor><action>success</action><valuedata></valuedata><hash>662d48e4cfaca5915619eb62c93921df</hash></value>
<value><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</valuename><vendor>PUP.Optional.InboxToolBar.A</vendor><action>success</action><valuedata>exéבäAœÐ%«WLè</valuedata><hash>662d48e4cfaca5915619eb62c93921df</hash></value>
<value><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0L1N1H2O1S</valuedata><hash>4c475ece8eed37ffe3a9dfb6788b16ea</hash></value>
<value><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT</path><valuename>Install</valuename><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><valuedata>1</valuedata><hash>c6cd5ad2cead61d5554bfd8110f2c43c</hash></value>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>Hijack.SearchPage</vendor><action>replaced</action><valuedata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</valuedata><baddata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>9ef51c10eb90e74fa0354cdb48bc36ca</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>Hijack.StartPage</vendor><action>replaced</action><valuedata>hxxp://search.certified-toolbar.com?si=66920&amp;st=home&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9</valuedata><baddata>hxxp://search.certified-toolbar.com?si=66920&amp;st=home&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9</baddata><gooddata>hxxp://www.google.com</gooddata><hash>bad9ca629ae1db5b567b59ce0ef6bd43</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Search Page</valuename><vendor>Hijack.SearchPage</vendor><action>replaced</action><valuedata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</valuedata><baddata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>b4df2efe037849ed8a4d0d1ab15302fe</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Search Bar</valuename><vendor>Hijack.SearchPage</vendor><action>replaced</action><valuedata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</valuedata><baddata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>f3a00c20ed8e4aec00d6ce591fe5837d</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH</path><valuename>Default_Search_URL</valuename><vendor>Hijack.SearchPage</vendor><action>replaced</action><valuedata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</valuedata><baddata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</baddata><gooddata>hxxp://www.google.com/</gooddata><hash>d2c168c42e4d2b0bffd961c623e147b9</hash></data>
<data><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>Hijack.SearchPage</vendor><action>replaced</action><valuedata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</valuedata><baddata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</baddata><gooddata>hxxp://www.google.com</gooddata><hash>b3e0bf6dc7b4a1958b472afd26dec838</hash></data>
<data><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH</path><valuename>Default_Search_URL</valuename><vendor>Hijack.SearchPage</vendor><action>replaced</action><valuedata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</valuedata><baddata>hxxp://search.certified-toolbar.com?si=66920&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;st=chrome&amp;q=</baddata><gooddata>hxxp://www.google.com/</gooddata><hash>9cf7d05c79020c2a66739e89e51fed13</hash></data>
<data><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH</path><valuename>SearchAssistant</valuename><vendor>PUP.Optional.Snapdo</vendor><action>replaced</action><valuedata>hxxp://feed.snapdo.com/?publisher=Bundlore&amp;dpid=Bundlore&amp;co=DE&amp;userid=fd8dd8a6-bd80-4116-acaa-32bcd857b46a&amp;searchtype=ds&amp;q={searchTerms}&amp;installDate=28/04/2013</valuedata><baddata>hxxp://feed.snapdo.com/?publisher=Bundlore&amp;dpid=Bundlore&amp;co=DE&amp;userid=fd8dd8a6-bd80-4116-acaa-32bcd857b46a&amp;searchtype=ds&amp;q={searchTerms}&amp;installDate=28/04/2013</baddata><gooddata>hxxp://www.google.com</gooddata><hash>a8ebce5ef38842f41c9688a02bd9c13f</hash></data>
<data><path>HKU\S-1-5-21-3727746948-312616605-306874443-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI</path><valuename>(Default)</valuename><vendor>PUP.Optional.SearchCertifiedTB.A</vendor><action>replaced</action><valuedata>hxxp://search.certified-toolbar.com?si=66920&amp;st=bs&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;q=%s</valuedata><baddata>hxxp://search.certified-toolbar.com?si=66920&amp;st=bs&amp;tid=6787&amp;ver=4.8&amp;ts=1380578400000.000008&amp;tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&amp;q=%s</baddata><gooddata>hxxp://www.google.com</gooddata><hash>029177b52655a0965ba6002aee162ed2</hash></data>
<folder><path>C:\ProgramData\IBUpdaterService</path><vendor>Adware.InstallBrain</vendor><action>success</action><hash>91024ddf36450630e071d798af5409f7</hash></folder>
<folder><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\SpeedAnalysis2</path><vendor>PUP.Optional.SpeedAnalysis.A</vendor><action>success</action><hash>1f74f7350873e650732d9bf8b25103fd</hash></folder>
<folder><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\OpenCandy</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>ff945ecec8b3be78798f223dc33ffd03</hash></folder>
<folder><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\OpenCandy\787794313D9E4C4F8F476AC981F509E6</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>ff945ecec8b3be78798f223dc33ffd03</hash></folder>
<folder><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\OpenCandy\9F712565036A4067B138BE468BAA59A7</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>ff945ecec8b3be78798f223dc33ffd03</hash></folder>
<folder><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\OpenCandy\AD2F533A6DC34439AE2E5402F29BDFB6</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>ff945ecec8b3be78798f223dc33ffd03</hash></folder>
<folder><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\File Scout</path><vendor>PUP.Optional.FileScout.A</vendor><action>success</action><hash>a8eb012b3a41d26441df76e94cb68f71</hash></folder>
<folder><path>C:\ProgramData\Conduit\IE</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>96fdfb317dfe5dd943517ee1c83aa060</hash></folder>
<folder><path>C:\Program Files (x86)\Plus-HD-3.8</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></folder>
<folder><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\PriceMeterUpdater</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>454e1f0d7dfe5cdac07773f327dba45c</hash></folder>
<folder><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\PriceMeterUpdater\UpdateProc</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>454e1f0d7dfe5cdac07773f327dba45c</hash></folder>
<folder><path>C:\Program Files (x86)\PriceMeterLiveUpdate</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>delete-on-reboot</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></folder>
<folder><path>C:\Program Files (x86)\PriceMeterLiveUpdate\CrashReports</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></folder>
<folder><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>delete-on-reboot</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></folder>
<folder><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>delete-on-reboot</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></folder>
<folder><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Download</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></folder>
<folder><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Install</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></folder>
<folder><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Offline</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></folder>
<folder><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Offline\{34BE3099-740D-44EC-9F56-46A01F0AC703}</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></folder>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\File Scout\filescout.exe</path><vendor>PUP.Optional.FileScout.A</vendor><action>success</action><hash>365daf7dbbc0231322aee51db150ea16</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\iLividSetup-r1228-n-bc.exe</path><vendor>PUP.Optional.Bandoo</vendor><action>success</action><hash>662d8e9e700bf5417039fd07ad5436ca</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\Java.exe</path><vendor>PUP.Optional.BundleInstaller.A</vendor><action>success</action><hash>eca7cb61215a3ff7e4d24defd130af51</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\Java7.exe</path><vendor>Trojan.Dropper.FJ</vendor><action>success</action><hash>187b6fbd0c6f50e6d23618121ae6ee12</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\Player-Chrome.exe</path><vendor>PUP.Optional.OptimumInstaller.A</vendor><action>success</action><hash>f1a2f13be398b185a70a30186f928a76</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\rcpsetupmapp3_mapp31518191 (1).exe</path><vendor>PUP.Optional.RegCleanerPro</vendor><action>success</action><hash>336059d3c7b4ef47717219ecb24fb44c</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\rcpsetupmapp3_mapp31518191.exe</path><vendor>PUP.Optional.RegCleanerPro</vendor><action>success</action><hash>2b688ca0c4b75dd9f7ec699c55acbd43</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\Setup (1).exe</path><vendor>PUP.Optional.MSILLauncher.A</vendor><action>success</action><hash>5b386fbd4338ed4951a7d535bf42728e</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\Setup (2).exe</path><vendor>PUP.Optional.MSILLauncher.A</vendor><action>success</action><hash>d2c1b8740f6c2511ec0c15f53fc233cd</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\MyPhoneExplorer_Setup_1.8.5.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>0b88f23aa2d91224a7facb81d1330af6</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\setup (3).exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>4a494ede90eb70c622298637976c35cb</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\setup (4).exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>6e25bd6fbebd58decd7e6459f80bfc04</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\setup (5).exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>a1f244e8bcbfff3789c23c8123e0f709</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\setup (6).exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>dbb859d3007bb3834a014a738d7607f9</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>d6bdd25a8eed7abc9276c3588e7348b8</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\Downloads\Babylon9_setup.exe</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>543fc666344790a605b40816857b0000</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Local\DownloadGuide\mconduitinstaller.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>b2e1e24aabd058de1bb9e43a5aa6936d</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Local\DownloadGuide\plus-hd-3-8.exe</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>f69d9993ee8dd95d889f8994ef12d927</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Local\DownloadGuide\wajam_download.exe</path><vendor>PUP.Optional.Wajam</vendor><action>success</action><hash>0093ab81176451e5025f66b8bd43b749</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Local\DownloadGuide\Offers\hometab.exe</path><vendor>PUP.Optional.HomeTab.A</vendor><action>success</action><hash>870cfa328eed1323970d33dcec15be42</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>415243e96f0c50e6ab7c70ad37cafb05</hash></file>
<file><path>C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1e75d25a6d0e62d41cbe482959a93fc1</hash></file>
<file><path>C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>d6bdc765c3b8211507d31f52a35f37c9</hash></file>
<file><path>C:\Windows\System32\roboot64.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>e0b3a686a1da25118e856b0ee31f8e72</hash></file>
<file><path>C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml</path><vendor>PUP.Optional.SearchCertifiedTB.A</vendor><action>success</action><hash>eba81f0dea914ceaa1cb057647bbb050</hash></file>
<file><path>C:\ProgramData\IBUpdaterService\repository.xml</path><vendor>Adware.InstallBrain</vendor><action>success</action><hash>91024ddf36450630e071d798af5409f7</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx</path><vendor>PUP.Optional.SpeedAnalysis.A</vendor><action>success</action><hash>1f74f7350873e650732d9bf8b25103fd</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\speedanalysis.ico</path><vendor>PUP.Optional.SpeedAnalysis2.A</vendor><action>success</action><hash>b9dac26a88f3de58d8ac1086887b6898</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>delete-on-reboot</action><hash>5f340e1e9fdce452b22410612ad803fd</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\OpenCandy\787794313D9E4C4F8F476AC981F509E6\TuneUpUtilities2013_2200218_de-DE.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>ff945ecec8b3be78798f223dc33ffd03</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\OpenCandy\9F712565036A4067B138BE468BAA59A7\spotflux-latestPC.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>ff945ecec8b3be78798f223dc33ffd03</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\OpenCandy\AD2F533A6DC34439AE2E5402F29BDFB6\TuneUpUtilities2013_2200218_de-DE.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>ff945ecec8b3be78798f223dc33ffd03</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\File Scout\uninst.exe</path><vendor>PUP.Optional.FileScout.A</vendor><action>success</action><hash>a8eb012b3a41d26441df76e94cb68f71</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\39030.crx</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\background.html</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\Installer.log</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bg.exe</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil.dll</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil.exe</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil64.dll</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil64.exe</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-helper.exe</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8.ico</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\Uninstall.exe</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Program Files (x86)\Plus-HD-3.8\utils.exe</path><vendor>PUP.Optional.PlusHD.A</vendor><action>success</action><hash>2e651d0f007b270f8f9d6105d1310af6</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\PriceMeterUpdater\UpdateProc\config.dat</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>454e1f0d7dfe5cdac07773f327dba45c</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\PriceMeterUpdater\UpdateProc\info.dat</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>454e1f0d7dfe5cdac07773f327dba45c</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\PriceMeterUpdater\UpdateProc\STTL.DAT</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>454e1f0d7dfe5cdac07773f327dba45c</hash></file>
<file><path>C:\Users\Marcus Vogelgsang\AppData\Roaming\PriceMeterUpdater\UpdateProc\TTL.DAT</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>454e1f0d7dfe5cdac07773f327dba45c</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_de.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_el.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_en-GB.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_en.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_es-419.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_es.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_et.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fa.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fi.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fil.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fr.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_gu.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hi.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hr.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hu.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_id.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_it.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_iw.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ja.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_kn.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ko.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_lt.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_lv.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ml.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_mr.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ms.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_nl.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_no.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pl.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pt-BR.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pt-PT.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ro.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>delete-on-reboot</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_am.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ar.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_bg.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_bn.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ca.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_cs.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sk.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sl.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sr.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sv.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sw.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ta.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_te.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_th.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_tr.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_uk.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ur.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_vi.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_zh-CN.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_zh-TW.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdate.exe</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateBroker.exe</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateHandler.exe</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateHelper.msi</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateOnDemand.exe</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\psmachine.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\psuser.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_da.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_is.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
<file><path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ru.dll</path><vendor>PUP.Optional.PriceMeter.A</vendor><action>success</action><hash>1d762705ef8c211555e33c2a689a30d0</hash></file>
</items>
</mbam-log>

schrauber 20.04.2014 18:21

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Marcus.V 21.04.2014 20:20
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=74bb930daae8f34d82fb9fe9d572202f
# engine=17967
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-21 06:32:49
# local_time=2014-04-21 08:32:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 76 287718 287737 0 0
# compatibility_mode=5893 16776573 100 94 125462 149735019 0 0
# scanned=214377
# found=5
# cleaned=0
# scan_time=5374
sh=813F99C162730B22A391A287FA9BA6A954C2977C ft=1 fh=545f8627a3352333 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir"
sh=AEC860E4CDE64D747F215B83C8DE70EE0EBCB3A0 ft=1 fh=cde73a4bb58c0fe9 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
sh=12A9313D86CC0E3AF8D9EE8CC318DE4C9A7C3974 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\Marcus Vogelgsang\Documents\Peter Orth\Abschluss - Jahres Ordner Motodrom ab 2005-\Motordrom2005.lnk"
sh=DFB417DF1C57E81CC616AC37AD86FE95B3567180 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Wauchos.A trojan" ac=I fn="C:\Users\Marcus Vogelgsang\Dropbox\.dropbox.cache\2014-04-18\Rechnung (deleted 2eac846de2de1403b59acbd31c2174c6).zip"

Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
AVG PC TuneUp 2014 (de-DE)
Java(TM) 6 Update 37
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Adobe Reader XI
Mozilla Thunderbird (24.4.0)
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Google Chrome Application AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014 01
Ran by Marcus Vogelgsang (administrator) on MARCUSVOGELGSAN on 21-04-2014 21:15:48
Running from C:\Users\Marcus Vogelgsang\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(PCTV Systems S.à r.l.) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64 (2).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-18] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [StrmServer.exe] => C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe [746768 2010-12-21] (PCTV Systems S.à r.l.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [Microsoft] => wscript.exe //B "C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe"
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL =
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{E3286BF1-E654-42FF-B4A6-5E111731DF6B} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{E3286BF1-E654-42FF-B4A6-5E111731DF6B} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcus Vogelgsang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-19]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-19]

Chrome:
=======
CHR HomePage: hxxp://de.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}
CHR RestoreOnStartup: "sync_promo": {
      "startup_count"
CHR StartupUrls: "hxxp://de.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}"
CHR DefaultSearchKeyword: www.yahoo.com
CHR DefaultSearchProvider: Yahoo! (Avast)
CHR DefaultSearchURL: hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-10]
CHR Extension: (Google Drive) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
CHR Extension: (YouTube) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
CHR Extension: (Google-Suche) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR Extension: (Google Mail) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-10]
CHR HKLM-x32\...\Chrome\Extension: [dgldkplledicnbnnliodeffobaiaodaf] - C:\Program Files (x86)\SiteRanker\Chrome\siterank_c.crx [2014-04-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-18]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-18] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 HPSLPSVC; C:\Users\MARCUS~1\AppData\Local\Temp\7zS79A1\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-18] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-18] ()
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 21:15 - 2014-04-21 21:15 - 02163712 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64 (2).exe
2014-04-21 21:12 - 2014-04-21 21:12 - 00987448 _____ () C:\Users\Marcus Vogelgsang\Downloads\SecurityCheck.exe
2014-04-21 18:29 - 2014-04-21 18:30 - 02347384 _____ (ESET) C:\Users\Marcus Vogelgsang\Downloads\esetsmartinstaller_enu.exe
2014-04-20 09:33 - 2014-04-20 09:33 - 00046111 _____ () C:\Users\Marcus Vogelgsang\Desktop\FRST.txt
2014-04-20 09:32 - 2014-04-20 09:32 - 02055680 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64 (1).exe
2014-04-20 09:30 - 2014-04-20 09:30 - 00003842 _____ () C:\Users\Marcus Vogelgsang\Desktop\JRT.txt
2014-04-20 09:21 - 2014-04-20 09:21 - 01016261 _____ (Thisisu) C:\Users\Marcus Vogelgsang\Downloads\JRT.exe
2014-04-20 09:21 - 2014-04-20 09:21 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 09:18 - 2014-04-20 09:18 - 00026653 _____ () C:\Users\Marcus Vogelgsang\Desktop\AdwCleaner[S0].txt
2014-04-20 09:15 - 2014-04-20 09:16 - 00000000 ____D () C:\AdwCleaner
2014-04-20 09:15 - 2014-04-20 09:15 - 01308369 _____ () C:\Users\Marcus Vogelgsang\Downloads\adwcleaner.exe
2014-04-20 09:14 - 2014-04-20 09:14 - 00058514 _____ () C:\Users\Marcus Vogelgsang\Desktop\mbam.Xml
2014-04-20 08:52 - 2014-04-20 08:52 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 08:52 - 2014-04-20 08:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 08:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 08:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-20 08:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-20 08:51 - 2014-04-20 08:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcus Vogelgsang\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 15:31 - 2014-04-19 15:31 - 00848856 _____ (Panda Security ) C:\Users\Marcus Vogelgsang\Downloads\USBVaccineSetup (1).exe
2014-04-19 15:31 - 2014-04-19 15:31 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-19 15:31 - 2014-04-19 15:31 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-19 14:56 - 2014-04-19 14:56 - 00029774 _____ () C:\ComboFix.txt
2014-04-19 14:48 - 2014-04-19 14:56 - 00000000 ____D () C:\Qoobox
2014-04-19 14:48 - 2014-04-19 14:55 - 00000000 ____D () C:\Windows\erdnt
2014-04-19 14:48 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-19 14:48 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-19 14:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-19 14:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-19 14:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-19 14:48 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-19 14:48 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-19 14:48 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-19 14:47 - 2014-04-19 14:47 - 05195154 ____R (Swearware) C:\Users\Marcus Vogelgsang\Downloads\ComboFix.exe
2014-04-19 14:43 - 2014-04-19 14:43 - 00848856 _____ (Panda Security ) C:\Users\Marcus Vogelgsang\Downloads\USBVaccineSetup.exe
2014-04-19 14:43 - 2014-04-19 14:43 - 00003042 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-18 22:52 - 2014-04-18 22:52 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\DropboxMaster
2014-04-18 22:51 - 2014-04-18 22:51 - 00315984 _____ (Dropbox, Inc.) C:\Users\Marcus Vogelgsang\Downloads\DropboxInstaller.exe
2014-04-18 22:00 - 2014-04-18 22:00 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\BW-Bank
2014-04-18 18:05 - 2014-04-18 18:05 - 00000043 _____ () C:\Users\Marcus Vogelgsang\AppData\Roaming\WB.CFG
2014-04-18 17:09 - 2014-04-21 21:15 - 00019101 _____ () C:\Users\Marcus Vogelgsang\Downloads\FRST.txt
2014-04-18 17:09 - 2014-04-18 17:10 - 00053124 _____ () C:\Users\Marcus Vogelgsang\Downloads\Addition.txt
2014-04-18 17:08 - 2014-04-21 21:15 - 00000000 ____D () C:\FRST
2014-04-18 17:07 - 2014-04-18 17:08 - 02158592 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64.exe
2014-04-18 17:06 - 2014-04-18 17:07 - 01146880 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST.exe
2014-04-18 17:05 - 2014-04-18 17:05 - 00003378 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-04-18 17:05 - 2014-04-18 17:05 - 00003300 _____ () C:\Windows\System32\Tasks\PriceMeterUpdater
2014-04-18 15:39 - 2014-04-21 21:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 15:39 - 2014-04-18 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 12:47 - 2014-04-18 13:27 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\Peter Orth
2014-04-18 12:40 - 2014-04-21 18:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-18 12:40 - 2014-04-18 12:40 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-18 12:40 - 2014-04-18 12:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\AVAST Software
2014-04-18 12:38 - 2014-04-18 12:38 - 00000000 ____D () C:\Program Files (x86)\Siber Systems
2014-04-18 12:37 - 2014-04-18 12:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-18 12:37 - 2014-04-18 12:37 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-18 12:33 - 2014-03-17 22:35 - 00000426 _____ () C:\AVScanner.ini
2014-04-18 12:31 - 2014-04-18 12:35 - 88551496 _____ (AVAST Software) C:\Users\Marcus Vogelgsang\Downloads\avast_free_antivirus_setup_9.0.2016.exe
2014-04-18 12:31 - 2014-04-18 12:31 - 00002050 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-04-18 12:31 - 2014-04-18 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-18 12:29 - 2014-04-18 12:30 - 21987424 _____ (Mozilla) C:\Users\Marcus Vogelgsang\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-12 09:42 - 2013-12-17 09:50 - 00554306 ___SH () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe
2014-04-11 16:31 - 2014-04-12 09:01 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\BHH2014Unfall
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieUserList
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieSiteList
2014-04-10 17:58 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 17:58 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 17:58 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 17:58 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 17:58 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 17:58 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 17:58 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 17:58 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 17:58 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 17:58 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 17:58 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 17:58 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 17:58 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 17:58 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 17:58 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 17:58 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 17:58 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 17:58 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 17:58 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 17:58 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-10 17:58 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-10 17:58 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-10 17:58 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 17:58 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 17:58 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-10 17:58 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-10 17:58 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-10 17:58 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-10 17:58 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 17:58 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-10 17:58 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-10 17:58 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-10 17:58 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-10 17:58 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 17:58 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-10 17:58 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 17:58 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-10 17:58 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-10 17:58 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 17:58 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-10 17:58 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-10 17:58 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-10 17:58 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 17:58 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 17:58 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 17:58 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-10 17:58 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-10 17:58 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-10 15:05 - 2014-04-21 21:16 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 15:05 - 2014-04-21 21:09 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 15:05 - 2014-04-18 19:21 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 15:05 - 2014-04-10 15:11 - 00004128 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-10 15:05 - 2014-04-10 15:11 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-10 13:08 - 2014-04-10 13:08 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\TB
2014-04-10 12:58 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 12:58 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 12:58 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 12:58 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 12:58 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 12:58 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 12:58 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 12:58 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 12:58 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 12:58 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 12:58 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 12:58 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 12:58 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 12:58 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-04-21 21:16 - 2014-04-10 15:05 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 21:15 - 2014-04-21 21:15 - 02163712 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64 (2).exe
2014-04-21 21:15 - 2014-04-18 17:09 - 00019101 _____ () C:\Users\Marcus Vogelgsang\Downloads\FRST.txt
2014-04-21 21:15 - 2014-04-18 17:08 - 00000000 ____D () C:\FRST
2014-04-21 21:12 - 2014-04-21 21:12 - 00987448 _____ () C:\Users\Marcus Vogelgsang\Downloads\SecurityCheck.exe
2014-04-21 21:09 - 2014-04-18 15:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 21:09 - 2014-04-10 15:05 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 21:09 - 2012-10-17 06:43 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-04-21 21:08 - 2012-02-18 04:20 - 01540263 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 21:08 - 2010-11-21 05:47 - 00427676 _____ () C:\Windows\PFRO.log
2014-04-21 21:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 21:08 - 2009-07-14 06:51 - 00163947 _____ () C:\Windows\setupact.log
2014-04-21 20:25 - 2012-04-06 20:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 18:40 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 18:40 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 18:32 - 2012-02-18 13:13 - 04167074 _____ () C:\Windows\system32\perfh007.dat
2014-04-21 18:32 - 2012-02-18 13:13 - 01260192 _____ () C:\Windows\system32\perfc007.dat
2014-04-21 18:32 - 2009-07-14 07:13 - 01308390 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 18:30 - 2014-04-21 18:29 - 02347384 _____ (ESET) C:\Users\Marcus Vogelgsang\Downloads\esetsmartinstaller_enu.exe
2014-04-21 18:24 - 2014-04-18 12:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-20 09:33 - 2014-04-20 09:33 - 00046111 _____ () C:\Users\Marcus Vogelgsang\Desktop\FRST.txt
2014-04-20 09:32 - 2014-04-20 09:32 - 02055680 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64 (1).exe
2014-04-20 09:31 - 2012-04-06 23:00 - 01307298 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-20 09:30 - 2014-04-20 09:30 - 00003842 _____ () C:\Users\Marcus Vogelgsang\Desktop\JRT.txt
2014-04-20 09:21 - 2014-04-20 09:21 - 01016261 _____ (Thisisu) C:\Users\Marcus Vogelgsang\Downloads\JRT.exe
2014-04-20 09:21 - 2014-04-20 09:21 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 09:18 - 2014-04-20 09:18 - 00026653 _____ () C:\Users\Marcus Vogelgsang\Desktop\AdwCleaner[S0].txt
2014-04-20 09:16 - 2014-04-20 09:15 - 00000000 ____D () C:\AdwCleaner
2014-04-20 09:16 - 2012-03-23 22:44 - 00000000 ____D () C:\Users\Marcus Vogelgsang
2014-04-20 09:15 - 2014-04-20 09:15 - 01308369 _____ () C:\Users\Marcus Vogelgsang\Downloads\adwcleaner.exe
2014-04-20 09:14 - 2014-04-20 09:14 - 00058514 _____ () C:\Users\Marcus Vogelgsang\Desktop\mbam.Xml
2014-04-20 08:52 - 2014-04-20 08:52 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 08:52 - 2014-04-20 08:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 08:52 - 2014-04-20 08:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcus Vogelgsang\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 22:44 - 2013-03-22 23:06 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Desktop\Motorsport
2014-04-19 15:31 - 2014-04-19 15:31 - 00848856 _____ (Panda Security ) C:\Users\Marcus Vogelgsang\Downloads\USBVaccineSetup (1).exe
2014-04-19 15:31 - 2014-04-19 15:31 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-19 15:31 - 2014-04-19 15:31 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-19 14:56 - 2014-04-19 14:56 - 00029774 _____ () C:\ComboFix.txt
2014-04-19 14:56 - 2014-04-19 14:48 - 00000000 ____D () C:\Qoobox
2014-04-19 14:55 - 2014-04-19 14:48 - 00000000 ____D () C:\Windows\erdnt
2014-04-19 14:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-19 14:47 - 2014-04-19 14:47 - 05195154 ____R (Swearware) C:\Users\Marcus Vogelgsang\Downloads\ComboFix.exe
2014-04-19 14:43 - 2014-04-19 14:43 - 00848856 _____ (Panda Security ) C:\Users\Marcus Vogelgsang\Downloads\USBVaccineSetup.exe
2014-04-19 14:43 - 2014-04-19 14:43 - 00003042 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-18 22:55 - 2012-10-13 12:03 - 00000000 ___RD () C:\Users\Marcus Vogelgsang\Dropbox
2014-04-18 22:52 - 2014-04-18 22:52 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\DropboxMaster
2014-04-18 22:52 - 2012-10-13 12:03 - 00001064 _____ () C:\Users\Marcus Vogelgsang\Desktop\Dropbox.lnk
2014-04-18 22:52 - 2012-10-13 12:02 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-18 22:52 - 2012-10-13 12:02 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\Dropbox
2014-04-18 22:51 - 2014-04-18 22:51 - 00315984 _____ (Dropbox, Inc.) C:\Users\Marcus Vogelgsang\Downloads\DropboxInstaller.exe
2014-04-18 22:00 - 2014-04-18 22:00 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\BW-Bank
2014-04-18 19:21 - 2014-04-10 15:05 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-18 19:09 - 2011-10-20 10:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-18 19:01 - 2012-03-23 22:48 - 00000000 ___RD () C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-18 19:00 - 2013-02-07 22:11 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-18 18:05 - 2014-04-18 18:05 - 00000043 _____ () C:\Users\Marcus Vogelgsang\AppData\Roaming\WB.CFG
2014-04-18 17:10 - 2014-04-18 17:09 - 00053124 _____ () C:\Users\Marcus Vogelgsang\Downloads\Addition.txt
2014-04-18 17:08 - 2014-04-18 17:07 - 02158592 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64.exe
2014-04-18 17:07 - 2014-04-18 17:06 - 01146880 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST.exe
2014-04-18 17:05 - 2014-04-18 17:05 - 00003378 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-04-18 17:05 - 2014-04-18 17:05 - 00003300 _____ () C:\Windows\System32\Tasks\PriceMeterUpdater
2014-04-18 15:39 - 2014-04-18 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 14:22 - 2013-08-26 10:01 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\avgchrome
2014-04-18 13:27 - 2014-04-18 12:47 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\Peter Orth
2014-04-18 12:42 - 2013-10-13 18:01 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-18 12:42 - 2013-10-13 17:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-18 12:42 - 2012-11-15 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-18 12:40 - 2014-04-18 12:40 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-18 12:40 - 2014-04-18 12:40 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Roaming\AVAST Software
2014-04-18 12:38 - 2014-04-18 12:38 - 00000000 ____D () C:\Program Files (x86)\Siber Systems
2014-04-18 12:37 - 2014-04-18 12:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-18 12:37 - 2014-04-18 12:37 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-18 12:37 - 2014-04-18 12:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-18 12:36 - 2014-04-18 12:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-18 12:35 - 2014-04-18 12:31 - 88551496 _____ (AVAST Software) C:\Users\Marcus Vogelgsang\Downloads\avast_free_antivirus_setup_9.0.2016.exe
2014-04-18 12:31 - 2014-04-18 12:31 - 00002050 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-04-18 12:31 - 2014-04-18 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-18 12:30 - 2014-04-18 12:29 - 21987424 _____ (Mozilla) C:\Users\Marcus Vogelgsang\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-18 12:19 - 2013-10-02 09:28 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Desktop\DTM
2014-04-18 12:17 - 2013-06-29 20:41 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Desktop\Musik
2014-04-12 14:19 - 2013-01-15 11:30 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\PdfGrabber
2014-04-12 10:19 - 2012-05-19 11:16 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\AD_LUMIX
2014-04-12 10:19 - 2011-01-01 00:00 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\DCIM
2014-04-12 09:01 - 2014-04-11 16:31 - 00000000 ____D () C:\Users\Marcus Vogelgsang\Documents\BHH2014Unfall
2014-04-12 09:01 - 2014-02-26 18:39 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Windows Live
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieUserList
2014-04-11 14:06 - 2014-04-11 14:06 - 00000000 __SHD () C:\Users\Marcus Vogelgsang\AppData\Local\EmieSiteList
2014-04-11 10:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-11 07:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-10 17:59 - 2009-07-14 04:34 - 00000566 _____ () C:\Windows\win.ini
2014-04-10 17:58 - 2013-08-14 22:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 17:58 - 2012-04-08 21:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 17:56 - 2012-04-09 21:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 15:11 - 2014-04-10 15:05 - 00004128 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-10 15:11 - 2014-04-10 15:05 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-10 15:05 - 2012-04-06 22:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-10 15:04 - 2012-04-06 22:17 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Deployment
2014-04-10 15:00 - 2012-04-06 22:18 - 00000000 ____D () C:\Program Files\Google
2014-04-10 14:56 - 2012-04-06 22:18 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\Google
2014-04-10 13:08 - 2014-04-10 13:08 - 00000000 ____D () C:\Users\Marcus Vogelgsang\AppData\Local\TB
2014-04-03 09:51 - 2014-04-20 08:52 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 08:52 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 08:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 16:35

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Also die Verlinkungen auf den Sticks sind immer noch da!!!

schrauber 22.04.2014 13:47
Die Verknüpfungen sind in ner Minute erledigt, erstmal muss die Kiste sauber werden.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [Microsoft] => wscript.exe //B "C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe"
C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Marcus.V 22.04.2014 21:54
Er sagt mir das er die Fixlist.txt nicht findet.

schrauber 23.04.2014 13:58
Zitat:
Running from C:\Users\Marcus Vogelgsang\Downloads
FRST läuft bei dir vom Download Ordner aus, also muss auch die fixlist in den Download Ordner :)

Marcus.V 24.04.2014 07:36
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014
Ran by Marcus Vogelgsang at 2014-04-24 08:33:18 Run:1
Running from C:\Users\Marcus Vogelgsang\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [Microsoft] => wscript.exe //B "C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe"
C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
HKU\S-1-5-21-3727746948-312616605-306874443-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft => Value deleted successfully.
Could not move "C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-24 08:34:43)<=

C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft.vbe => Is moved successfully.

==== End of Fixlog ====

schrauber 24.04.2014 12:52
reboot, frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:23 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19